Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot download anything with MS IE with normal user profile


  • Please log in to reply
29 replies to this topic

#1 semitek123

semitek123

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 11:56 AM

Dear Masters of Malware removal, 

 

It appears that my work computer is infected, but it impacts my "standard user profile only".

 

I don't surf any "illegal" website - duh it's my work laptop. I have a suspicion that my 13 year old avid gamer son has in fact infected our wireless router, so I pre-emptively reset it back to default settings and changed the passwords

 

So, for my laptop issues, I'm using my normal user profile in Win 7, but I cannot download anything using Internet Explorer.

 

If I login under an admin user profile, I can download things normally in Internet Explorer, which indicates to me that my "normal user profile" is infected.

 

My AVS is MS System Center Endpoint Detection (which honestly has been pretty worthless in the past).

 

I've tried all the usual rootkit and malware removal SW available on this website with no success, so now I'm calling in the experts (you guys).

 

Thanks,

Semitek123



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 03 July 2015 - 01:27 PM

Is that the only issue you are having?? What tools have you ran so far? Use a different browser to download the tools below....

 

Step 1: Reset IE back to default.

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

 


 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

https://www.zemana.com/AntiMalware

Download the fully functional 15 day trial.

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by InadequateInfirmity, 03 July 2015 - 01:29 PM.


#3 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 03:30 PM

Thanks for replying to my issues so quickly!

 

I have tried previously Malwarebytes, Adware, JRT, Combofix, Emsisoft, ESET online, Kaspersky, TDSSkiller, RKill, and etc.

 

I tried to install Bitdefender also, but it would not make it past the install phase.

 

In regards to your requests....

 

1. I looked at Zemana logs when it finished after 2 hours - no issues were found/noted. Something happened during the running of JRT, that crashed Zemana and MS Endpoint protection - I was not able to get the Zemana log after that and did not want to run it again for 2 hours.

 

2. JRT (nothing found)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.7 (07.02.2015:2)
OS: Windows 7 Enterprise x86
Ran by semitek123-admin on Fri 07/03/2015 at 15:18:51.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/03/2015 at 15:20:03.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

3. Adware (one item noted that I'm already aware of since this is a work computer)

 

# AdwCleaner v4.207 - Logfile created 03/07/2015 at 14:53:25
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : semitek-admin - ASMAPLN1032
# Running from : C:\Users\semitek123\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [620 bytes] - [03/07/2015 14:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [678 bytes] ##########

 

# AdwCleaner v4.207 - Logfile created 03/07/2015 at 14:54:25
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : semitek123 - ASMAPLN1032
# Running from : C:\Users\semitek123\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

*************************

AdwCleaner[R0].txt - [756 bytes] - [03/07/2015 14:53:25]
AdwCleaner[R1].txt - [736 bytes] - [03/07/2015 14:54:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [794 bytes] ##########

 

# AdwCleaner v4.207 - Logfile created 03/07/2015 at 14:56:06
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : semitek123 - ASMAPLN1032
# Running from : C:\Users\semitek123\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

*************************

AdwCleaner[R0].txt - [756 bytes] - [03/07/2015 14:53:25]
AdwCleaner[R1].txt - [872 bytes] - [03/07/2015 14:54:25]
AdwCleaner[S0].txt - [707 bytes] - [03/07/2015 14:56:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [765  bytes] ##########



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 03 July 2015 - 03:37 PM

Are you able to download now after reset of browser?

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



#5 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 03:41 PM

No change from resetting MS IE - I still can't download anything. I'll get to work on your next requests.....TY



#6 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 05:32 PM

Me again - more logs to follow....

 

1. MWAV logs

 

03 Jul 2015 15:58:43 [1d4c] - **********************************************************
03 Jul 2015 15:58:43 [1d4c] - MWAV - eScanAV AntiVirus Toolkit.
03 Jul 2015 15:58:43 [1d4c] - Copyright © MicroWorld Technologies
03 Jul 2015 15:58:43 [1d4c] - **********************************************************
03 Jul 2015 15:58:43 [1d4c] - Source: C:\Users\semitek123\Downloads\mwav.exe
03 Jul 2015 15:58:43 [1d4c] - Version 14.0.178 (C:\USERS\semitek123-ADMIN\APPDATA\LOCAL\TEMP\MEXE.COM)
03 Jul 2015 15:58:43 [1d4c] - Log File: C:\Users\semitek123-admin\AppData\Local\temp\MWAV.LOG
03 Jul 2015 15:58:43 [1d4c] - MWAV Registered: TRUE
03 Jul 2015 15:58:43 [1d4c] - User Account: semitek123-admin (Administrator Mode)
03 Jul 2015 15:58:43 [1d4c] - OS Type: Windows Workstation [InstallType: Client]
03 Jul 2015 15:58:43 [1d4c] - OS: Windows 7 [OS Install Date: 14 Mar 2012 17:35:40]
03 Jul 2015 15:58:43 [1d4c] - Ver: Professional Service Pack 1 (Build 7601)
03 Jul 2015 15:58:43 [1d4c] - System Up Time: 16 Minutes, 14 Seconds

