Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by AntiAdBlocker assistance to remove please


  • Please log in to reply
11 replies to this topic

#1 Falling

Falling

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 23 June 2015 - 11:29 PM

Found the prior thread for another unlucky victim of this annoying program. I have DL'ed Security Check, FSS and Minitoolkit and ran them with the recommended settings. Also ran Rkill too. Attached are the results 

 

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 17.0.0.188 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.130) 
 Google Chrome (GoogleUpdateHelper.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

Farbar Service Scanner Version: 17-01-2015
Ran by Ken (administrator) on 23-06-2015 at 22:13:40
Running from "D:\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
 
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
 
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 

MiniToolBox by Farbar  Version: 22-06-2015
Ran by Ken (administrator) on 23-06-2015 at 22:15:00
Running from "D:\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: K52F Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
 
There are 46 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : OooShiney
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telus
 
Tunnel adapter Local Area Connection 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : BlackBerry Virtual Private Network
   Physical Address. . . . . . . . . : 02-70-8C-EA-05-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd34:6c9:6eef:a86:1614:a129:ab20:f019(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::49c2:45ea:4ba1:8189%20(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.129.137(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 335700144
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-06-FD-FE-BC-AE-C5-A1-B4-84
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-1E-64-4F-26-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-1E-64-4F-26-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 00-1E-64-4F-26-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7066:e:26f8:bb7c%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : June-17-15 5:49:02 PM
   Lease Expires . . . . . . . . . . : June-24-15 10:10:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       75.153.176.9
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : BC-AE-C5-A1-B4-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:400a:806::200e
 216.123.194.93
 216.123.194.113
 216.123.194.108
 216.123.194.114
 216.123.194.98
 216.123.194.89
 216.123.194.103
 216.123.194.94
 216.123.194.88
 216.123.194.119
 216.123.194.109
 216.123.194.104
 216.123.194.84
 216.123.194.118
 216.123.194.99
 216.123.194.123
 
 
Pinging google.com [216.123.194.114] with 32 bytes of data:
Reply from 216.123.194.114: bytes=32 time=7ms TTL=61
Reply from 216.123.194.114: bytes=32 time=8ms TTL=61
 
Ping statistics for 216.123.194.114:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 8ms, Average = 7ms
Server:  UnKnown
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=86ms TTL=53
Reply from 98.138.253.109: bytes=32 time=85ms TTL=53
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 85ms, Maximum = 86ms, Average = 85ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...02 70 8c ea 05 01 ......BlackBerry Virtual Private Network
 13...00 1e 64 4f 26 11 ......Microsoft Virtual WiFi Miniport Adapter #2
 12...00 1e 64 4f 26 11 ......Microsoft Virtual WiFi Miniport Adapter
 11...00 1e 64 4f 26 10 ......Intel® WiFi Link 1000 BGN
 10...bc ae c5 a1 b4 84 ......JMicron PCI Express Gigabit Ethernet Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.129.137    261
  169.254.129.137  255.255.255.255         On-link   169.254.129.137    261
  169.254.255.255  255.255.255.255         On-link   169.254.129.137    261
      192.168.1.0    255.255.255.0         On-link      192.168.1.67    281
     192.168.1.67  255.255.255.255         On-link      192.168.1.67    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.67    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.67    281
        224.0.0.0        240.0.0.0         On-link   169.254.129.137    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.67    281
  255.255.255.255  255.255.255.255         On-link   169.254.129.137   9999
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 20    261 fd00::/8                 On-link
 20    261 fd34:6c9:6eef:a86:1614:a129:ab20:f019/128
                                    On-link
 11    281 fe80::/64                On-link
 20    261 fe80::/64                On-link
 20    261 fe80::49c2:45ea:4ba1:8189/128
                                    On-link
 11    281 fe80::7066:e:26f8:bb7c/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
 20    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/22/2015 10:52:31 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (06/21/2015 10:50:35 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (06/21/2015 01:56:15 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (06/21/2015 00:00:08 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (06/20/2015 10:48:47 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS) (User: )
Description: 528: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS) (User: )
Description: 488: DNSServiceGetAddrInfo      v4v6 KenZ30.local.
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS) (User: )
Description: 488: Could not write data to client because of error - aborting connection
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS) (User: )
Description: send_msg ERROR: failed to write 80 of 80 bytes to fd 488 errno 10053 (An established connection was aborted by the software in your host machine.)
 
