Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop behaving suspiciously


  • Please log in to reply
15 replies to this topic

#1 Wizzlmang

Wizzlmang

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 05 July 2015 - 10:15 PM

First it stated with 'remote desktop services' set to 'automatic' and stated in services.msc, I thought 'ok, whatever, I did just run windows repair not long ago, maybe that changed it?", I just turned it back off, but then found 'allow remote access' was turned on somehow, so that spooked me a bit, but again blamed it on windows repair, but then I come to find out that it shouldn't have changed those settings since they aren't the default, so that's troubling

I also noticed a good number more files were being scanned by by avast webshields at boot (more than 50, sometimes), seemingly at random.

 

I ran autoruns to take a look, for some reason 'iexplore.exe' was set to autorun somehow, I thought 'thats weird, that shouldn't be like that', unchecked that
Somehow last boot, my computer connected to amd.com/us/catalyst.xml, which, while I do use catalyst control center, thats never happened before. I looked up some information and found that there's a security hole in catalyst control center? So that kinda spooked me.

Just this morning, I noticed sc.exe ran at boot, I wasn't sure what that was, looking it up there are very mixed opinions, some people insisting it's a normal windows process, while others say it's a trojan/keylogger of sorts, which it could be both, after all, a trojan could mask itself as a legit windows process, but I couldn't find a straight answer as to where it should be normally located (this instance was in the windows/system32 folder, some sources said it should be there, others said it shouldn't)

This is like the third time I've been to this forum about something like this, so sorry if i'm being a pest ._.

 



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 05 July 2015 - 10:30 PM

Download and run wipe.

 

https://privacyroot.com/software/www/en/wipe.php

 

Under details make sure the highlighted button is ticked prior to cleaning.

v9cPNDN.jpg?1

 

Then System ninja

https://singularlabs.com/software/system-ninja/

 

Scan for junk then delete.

 

r5APpdC.jpg

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

 

http://www.bleepingcomputer.com/download/zemana-anti-malware/dl/294/

 

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 06 July 2015 - 07:02 PM

06 Jul 2015 16:33:58 [0970] - **********************************************************
06 Jul 2015 16:33:58 [0970] - MWAV - eScanAV AntiVirus Toolkit.
06 Jul 2015 16:33:58 [0970] - Copyright © MicroWorld Technologies
06 Jul 2015 16:33:58 [0970] - **********************************************************
06 Jul 2015 16:33:58 [0970] - Version 14.0.197 (C:\USERS\CHRISG\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
06 Jul 2015 16:33:58 [0970] - Log File: C:\Users\ChrisG\AppData\Local\Temp\LOG\MWAV.LOG
06 Jul 2015 16:33:58 [0970] - MWAV Registered: TRUE
06 Jul 2015 16:33:58 [0970] - User Account: ChrisG (Administrator Mode)
06 Jul 2015 16:33:58 [0970] - OS Type: Windows Workstation [InstallType: Client]
06 Jul 2015 16:33:58 [0970] - OS: Windows 7 64-Bit [OS Install Date: 15 Sep 2012 18:35:35]
06 Jul 2015 16:33:58 [0970] - Ver: Personal Service Pack 1 (Build 7601)
06 Jul 2015 16:33:58 [0970] - System Up Time: 35 Minutes, 20 Seconds


06 Jul 2015 16:33:58 [0970] - Parent Process Name : c:\Windows\explorer.exe
06 Jul 2015 16:33:58 [0970] - Windows Root  Folder: C:\Windows
06 Jul 2015 16:33:58 [0970] - Windows Sys32 Folder: C:\Windows\system32
06 Jul 2015 16:33:58 [0970] - DHCP NameServer: 192.168.1.1
06 Jul 2015 16:33:58 [0970] - Interface0 DHCPNameServer: 192.168.1.1
06 Jul 2015 16:33:58 [0970] - Local Fixed Drives: c:\,d:\
06 Jul 2015 16:33:58 [0970] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
06 Jul 2015 16:33:58 [0970] - [CREATED ZIP FILE: C:\Users\ChrisG\AppData\Local\Temp\pinfect.zip]
06 Jul 2015 16:33:59 [0970] - Latest Date of files inside MWAV: Tue Jul  7 01:03:18 2015.
06 Jul 2015 16:34:00 [0970] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\ChrisG\AppData\Local\Temp\LOG\ESCANDB.LOG]
06 Jul 2015 16:34:00 [0970] - Loaded/Created FileScan Cache Database...
06 Jul 2015 16:34:00 [0970] - Loading AV Library [DB]...
06 Jul 2015 16:34:02 [0970] - ArchiveScan: DISABLED
06 Jul 2015 16:34:02 [0970] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
06 Jul 2015 16:34:02 [0970] - MWAV doing self scanning...
06 Jul 2015 16:34:02 [0970] - MWAV files are clean.
06 Jul 2015 16:34:06 [0970] - ArchiveScan: DISABLED
06 Jul 2015 16:34:06 [0970] - Virus Database Date: 06 Jul 2015
06 Jul 2015 16:34:06 [0970] - Virus Database Count: 5761115
06 Jul 2015 16:34:06 [0970] - Sign Version: 7.61424 [520176]
 