03 Jul 2015 15:58:43 [1d4c] - Parent Process Name : C:\Users\semitek123\Downloads\mwav.exe
03 Jul 2015 15:58:43 [1d4c] - Windows Root  Folder: C:\windows
03 Jul 2015 15:58:43 [1d4c] - Windows Sys32 Folder: C:\windows\system32
03 Jul 2015 15:58:43 [1d4c] - DHCP NameServer: 192.168.1.1
03 Jul 2015 15:58:43 [1d4c] - Interface0 DHCPNameServer: 192.168.1.1
03 Jul 2015 15:58:43 [1d4c] - Interface1 DHCPNameServer: 172.16.40.9 172.16.30.3 211.19.24.136 211.19.24.137
03 Jul 2015 15:58:43 [1d4c] - Local Fixed Drives: c:\
03 Jul 2015 15:58:43 [1d4c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
03 Jul 2015 15:58:43 [1d4c] - [CREATED ZIP FILE: C:\Users\semitek123-admin\AppData\Local\temp\pinfect.zip]
03 Jul 2015 15:58:43 [1d4c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
03 Jul 2015 15:58:45 [1d4c] - ** Changed Value of "HKEY_CLASSES_ROOT\.scr" from "DWGTrueViewScriptFile" to "scrfile"
03 Jul 2015 15:58:45 [1d4c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\semitek123-admin\AppData\Local\temp\ESCANDB.LOG]
03 Jul 2015 15:58:47 [1d4c] - Loaded/Created FileScan Cache Database...
03 Jul 2015 15:58:47 [1d4c] - Loading AV Library [DB]...
03 Jul 2015 15:59:26 [1d4c] - ArchiveScan: DISABLED
03 Jul 2015 15:59:27 [1d4c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
03 Jul 2015 15:59:27 [1d4c] - MWAV doing self scanning...
03 Jul 2015 15:59:27 [1d4c] - MWAV files are clean.
03 Jul 2015 15:59:31 [1d4c] - ArchiveScan: DISABLED
03 Jul 2015 15:59:31 [1d4c] - Virus Database Date: 02 Mar 2015
03 Jul 2015 15:59:31 [1d4c] - Virus Database Count: 6701505
03 Jul 2015 15:59:31 [1d4c] - Sign Version: 7.59505 [518257]
 
03 Jul 2015 16:00:15 [1d4c] - **********************************************************
03 Jul 2015 16:00:15 [1d4c] - MWAV - eScanAV AntiVirus Toolkit.
03 Jul 2015 16:00:15 [1d4c] - Copyright © MicroWorld Technologies
03 Jul 2015 16:00:15 [1d4c] -
03 Jul 2015 16:00:15 [1d4c] - Support: support@escanav.com
03 Jul 2015 16:00:15 [1d4c] - Web: http://www.escanav.com
03 Jul 2015 16:00:15 [1d4c] - **********************************************************
03 Jul 2015 16:00:15 [1d4c] - Version 14.0.178[DB] (C:\USERS\semitek123-ADMIN\APPDATA\LOCAL\TEMP\MEXE.COM)
03 Jul 2015 16:00:15 [1d4c] - Log File: C:\Users\semitek123-admin\AppData\Local\temp\MWAV.LOG
03 Jul 2015 16:00:15 [1d4c] - User Account: semitek123-admin (Administrator Mode)
03 Jul 2015 16:00:15 [1d4c] - Parent Process Name : C:\Users\semitek123\Downloads\mwav.exe
03 Jul 2015 16:00:15 [1d4c] - Windows Root  Folder: C:\windows
03 Jul 2015 16:00:15 [1d4c] - Windows Sys32 Folder: C:\windows\system32
03 Jul 2015 16:00:15 [1d4c] - OS: Windows 7 [OS Install Date: 14 Mar 2012 17:35:40]
03 Jul 2015 16:00:15 [1d4c] - Ver: Professional Service Pack 1 (Build 7601)
03 Jul 2015 16:00:15 [1d4c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
03 Jul 2015 16:00:15 [051c] - Options Selected by User:
03 Jul 2015 16:00:15 [051c] - Memory Check: Enabled
03 Jul 2015 16:00:15 [051c] - Registry Check: Enabled
03 Jul 2015 16:00:15 [051c] - StartUp Folder Check: Enabled
03 Jul 2015 16:00:15 [051c] - System Folder Check: Enabled
03 Jul 2015 16:00:15 [051c] - Services Check: Enabled
03 Jul 2015 16:00:15 [051c] - Scan Spyware: Enabled
03 Jul 2015 16:00:15 [051c] - Scan Archives: Disabled
03 Jul 2015 16:00:15 [051c] - Drive Check: Enabled
03 Jul 2015 16:00:15 [051c] - All Drive Check :Disabled
03 Jul 2015 16:00:15 [051c] - Drive Selected = C:\
03 Jul 2015 16:00:15 [051c] - Folder Check: Disabled
03 Jul 2015 16:00:15 [051c] - SCAN: All_Files [ANSI]
03 Jul 2015 16:00:15 [051c] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
03 Jul 2015 16:00:15 [051c] - Scanning DNS Records...
03 Jul 2015 16:00:15 [051c] - Scanning Master Boot Record (Kernel)...
03 Jul 2015 16:00:15 [051c] - ReadMBR Kernel Fails! Unable to load the driver...
03 Jul 2015 16:00:15 [051c] - Scanning Master Boot Record (User)...
03 Jul 2015 16:00:15 [051c] - Scanning Logical Boot Records...
03 Jul 2015 16:00:16 [051c] - ***** Scanning For Hidden Rootkit Processes *****
03 Jul 2015 16:00:16 [051c] - ***** Scanning For Hidden Rootkit Services *****
 
03 Jul 2015 16:00:23 [051c] - ***** Scanning Memory Files *****
 
03 Jul 2015 16:00:41 [051c] - ***** Scanning Registry Files *****
 
03 Jul 2015 16:00:43 [051c] - ***** Scanning StartUp Folders *****
03 Jul 2015 16:00:57 [0ac8] - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin not Scanned. Possibly password protected...
 