 
System errors:
=============
Error: (06/23/2015 09:32:03 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GOCRAZYNOTEBOOK
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/22/2015 04:05:30 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GOCRAZYNOTEBOOK
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/21/2015 03:15:58 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GOCRAZYNOTEBOOK
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/20/2015 11:10:47 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (06/19/2015 05:45:23 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer THEDOCTOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/19/2015 08:33:29 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer THEDOCTOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/18/2015 07:43:15 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer THEDOCTOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/17/2015 10:52:37 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer THEDOCTOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/17/2015 02:47:41 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer THEDOCTOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F2D92A23-1F23-4E76-A018-4CFEE956DABD}.
The master browser is stopping or an election is being forced.
 
Error: (06/15/2015 09:37:53 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (06/22/2015 10:52:31 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (06/21/2015 10:50:35 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (06/21/2015 01:56:15 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (06/21/2015 00:00:08 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (06/20/2015 10:48:47 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS)(User: )
Description: 528: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS)(User: )
Description: 488: DNSServiceGetAddrInfo      v4v6 KenZ30.local.
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS)(User: )
Description: 488: Could not write data to client because of error - aborting connection
 
Error: (06/20/2015 05:10:07 PM) (Source: RIM MDNS)(User: )
Description: send_msg ERROR: failed to write 80 of 80 bytes to fd 488 errno 10053 (An established connection was aborted by the software in your host machine.)
 
 
=========================== Installed Programs ============================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO Remote Server 3.4.2 (HKCU\...\AIO Remote Server 3.4.2) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle For PC v1.0 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0004 - ASUS)
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlackBerry 10 Desktop Software (HKLM-x32\...\{ddaa6aab-c1ec-45ea-a8f2-a95d10f57295}) (Version: 1.1.0.21 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.17 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}) (Version: 7.1.0.89 - Research In Motion Ltd)
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.27 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
BlackBerry World Browser Plugin (HKLM-x32\...\{FDF106F5-6329-405A-8627-D9C5F113CD51}) (Version: 10.2.168.18 - Research In Motion Limited)
BOINC (HKLM\...\{D0183F8F-46BB-409F-9CD7-FB43F1A4279B}) (Version: 7.2.42 - Space Sciences Laboratory, U.C. Berkeley)
Caesium version 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa)
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - Canon Inc.)
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.6 - ASUS)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPSBabel 1.5.1 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MergeModule_x64 (HKLM\...\{20E0665F-E4EE-4E2A-8E86-EFC65129FE41}) (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Sentinel Protection Installer 7.6.1 (HKLM-x32\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.16 - ASUS)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
========================= Devices: ================================
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\SYN0A06\4&24FBDFD&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 69%
Total physical RAM: 3884.37 MB
Available physical RAM: 1190.8 MB
Total Pagefile: 7766.95 MB
Available Pagefile: 3282.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.7 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:28 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:329.79 GB) (Free:111.13 GB) NTFS
3 Drive e: (CD) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\OOOSHINEY
 