06 Jul 2015 16:34:37 [0970] - **********************************************************
06 Jul 2015 16:34:37 [0970] - MWAV - eScanAV AntiVirus Toolkit.
06 Jul 2015 16:34:37 [0970] - Copyright © MicroWorld Technologies
06 Jul 2015 16:34:37 [0970] -
06 Jul 2015 16:34:37 [0970] - Support: support@escanav.com
06 Jul 2015 16:34:37 [0970] - Web: http://www.escanav.com
06 Jul 2015 16:34:37 [0970] - **********************************************************
06 Jul 2015 16:34:37 [0970] - Version 14.0.197[DB] (C:\USERS\CHRISG\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
06 Jul 2015 16:34:37 [0970] - Log File: C:\Users\ChrisG\AppData\Local\Temp\LOG\MWAV.LOG
06 Jul 2015 16:34:37 [0970] - User Account: ChrisG (Administrator Mode)
06 Jul 2015 16:34:37 [0970] - Parent Process Name : c:\Windows\explorer.exe
06 Jul 2015 16:34:37 [0970] - Windows Root  Folder: C:\Windows
06 Jul 2015 16:34:37 [0970] - Windows Sys32 Folder: C:\Windows\system32
06 Jul 2015 16:34:37 [0970] - OS: Windows 7 64-Bit [OS Install Date: 15 Sep 2012 18:35:35]
06 Jul 2015 16:34:37 [0970] - Ver: Personal Service Pack 1 (Build 7601)
06 Jul 2015 16:34:37 [0970] - Latest Date of files inside MWAV: Tue Jul  7 01:03:18 2015.
06 Jul 2015 16:34:37 [0970] - Priority: NORMAL
 
06 Jul 2015 16:34:37 [1188] - Options Selected by User:
06 Jul 2015 16:34:37 [1188] - Memory Check: Enabled
06 Jul 2015 16:34:37 [1188] - Registry Check: Enabled
06 Jul 2015 16:34:37 [1188] - StartUp Folder Check: Enabled
06 Jul 2015 16:34:37 [1188] - System Folder Check: Enabled
06 Jul 2015 16:34:37 [1188] - Services Check: Enabled
06 Jul 2015 16:34:37 [1188] - Scan Spyware: Enabled
06 Jul 2015 16:34:37 [1188] - Scan Archives: Disabled
06 Jul 2015 16:34:37 [1188] - Drive Check: Enabled
06 Jul 2015 16:34:37 [1188] - All Drive Check :Disabled
06 Jul 2015 16:34:37 [1188] - Drive Selected = C:\
06 Jul 2015 16:34:37 [1188] - Folder Check: Disabled
06 Jul 2015 16:34:37 [1188] - SCAN: All_Files [ANSI]
06 Jul 2015 16:34:37 [1188] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
06 Jul 2015 16:34:37 [1188] - Scanning DNS Records...
06 Jul 2015 16:34:37 [1188] - Scanning Master Boot Record (User)...
06 Jul 2015 16:34:37 [1188] - Scanning Logical Boot Records...
06 Jul 2015 16:34:38 [1188] - ***** Scanning For Hidden Rootkit Processes *****
06 Jul 2015 16:34:39 [1188] - ***** Scanning For Hidden Rootkit Services *****
 
06 Jul 2015 16:34:47 [1188] - ***** Scanning Memory Files *****
 
06 Jul 2015 16:34:59 [1188] - ***** Scanning Registry Files *****
06 Jul 2015 16:35:00 [1188] - ERROR(3)!!! Invalid Entry {5F327514-6C5E-4d60-8F16-D07FA08A78ED} = C:\Windows\system32\wuaucpl.cpl (in key HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). Action Taken: Removing it.
06 Jul 2015 16:35:03 [1188] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
06 Jul 2015 16:35:03 [1188] - ERROR(3)!!! Invalid Entry  = "%1" %* (in key HKCR64\htmlfile\shell\open\command). Action Taken: Removing it.
 