03 Jul 2015 16:01:02 [051c] - ***** Scanning Service Files *****
03 Jul 2015 16:01:02 [051c] - Scanning File C:\windows\system32\drivers\1394ohci.sys
03 Jul 2015 16:01:02 [051c] - ERROR(2)!!! ScanFile Fails for C:\windows\system32\drivers\1394ohci.sys...
03 Jul 2015 16:01:44 [051c] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\TrkWks].
03 Jul 2015 16:01:55 [051c] - ERROR(2)!!! Invalid Entry \??\C:\windows\System32\drivers\zam32.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\ZAM.
03 Jul 2015 16:01:55 [051c] - ERROR(2)!!! Invalid Entry "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\ZAMSvc.
03 Jul 2015 16:01:55 [051c] - ERROR(2)!!! Invalid Entry \??\C:\windows\System32\drivers\zamguard32.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\ZAM_Guard.
 
03 Jul 2015 16:01:55 [051c] - ***** Scanning Registry and File system for Adware/Spyware *****
03 Jul 2015 16:01:55 [051c] - Loading Spyware Signatures from new External Database [Name: C:\Users\KRETZS~2\AppData\Local\temp\spydb.avs, Size: 464717]...
03 Jul 2015 16:01:55 [051c] - Indexed Spyware Databases Successfully Created...
 
03 Jul 2015 16:01:57 [051c] - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
03 Jul 2015 16:01:57 [051c] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
03 Jul 2015 16:01:57 [051c] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

03 Jul 2015 16:01:57 [051c] - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
03 Jul 2015 16:01:57 [051c] - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
03 Jul 2015 16:01:57 [051c] - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

 
03 Jul 2015 16:01:57 [051c] - ***** Scanning Registry Files *****
03 Jul 2015 16:01:57 [051c] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://phx.asm.com
03 Jul 2015 16:01:57 [051c] - ** Deleted Value of "NoBandCustomize" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
03 Jul 2015 16:01:58 [051c] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = www.google.com
03 Jul 2015 16:01:58 [051c] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
 
03 Jul 2015 16:01:58 [051c] - ***** Scanning System32 Folders *****
03 Jul 2015 16:02:24 [1264] - ScanFile (C:\windows\system32\mstscax.dll) took 6099 ms
 