Administrator            Guest                    Ken                      
 
========================= Restore Points ==================================
 
22-06-2015 01:00:18 Windows Backup
 
**** End of log ****
 
 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/23/2015 09:25:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\{9a1428fc-cd33-7c20-9a14-428fccd3a3f3}\Blackbird for PC.exe (PID: 5496) [AU-HEUR]
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 6128) [WD-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * WinDefend [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 192.150.14.69
  127.0.0.1 192.150.18.101
  127.0.0.1 192.150.18.108
  127.0.0.1 192.150.22.40
  127.0.0.1 192.150.8.100
  127.0.0.1 192.150.8.118
  127.0.0.1 209-34-83-73.ood.opsource.net
  127.0.0.1 3dns-1.adobe.com
  127.0.0.1 3dns-2.adobe.com
  127.0.0.1 3dns-2.adobe.com
  127.0.0.1 3dns-3.adobe.com
  127.0.0.1 3dns-3.adobe.com
  127.0.0.1 3dns-4.adobe.com
  127.0.0.1 3dns.adobe.com
  127.0.0.1 activate-sea.adobe.com
  127.0.0.1 activate-sea.adobe.com
  127.0.0.1 activate-sjc0.adobe.com
  127.0.0.1 activate-sjc0.adobe.com
  127.0.0.1 activate.adobe.com
  127.0.0.1 activate.adobe.com
 
  20 out of 66 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 06/23/2015 09:31:30 PM
Execution time: 0 hours(s), 5 minute(s), and 51 seconds(s)

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 24 June 2015 - 11:08 AM

Hello Falling... looks like some malware damage..What other tools were run so far?

zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 24 June 2015 - 11:11 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 24 June 2015 - 10:36 PM

Thanks for the reply Boopme, I ran Malwarebytes last night this is the log of the scan

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/06/2015
Scan Time: 5:18:18 PM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.06.24.05
Rootkit Database: v2015.06.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ken
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394435
Time Elapsed: 31 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
And this is the adwcleaner file
 
# AdwCleaner v4.207 - Logfile created 24/06/2015 at 21:26:28
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ken - OOOSHINEY
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.winerackbraflask.com_0.localstorage
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.winerackbraflask.com_0.localstorage-journal
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
File Found : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\kyx2rc3u.default-1370792810120\user.js
File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\ProgramData\{165137ba-c42e-ff79-1651-137bac42deeb}
Folder Found : C:\ProgramData\{9a1428fc-cd33-7c20-9a14-428fccd3a3f3}
Folder Found : C:\ProgramData\{9bd22940-feca-a1c6-9bd2-22940feca503}
Folder Found : C:\Users\Ken\AppData\Local\PackageAware
Folder Found : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\kyx2rc3u.default-1370792810120\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\9841b037-1e33-9e26-e5e6-dea7ed129d38
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Found : HKLM\SOFTWARE\Classes\P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.P4c7a27bb_475e_49b8_b340_b6ddf44344b5_
Key Found : HKLM\SOFTWARE\Classes\P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.9
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.19olUYTHxj8imRID.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.9DedTWQFNd5mOpGH.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.DzYHwHVwJu8auBmy.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.FZJpqwrGQTodMJcf.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.Hcr1RAwdQqsUHPfb.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_meta.value", "%7B%22md5.js%22%3A%7B%22id%22%3A1047682%2C%22ver%22%3A54%2C%22s[...]
[kyx2rc3u.default-1370792810120] - Line Found : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_resource_1047685.value", "%22%3C%21DOCTYPE%20html%3E%5Cn%3Chtml%3E%5Cn%3Chead[...]
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [5037 bytes] - [24/06/2015 21:26:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5096 bytes] ##########


#4 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 24 June 2015 - 10:47 PM

Oy rebooted after letting ADWclean delete the identifid files an now have ads by DeleteAd..... Stupid spam programs

 