 
03 Jul 2015 16:02:42 [051c] - ***** Scanning Drive C:\ *****
03 Jul 2015 16:03:01 [1c2c] - C:\DRV\E6x20\Comm\R292267\systemid.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:03 [1264] - C:\DRV\E6x20\Comm\R292297\systemid.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:04 [04dc] - C:\DRV\E6x20\Comm\R305934\systemid.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:04 [1b6c] - C:\DRV\E6x20\Comm\R305937\systemid.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:05 [04dc] - C:\DRV\E6x20\Comm\R310407\SystemId.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:05 [04dc] - C:\DRV\E6x20\Comm\R310408\SystemId.zip not Scanned. Possibly password protected...
03 Jul 2015 16:03:40 [1050] - ScanFile (C:\DRV\E6x20\Video\R297567\Packages\Drivers\Display\W76A_INF\B113050\atioglxx.dl_) took 7052 ms
03 Jul 2015 16:03:41 [04dc] - ScanFile (C:\DRV\E6x20\Video\R297567\Packages\Drivers\Display\W7_INF\B113050\atioglxx.dl_) took 6864 ms
03 Jul 2015 16:03:54 [1264] - ScanFile (C:\DRV\E6x20\Video\R316830\Packages\Drivers\Display\W76A_INF\B125925\atioglxx.dl_) took 6147 ms
03 Jul 2015 16:03:56 [1b6c] - ScanFile (C:\DRV\E6x20\Video\R316830\Packages\Drivers\Display\W7_INF\B125925\atioglxx.dl_) took 6256 ms
03 Jul 2015 16:04:36 [03e8] - ScanFile (C:\Program Files\Adobe\Acrobat 10.0\Acrobat\plug_ins\Preflight\PreflightLib.dll) took 11310 ms
03 Jul 2015 16:04:48 [04dc] - C:\Program Files\Autodesk\DWG TrueView 2012\pdfnet.res not Scanned. Possibly password protected...
03 Jul 2015 16:04:51 [1c2c] - C:\Program Files\Autonomy\Connected BackupPC\Candidates.db not Scanned. Possibly password protected...
03 Jul 2015 16:06:43 [1b6c] - ScanFile (C:\Program Files\Intel\Intel Control Center\IntelControlCenter.exe) took 5397 ms
03 Jul 2015 16:06:50 [03e8] - ScanFile (C:\Program Files\Iomega\Iomega Encryption\IOU\32bit\dotnetfx20.exe) took 8861 ms
03 Jul 2015 16:13:19 [0ac8] - ScanFile (C:\Project_1.61a2_0886700\Tools\UserConfigEditor\FileUtil.dll) took 5710 ms
03 Jul 2015 16:17:45 [0ac8] - C:\System Volume Information\FVE2.{24e6f0ae-6a00-4f73-984b-75ce9942852d} not Scanned. Possibly password protected...
03 Jul 2015 16:17:45 [1b6c] - C:\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.3 not Scanned. Possibly password protected...
03 Jul 2015 16:17:45 [1c2c] - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
03 Jul 2015 16:17:45 [03e8] - C:\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.2 not Scanned. Possibly password protected...
03 Jul 2015 16:17:45 [0c38] - C:\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1 not Scanned. Possibly password protected...
03 Jul 2015 16:17:45 [1b6c] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1c2c] - Scanning File C:\System Volume Information\{225758af-1b8d-11e5-893e-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [0ac8] - Scanning File C:\System Volume Information\{90612112-1e18-11e5-9ea8-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1050] - Scanning File C:\System Volume Information\{9061217c-1e18-11e5-9ea8-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [0c38] - Scanning File C:\System Volume Information\{1301c8f9-20f0-11e5-bb59-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [03e8] - Scanning File C:\System Volume Information\{225758a7-1b8d-11e5-893e-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1050] - Scanning File C:\System Volume Information\{9acbbc96-1813-11e5-a66c-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [0ac8] - Scanning File C:\System Volume Information\{9acbbc55-1813-11e5-a66c-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [03e8] - Scanning File C:\System Volume Information\{d98a7a7a-2071-11e5-8926-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1264] - Scanning File C:\System Volume Information\{90612180-1e18-11e5-9ea8-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [0c38] - Scanning File C:\System Volume Information\{ab1c0722-2124-11e5-8a68-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [04dc] - Scanning File C:\System Volume Information\{90612178-1e18-11e5-9ea8-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1c2c] - Scanning File C:\System Volume Information\{90612184-1e18-11e5-9ea8-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:17:45 [1b6c] - Scanning File C:\System Volume Information\{9114ad6f-218e-11e5-83fd-9cb70d00c590}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jul 2015 16:18:09 [03e8] - ScanFile (C:\Users\Default\AppData\LocalLow\Sun\Java\jre1.6.0_29\gtapi.dll) took 5990 ms
03 Jul 2015 16:18:09 [0ac8] - ScanFile (C:\Users\connolly\AppData\LocalLow\Sun\Java\jre1.6.0_29\gtapi.dll) took 12308 ms
03 Jul 2015 16:18:09 [0c38] - ScanFile (C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.6.0_29\gtapi.dll) took 19609 ms
03 Jul 2015 16:18:19 [1264] - C:\Users\semitek123\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{296C670E-21C6-11E5-93E5-9CB70D00C590}.dat not Scanned. Possibly password protected...
03 Jul 2015 16:18:19 [0ac8] - C:\Users\semitek123\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11863AD5-21C6-11E5-93E5-9CB70D00C590}.dat not Scanned. Possibly password protected...
03 Jul 2015 16:18:24 [1b6c] - C:\Users\semitek123\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat not Scanned. Possibly password protected...
03 Jul 2015 16:18:24 [0ac8] - C:\Users\semitek123\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp not Scanned. Possibly password protected...
03 Jul 2015 16:18:53 [1050] - ScanFile (C:\Users\semitek123\Desktop\CPA_V30\supportfiles\customResource0009.dll) took 6100 ms
03 Jul 2015 16:18:53 [0ac8] - ScanFile (C:\Users\semitek123\Desktop\CPA_V30\supportfiles\WindowsInstaller-KB893803-v2-x86.exe) took 5850 ms
03 Jul 2015 16:18:55 [1c2c] - ScanFile (C:\Users\semitek123\Desktop\CPA_V30\supportfiles\merged.cab) took 7691 ms
03 Jul 2015 16:19:01 [1264] - Scanning File C:\Users\semitek123\Desktop\Desktop\WeiferMap3.5.9.exe.txt.zip
03 Jul 2015 16:19:04 [1264] - File C:\Users\semitek123\Desktop\Desktop\WeiferMap3.5.9.exe.txt.zip infected by "Gen:Variant.Jaik.2284[ZP] (DB)" Virus! Action Taken: File Renamed.

03 Jul 2015 16:19:16 [03e8] - ScanFile (C:\Users\semitek123\Desktop\JMP11Trial\Extra\jre-7u21-windows-i586.exe) took 12932 ms
03 Jul 2015 16:19:16 [03e8] - Scanning File C:\Users\semitek123\Desktop\Toshiba meeting\ToshibaEntranceForm(ver1.0)rev2_AK.xlsx
03 Jul 2015 16:19:18 [04dc] - Scanning File C:\Users\semitek123\Desktop\WeiferMap3.5.9.exe
03 Jul 2015 16:19:19 [04dc] - File C:\Users\semitek123\Desktop\WeiferMap3.5.9.exe infected by "Gen:Variant.Jaik.2284 (DB)" Virus! Action Taken: File Renamed.

03 Jul 2015 16:19:26 [04dc] - Scanning File C:\Users\semitek123\Documents\Desktop\WeiferMap3.5.9.exe.txt.zip
03 Jul 2015 16:19:26 [0c38] - Scanning File C:\Users\semitek123\Documents\Desktop\WeiferMap3.5.9.exe.txt\WeiferMap3.5.9.exe
03 Jul 2015 16:19:26 [04dc] - File C:\Users\semitek123\Documents\Desktop\WeiferMap3.5.9.exe.txt.zip infected by "Gen:Variant.Jaik.2284[ZP] (DB)" Virus! Action Taken: File Renamed.

03 Jul 2015 16:19:26 [0c38] - File C:\Users\semitek123\Documents\Desktop\WeiferMap3.5.9.exe.txt\WeiferMap3.5.9.exe infected by "Gen:Variant.Jaik.2284 (DB)" Virus! Action Taken: File Renamed.

03 Jul 2015 16:28:49 [1264] - ScanFile (C:\Users\semitek123\Downloads\mwav.exe) took 10406 ms
03 Jul 2015 16:28:51 [04dc] - ScanFile (C:\Users\semitek123\Downloads\SecurityCheck.exe) took 11388 ms
03 Jul 2015 16:33:03 [0ac8] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PreflightLib.dll) took 5117 ms
03 Jul 2015 16:33:18 [1050] - ScanFile (C:\Windows\Installer\1035637.msi) took 5569 ms
03 Jul 2015 16:33:19 [04dc] - ScanFile (C:\Windows\Installer\108a97.msp) took 7161 ms
03 Jul 2015 16:33:26 [0c38] - ScanFile (C:\Windows\Installer\16f176.msp) took 7800 ms
03 Jul 2015 16:33:29 [1c2c] - ScanFile (C:\Windows\Installer\1b8efd9.msp) took 10343 ms
03 Jul 2015 16:33:36 [1264] - ScanFile (C:\Windows\Installer\1e6d6e.msp) took 6552 ms
03 Jul 2015 16:33:38 [03e8] - ScanFile (C:\Windows\Installer\3dabcc4d.msp) took 5226 ms
03 Jul 2015 16:33:40 [04dc] - ScanFile (C:\Windows\Installer\1de36202.msp) took 16645 ms
03 Jul 2015 16:33:42 [1264] - ScanFile (C:\Windows\Installer\44c4eb5.msp) took 5133 ms
03 Jul 2015 16:33:43 [03e8] - ScanFile (C:\Windows\Installer\4ff5f.msp) took 5226 ms
03 Jul 2015 16:33:45 [1c2c] - ScanFile (C:\Windows\Installer\44c4e9f.msp) took 7659 ms
03 Jul 2015 16:33:46 [04dc] - ScanFile (C:\Windows\Installer\5006a.msp) took 5632 ms
03 Jul 2015 16:34:48 [1050] - ScanFile (C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll) took 8486 ms
03 Jul 2015 16:35:18 [0ac8] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
03 Jul 2015 16:35:18 [1b6c] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
03 Jul 2015 16:36:40 [03e8] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
03 Jul 2015 16:36:40 [1264] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
03 Jul 2015 16:37:14 [1264] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\hpcu115b.inf_x86_neutral_8eb370035d810ab6\hpspw115.dll) took 5101 ms
03 Jul 2015 16:39:01 [04dc] - C:\Windows\Temp\TMP00000058457BF656566AF4B7 not Scanned. Possibly password protected...
03 Jul 2015 16:42:17 [0ac8] - ScanFile (C:\Windows\winsxs\msil_narrator_31bf3856ad364e35_6.1.7601.17514_none_e18f9f5aaa2eda72\Narrator.exe) took 5632 ms
03 Jul 2015 16:43:23 [03e8] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_89874ffe57b919ed\cosquery.dll) took 14664 ms
03 Jul 2015 16:50:36 [1050] - ScanFile (C:\Windows\winsxs\x86_oxpsconverter_31bf3856ad364e35_6.1.7601.17933_none_abe646740d68dabb\OxpsConverter.exe) took 5538 ms
03 Jul 2015 16:50:36 [1c2c] - ScanFile (C:\Windows\winsxs\x86_oxpsconverter_31bf3856ad364e35_6.1.7601.22091_none_ac2cd95f26b92598\OxpsConverter.exe) took 5772 ms
 
03 Jul 2015 16:51:42 [051c] - ***** Checking for specific ITW Viruses *****
 
03 Jul 2015 16:51:42 [051c] - ***** Scanning complete. *****
 
03 Jul 2015 16:51:42 [051c] - Total Objects Scanned: 248434
03 Jul 2015 16:51:42 [051c] - Total Critical Objects: 6
03 Jul 2015 16:51:42 [051c] - Total Disinfected Objects: 0
03 Jul 2015 16:51:42 [051c] - Total Objects Renamed: 4
03 Jul 2015 16:51:42 [051c] - Total Deleted Objects: 2
03 Jul 2015 16:51:42 [051c] - Total Errors: 5
03 Jul 2015 16:51:42 [051c] - Time Elapsed: 00:50:41
03 Jul 2015 16:51:42 [051c] - Virus Database Date: 02 Mar 2015
03 Jul 2015 16:51:42 [051c] - Virus Database Count: 6701505
03 Jul 2015 16:51:42 [051c] - Sign Version: 7.59505 [518257]
 
03 Jul 2015 16:51:42 [051c] - Scan Completed.



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 03 July 2015 - 05:42 PM

Ok, continue with the other scans. Also tell me is this the only issue? Can not download with internet explorer???



#8 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 05:47 PM

That is the only "apparent" issue at the moment. Below are the Adware logs....working on the ZHP Cleaner next.

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_07_03_17_38_24
OS: Windows 7 - 32 Bit
Account Name: kretzschmar-admin
U0L0S13

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966:dc57cc0c7b5fda640b61710c5f717181
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\DC57CC0C7B5FDA640B61710C5F717181:file
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished



#9 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 06:01 PM

Logs from ZHPCleaner

 

~ No malicious items found.

---\\  Hosts file (0)
~ No malicious items found.

---\\  Scheduled automatic tasks. (0)
~ No malicious items found.