# AdwCleaner v4.207 - Logfile created 24/06/2015 at 21:38:47
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ken - OOOSHINEY
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\{165137ba-c42e-ff79-1651-137bac42deeb}
Folder Deleted : C:\ProgramData\{9a1428fc-cd33-7c20-9a14-428fccd3a3f3}
Folder Deleted : C:\ProgramData\{9bd22940-feca-a1c6-9bd2-22940feca503}
Folder Deleted : C:\Users\Ken\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\kyx2rc3u.default-1370792810120\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\kyx2rc3u.default-1370792810120\user.js
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.winerackbraflask.com_0.localstorage
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.winerackbraflask.com_0.localstorage-journal
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.P4c7a27bb_475e_49b8_b340_b6ddf44344b5_
Key Deleted : HKLM\SOFTWARE\Classes\P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.P4c7a27bb_475e_49b8_b340_b6ddf44344b5_.9
Key Deleted : HKLM\SOFTWARE\9841b037-1e33-9e26-e5e6-dea7ed129d38
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c7a27bb-475e-49b8-b340-b6ddf44344b5}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.19olUYTHxj8imRID.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.9DedTWQFNd5mOpGH.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.DzYHwHVwJu8auBmy.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.FZJpqwrGQTodMJcf.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.Hcr1RAwdQqsUHPfb.scode", "(function(){try{if(window.location.href.indexOf(\"qHk5pjs4rHYHpjrHrjkFrHU5rn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_meta.value", "%7B%22md5.js%22%3A%7B%22id%22%3A1047682%2C%22ver%22%3A54%2C%22s[...]
[kyx2rc3u.default-1370792810120\prefs.js] - Line Deleted : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_resource_1047685.value", "%22%3C%21DOCTYPE%20html%3E%5Cn%3Chtml%3E%5Cn%3Chead[...]
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [5183 bytes] - [24/06/2015 21:26:29]
AdwCleaner[S0].txt - [5229 bytes] - [24/06/2015 21:38:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5288  bytes] ##########


#5 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 24 June 2015 - 11:11 PM

JRT File

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.3 (06.24.2015:3)
OS: Windows 7 Home Premium x64
Ran by Ken on 24/06/2015 at 21:49:49.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F9D69CCF0F6531CD4B2E55DA4F1322CC
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js
Successfully deleted: [File] C:\Users\Ken\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_www.saveur.com_0.localstorage
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxp_www.saveur.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Ken\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\13308853873474957316
 
 
 
~~~ FireFox
 
 
 
 
~~~ Chrome
 
 
[C:\Users\Ken\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Ken\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Ken\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Ken\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/06/2015 at 21:58:02.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 25 June 2015 - 07:07 AM

ESETlog and Ad by DeleteAd still popping up

 

 

C:\AdwCleaner\Quarantine\C\ProgramData\{165137ba-c42e-ff79-1651-137bac42deeb}\Blackbird for PC.exe.vir a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{9a1428fc-cd33-7c20-9a14-428fccd3a3f3}\Blackbird for PC.exe.vir a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{9bd22940-feca-a1c6-9bd2-22940feca503}\Blackbird for PC.exe.vir a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/Amonetize.EE potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\38aEa85.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\5736105316740049491.exe a variant of Win32/Adware.MultiPlug.LI application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\7c91.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\ce4De0fa0.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\07FAe851211A1\temp\Blackbird for PC.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\76Ec1B1511B\temp\Blackbird for PC.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\Ken\AppData\Local\Temp\aF0EAaF\temp\Blackbird for PC.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-772648483-1407632795-1672726548-1000\$R5682FU.exe a variant of Win32/Amonetize.EE potentially unwanted application cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-772648483-1407632795-1672726548-1000\$R754885.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-772648483-1407632795-1672726548-1000\$RMQDS5G.exe a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting - quarantined
D:\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\Downloads\Core-Temp-setup.exe a variant of Win32/Complitly.A potentially unwanted application deleted - quarantined
D:\Downloads\coretemp_d7632790.exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting - quarantined
D:\Downloads\maTDgMPu140 (1).rar a variant of Win32/Packed.NoobyProtect.B suspicious application deleted - quarantined


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 25 June 2015 - 10:24 AM

Ok ... reset both browsers  to default.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 25 June 2015 - 07:50 PM

Ok so far all looks clean, At least the ad by whoever has not started up after a few different pages opened to see if it is still there. Any thing needed to confirm clean?



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 26 June 2015 - 11:06 AM

No.. should be OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Falling

Falling
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 26 June 2015 - 08:17 PM

Thanks for your help. 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 26 June 2015 - 09:13 PM

You're welcome from us all!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 malynensi

malynensi

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 August 2015 - 09:51 AM

You'd better try using a different vpn. Maybe it could help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users