---\\  Explorer ( File, Folder) (2)
MOVED folder: C:\windows\Installer\MSICAEB.tmp- (Empty)
MOVED folder: C:\windows\Installer\MSID6C0.tmp- (Empty)

---\\  Registry ( Key, Value, Data) (5)
DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
DELETED key*: HKLM\SOFTWARE\Classes\BEXHWindRequestBrowser [BEXHWindRequestBrowser] (Adware.QuestBrowse)
DELETED key*: HKLM\SOFTWARE\Classes\com.sap.bi.et.analyzer.addin.BExDeltaPlanningSettings [com.sap.bi.et.analyzer.addin.BExDeltaPlanningSettings] (Toolbar.DeltaSearch)
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{7CAA479B-EFC5-351E-8D66-FC35B5951FEC} [BEXHWindRequestBrowser] (Adware.QuestBrowse)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{7CAA479B-EFC5-351E-8D66-FC35B5951FEC}\InprocServer32 [mscoree.dll] (Adware.QuestBrowse)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 735
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7

End of clean at 17:59:02
===================
ZHPCleaner-[R]-03072015-17_59_02.txt
ZHPCleaner-[S]-03072015-17_58_02.txt



#10 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 06:03 PM

Logs from security check -

 

Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Wise Registry Cleaner 8.52 
 Java 8 Update 45 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 



#11 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 06:08 PM

Mini tool logs

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by semitek123-admin (administrator) on 03-07-2015 at 18:05:48
Running from "C:\Users\semitek123\Downloads"
Microsoft Windows 7 Enterprise  Service Pack 1 (X86)
Model: Latitude E6420 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ASMAPLN1032
   Primary Dns Suffix  . . . . . . . : us.asm.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : us.asm.com
                                       asm.com
                                       eu.asm.com
                                       sg.asm.com
                                       ap.asm.com

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E4-D5-3D-B2-18-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ap.asm.com
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : D4-BE-D9-0F-89-5D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 9C-B7-0D-00-C5-90
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : E4-D5-3D-B2-18-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::204c:55f4:dd0e:33e1%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.118(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, July 03, 2015 5:34:35 PM
   Lease Expires . . . . . . . . . . : Saturday, July 04, 2015 5:34:39 PM
   Default Gateway . . . . . . . . . : fe80::cad7:19ff:fe43:3ddf%19
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 333763901
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-5B-BB-78-2B-CB-C7-D7-50
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3F91762A-F011-4E2F-9682-7C25A4BBA99F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter iphttpsinterface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : iphttpsinterface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdb5:4205:9bc5:1000:a5a7:b98e:147:f78d(Preferred)
   Temporary IPv6 Address. . . . . . : fdb5:4205:9bc5:1000:90c6:4439:5f47:3a0c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::a5a7:b98e:147:f78d%26(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  southside
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4000:80a::200e
   173.194.115.46
   173.194.115.35
   173.194.115.39
   173.194.115.40
   173.194.115.36
   173.194.115.41
   173.194.115.38
   173.194.115.32
   173.194.115.37
   173.194.115.33
   173.194.115.34

Pinging google.com [173.194.115.34] with 32 bytes of data:
Reply from 173.194.115.34: bytes=32 time=28ms TTL=52
Reply from 173.194.115.34: bytes=32 time=35ms TTL=52

Ping statistics for 173.194.115.34:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 35ms, Average = 31ms
Server:  southside
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   2001:4998:58:c02::a9
   206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=99ms TTL=44
Reply from 98.139.183.24: bytes=32 time=91ms TTL=44

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 99ms, Average = 95ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 23...e4 d5 3d b2 18 12 ......Microsoft Virtual WiFi Miniport Adapter
 22...d4 be d9 0f 89 5d ......Intel® 82579LM Gigabit Network Connection
 21...9c b7 0d 00 c5 90 ......Bluetooth Device (Personal Area Network)
 19...e4 d5 3d b2 18 12 ......DW1501 Wireless-N WLAN Half-Mini Card
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 26...00 00 00 00 00 00 00 e0 iphttpsinterface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.118     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.118    286
    192.168.1.118  255.255.255.255         On-link     192.168.1.118    286
    192.168.1.255  255.255.255.255         On-link     192.168.1.118    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.118    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.118    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19    286 ::/0                     fe80::cad7:19ff:fe43:3ddf
  1    306 ::1/128                  On-link
 26     58 fdb5:4205:9bc5:1000::/64 On-link
 26    306 fdb5:4205:9bc5:1000:90c6:4439:5f47:3a0c/128
                                    On-link
 26    306 fdb5:4205:9bc5:1000:a5a7:b98e:147:f78d/128
                                    On-link
 26     58 fdbd:b072:2faf::/48      On-link
 26    306 fdbd:b072:2faf::/48      fe80::85b2:23ef:c8f:69f0
 26    306 fdbd:b072:2faf:1::/64    fe80::85b2:23ef:c8f:69f0
 26    306 fdbd:b072:2faf:7777::/96 fe80::85b2:23ef:c8f:69f0
 19    286 fe80::/64                On-link
 26    306 fe80::/64                On-link
 19    286 fe80::204c:55f4:dd0e:33e1/128
                                    On-link
 26    306 fe80::a5a7:b98e:147:f78d/128
                                    On-link
  1    306 ff00::/8                 On-link
 26    306 ff00::/8                 On-link
 19    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
Catalog9 01 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2015 05:34:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:43:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032-2.local.

System errors:
=============
Error: (07/03/2015 05:44:32 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/03/2015 05:44:07 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/03/2015 05:44:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/03/2015 05:36:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/03/2015 05:35:25 PM) (Source: Microsoft-Windows-GroupPolicy) (User: ASMPHX)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/03/2015 05:34:34 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (07/03/2015 05:34:32 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ASMPHX due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (07/03/2015 03:45:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{B019CAE0-D910-410F-AD15-5AFA0E58DF61}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/03/2015 03:45:30 PM) (Source: Microsoft-Windows-TBS) (User: NT AUTHORITY)
Description: An internal TBS error was detected.  The error code was 0x800703e3.  This is usually caused by unexpected TPM or driver behavior and may be transient.

Error: (07/03/2015 03:44:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (07/03/2015 05:34:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:44:01 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:43:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 1.E.3.3.E.0.D.D.4.F.5.5.C.4.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASMAPLN1032-2.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032.local.

Error: (07/03/2015 03:33:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.118:5353   21 118.1.168.192.in-addr.arpa. PTR ASMAPLN1032-2.local.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (HKLM\...\{D36B4583-E804-406B-9D56-F97931286C5B}) (Version: 8.1.2 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Configuration Manager Client (HKLM\...\{FD794BF1-657D-43B6-B183-603277B8D6C8}) (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.6.3 - Autonomy Corporation plc)
CyberLink PowerDVD 9.5 (HKLM\...\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.52 - Creative Technology Ltd)
DirectX 9 Runtime (HKLM\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DWG TrueView 2012 (HKLM\...\{5783F2D7-A028-0409-0000-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.45.15 - Oracle Corporation) Hidden
JMP 12 (HKLM\...\{C124E07B-BC34-4C79-8C0F-969637525D32}) (Version: 12.0.1 - SAS Institute Inc.)
JMP Profiler Core (HKLM\...\{20AC3C64-CFA9-41D2-B7E6-173A2056F851}) (Version: 1.12.0.1 - SAS Institute Inc.)
JMP Profiler GUI (HKLM\...\{5B8795F7-3D9C-4F2C-AAD7-2EBBFCD4DD31}) (Version: 1.12.0.1 - SAS Institute Inc.)
MDOP MBAM (HKLM\...\{D369D2E5-3330-499C-8FE7-81BA660FA8BB}) (Version: 2.5.0244.0 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM\...\NI Uninstaller) (Version:  - National Instruments)
NI Authentication 2.0 (HKLM\...\{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}) (Version: 2.0.220.0 - National Instruments) Hidden
NI Certificates Deployment Support (HKLM\...\{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}) (Version: 1.02.49152 - National Instruments) Hidden
NI Curl 1.0 (HKLM\...\{3CEF952C-2808-4A93-BEB0-5744F48EBD5B}) (Version: 1.0.82.0 - National Instruments) Hidden
NI EulaDepot (HKLM\...\{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}) (Version: 3.0.397 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 11.0.0 (HKLM\...\{F6C682B6-7714-41CC-80B6-3288364910AF}) (Version: 11.0.22.0 - National Instruments) Hidden
NI LabVIEW 2010 Real-Time NBFifo (HKLM\...\{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}) (Version: 10.0.214.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2010 (HKLM\...\{6E0A9556-A848-4738-B4DB-468DF8F5EF37}) (Version: 10.0.252.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2010 (HKLM\...\{1DC9C573-FE7A-4A80-8150-88770BCD56A4}) (Version: 10.0.255.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (HKLM\...\{DB68B420-5382-48EE-9A2A-CB984FEBB192}) (Version: 10.0.235.0 - National Instruments) Hidden
NI Logos 5.2.1 (HKLM\...\{8A64A285-37B2-44F0-A019-2A3B589E52E0}) (Version: 5.2.30.0 - National Instruments) Hidden
NI Logos XT Support (HKLM\...\{66FE173F-4F58-4E5D-99C4-EF82735D2B1F}) (Version: 5.2.26.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM\...\{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}) (Version: 1.0.25.0 - National Instruments) Hidden
NI MDF Support (HKLM\...\{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}) (Version: 3.0.397 - National Instruments) Hidden
NI mDNS Responder 1.6.0 (HKLM\...\{A363C314-2242-4BBE-9ADE-B427AF646EFF}) (Version: 1.60.49155 - National Instruments) Hidden
NI SSL Support (HKLM\...\{75C812EE-06B8-4A47-B37D-9777BE9A644C}) (Version: 11.0.221.0 - National Instruments) Hidden
NI System State Publisher (HKLM\...\{19F59734-0740-49E6-818D-53C1CA6B4ABE}) (Version: 10.0.84.0 - National Instruments) Hidden
NI System Web Server 2.0 (HKLM\...\{A29EC1AF-7077-4E6E-B4EB-30A719117268}) (Version: 11.0.214.0 - National Instruments) Hidden
NI System Web Server Base 2.0 (HKLM\...\{EB708DAB-CD04-46E4-88C9-E3BC80595982}) (Version: 2.0.215.0 - National Instruments) Hidden
NI TDMS (HKLM\...\{CEDBF278-329A-4FD6-8F1D-82BDC8121D8C}) (Version: 2.0.352.0 - National Instruments) Hidden
NI Trace Engine (HKLM\...\{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}) (Version: 11.0.213.0 - National Instruments) Hidden
NI Uninstaller (HKLM\...\{298008B1-AD82-4791-9BB8-863AD1408492}) (Version: 3.0.397 - National Instruments) Hidden
NI VC2005MSMs x86 (HKLM\...\{671A5B67-1A00-424A-A902-49BC020FB3D1}) (Version: 8.01.2 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM\...\{712723FB-BF99-4406-8F91-A2DB766AB2C9}) (Version: 9.0.301 - National Instruments) Hidden
NI Web Application Server 1.0 (HKLM\...\{03FECA97-52A3-4079-937E-7840EE4FF52C}) (Version: 1.0.109.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (HKLM\...\{E6068691-1FBC-4EF0-87E8-609CDB32038A}) (Version: 2.7.180.0 - National Instruments) Hidden
NI-DIM 1.11.0f0 (HKLM\...\{501DACFF-9399-4DBC-AA59-F35C9C6970D2}) (Version: 1.110.49152 - National Instruments) Hidden
NI-ORB 1.9.3f0 (HKLM\...\{98B874D4-D8A4-40BE-B82A-36E902C84289}) (Version: 1.94.49152 - National Instruments) Hidden
NI-PAL 2.7.0f0 (HKLM\...\{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}) (Version: 10.80.49152 - National Instruments) Hidden
NI-RPC 4.2.2f0 (HKLM\...\{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}) (Version: 4.22.49152 - National Instruments) Hidden
NI-VISA GPIB-VXI (Legacy) Passport 5.1.1 (HKLM\...\{166E43E6-9B57-454B-9CF2-3132EE1ABF81}) (Version: 5.11.49152 - National Instruments) Hidden
NI-VISA Runtime 5.1.1 (HKLM\...\{D35F1304-4FA0-40AB-9EEF-13F15EFC207D}) (Version: 5.11.49152 - National Instruments) Hidden
PhotoShowExpress (HKLM\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PIEZOCON 2.0 (HKLM\...\{349D5ACA-FE08-4FA6-8CB7-682A3C2CE6C7}) (Version: 2.0.37 - Lorex)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Activation Module (HKLM\...\{A121EEDE-C68F-461D-91AA-D48BA226AF1C}) (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (HKLM\...\{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}) (Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (HKLM\...\{EF56258E-0326-48C5-A86C-3BAC26FC15DF}) (Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}) (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
SAP Business Explorer (HKLM\...\SAPBI) (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (HKLM\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
SAPSetup Automatic Workstation Update Service (HKLM\...\SAP_WUS) (Version:  - SAP AG)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SIMSview (HKLM\...\SIMSview2.0) (Version: 2.0 - EAG, LLC)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
VAT - Control Performance Analyzer 3.0 (HKLM\...\{5F8F70AB-5AF3-4062-9C15-6C11058943B3}) (Version: 1.0.6 - VAT Vakuumventile AG)
VISA Shared Components (HKLM\...\{E8A99DC4-303C-4BC4-98B8-9C324BAD0006}) (Version: 1.3.1 - IVI Foundation Inc.) Hidden
VISA Shared Components (HKLM\...\VISASharedComponents) (Version:  - )
Wafermap 2.3 (HKLM\...\ST6UNST #1) (Version:  - )
Windows Firewall Configuration Provider (HKLM\...\{032E702E-6313-4C33-AAF6-4522F3BE737A}) (Version: 1.2.3412.0 - Microsoft Corporation)
Wise Registry Cleaner 8.52 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.52 - WiseCleaner.com, Inc.)
X7Magic Setup (HKLM\...\{B27010F5-EE01-4996-8DF5-E1A48CC5624C}) (Version: 7.1.4 - Dell Inc.)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3241.05 MB
Available physical RAM: 1646.49 MB
Total Virtual: 6480.39 MB
Available Virtual: 4734.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.8 GB) (Free:200.36 GB) NTFS

========================= Users: ========================================

User accounts for \\ASMAPLN1032

Administrator            Guest                    semitek123-admin       

**** End of log ****

 



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 03 July 2015 - 06:09 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

 

 

7RdkPsQ.png

Now go to the scanner tab and select Full Scan.



Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#13 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 06:47 PM

Ok I will get to work on those....as a sidebar, my laptop is acting like a teenager again - boots up faster and is more responsive....

 

However, I see these odd folders in my non-admin User->Appdata -> Local -> temp

 

e4j1B8B.tmp_dir1435953474 (there are multiples with different permutations on the name, all with different timestamps from today)

 

It lets me delete all but one of them - which Win 7 says is open or in use by another program

 

Inside all are two files

 

exe4jlib.jar

i4jdel.exe

 

They cannot be deleted unless I stop the agent.exe (agent user interface) under processes.

 

I do have Backup/PC agent running on my computer - not sure if this is related to this our not.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 03 July 2015 - 06:59 PM

Continue with the other scans... We will look into those files soon after. We will scan them at virus total....


Edited by InadequateInfirmity, 03 July 2015 - 07:06 PM.


#15 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 July 2015 - 08:17 PM

Here is the Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/3/2015
Scan Time: 8:04 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.03.08
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: semitek123-admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 516704
Time Elapsed: 8 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Malware.Trace, HKU\S-1-5-21-149572226-162808296-1262813436-2844\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.BitLockerDriveEncryption, , [a0c436a7474340f61fb81aa235cf4db3]

Registry Data: 1
PUM.Hijack.HomePageControl, HKU\S-1-5-21-149572226-162808296-1262813436-2844\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[22427f5ef298bd7935ff3b13996d23dd]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users