06 Jul 2015 16:35:03 [1188] - ***** Scanning StartUp Folders *****
 
06 Jul 2015 16:36:23 [1188] - ***** Scanning Service Files *****
06 Jul 2015 16:36:23 [1188] - Scanning File C:\Windows\system32\drivers\1394ohci.sys
06 Jul 2015 16:36:23 [1188] - ERROR(2)!!! ScanFile Fails for C:\Windows\system32\drivers\1394ohci.sys...
06 Jul 2015 16:36:30 [1188] - ERROR(2)!!! Invalid Entry C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\HiPatchService.
06 Jul 2015 16:36:38 [1188] - ERROR(2)!!! Invalid Entry "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\Steam Client Service.
06 Jul 2015 16:36:40 [1188] - ERROR(2)!!! Invalid Entry system32\DRIVERS\wacommousefilter.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\wacommousefilter.
06 Jul 2015 16:36:40 [1188] - ERROR(2)!!! Invalid Entry system32\DRIVERS\wacomvhid.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\wacomvhid.
 
06 Jul 2015 16:36:42 [1188] - ***** Scanning Registry and File system for Adware/Spyware *****
06 Jul 2015 16:36:43 [1188] - Loading Spyware Signatures from new External Database [Name: C:\Users\ChrisG\AppData\Local\Temp\spydb.avs, Size: 464724]...
06 Jul 2015 16:36:43 [1188] - Indexed Spyware Databases Successfully Created...
 
 
06 Jul 2015 16:36:58 [1188] - ***** Scanning Registry Files *****
 
06 Jul 2015 16:36:59 [1188] - ***** Scanning System32 Folders *****
06 Jul 2015 16:37:08 [040c] - ScanFile (C:\Windows\SysWOW64\atioglxx.dll) took 7021 ms
 
 
06 Jul 2015 16:38:10 [1188] - ***** Scanning Drive C:\ *****
06 Jul 2015 16:38:12 [10d8] - Scanning File C:\HP\HPQWare\Favs\sr-Latn-CS\all\HP\Poridte si Skype – stažení zdarma.url
06 Jul 2015 16:39:17 [1104] - ScanFile (C:\Program Files (x86)\Adobe\Photoshop 7.0\ImageReady.exe) took 5476 ms
06 Jul 2015 16:40:36 [124c] - ScanFile (C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.com) took 6427 ms
06 Jul 2015 16:41:14 [0fbc] - ScanFile (C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\savi.dll) took 6988 ms
06 Jul 2015 16:42:08 [1390] - ScanFile (C:\SWSetup\Drivers\Video\Packages\Drivers\Display\W76A_INF\B116525\atio6axx.dl_) took 6271 ms
06 Jul 2015 16:42:12 [0e18] - ScanFile (C:\SWSetup\Drivers\Video\Packages\Drivers\Display\W76A_INF\B116525\atioglxx.dl_) took 10936 ms
06 Jul 2015 16:42:16 [10d8] - ScanFile (C:\SWSetup\Drivers\Video\Packages\Drivers\Display\W7_INF\B116525\atioglxx.dl_) took 10561 ms
06 Jul 2015 16:42:17 [10d8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
06 Jul 2015 16:42:17 [1104] - Scanning File C:\System Volume Information\{8c684359-2432-11e5-9286-101f741de01d}{3808876b-c176-4e48-b7ae-04046e6cc752}
06 Jul 2015 16:42:17 [0fbc] - Scanning File C:\System Volume Information\{79b6e0c6-108f-11e5-b9d1-101f741de01d}{3808876b-c176-4e48-b7ae-04046e6cc752}
06 Jul 2015 16:42:45 [040c] - ScanFile (C:\Users\ChrisG\Documents\tdsskiller\TDSSKiller.exe) took 5445 ms
06 Jul 2015 16:47:58 [10d8] - ScanFile (C:\Windows\System32\atioglxx.dll) took 8049 ms
06 Jul 2015 16:48:31 [040c] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\c7117970.inf_amd64_neutral_48893ade89397e48\B116525\atioglxx.dll) took 7847 ms
06 Jul 2015 16:57:19 [0e18] - ScanFile (C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7601.17514_none_c0f01f501d19ea73\ehexthost.exe) took 7628 ms
06 Jul 2015 16:58:21 [10d8] - ScanFile (C:\Windows\winsxs\wow64_ehome-bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_5621eb4f9854b9af\BDATunePIA.dll) took 5195 ms
 
06 Jul 2015 17:00:34 [1188] - ***** Checking for specific ITW Viruses *****
 
06 Jul 2015 17:00:34 [1188] - ***** Scanning complete. *****
 
06 Jul 2015 17:00:34 [1188] - Total Objects Scanned: 188295
06 Jul 2015 17:00:34 [1188] - Total Critical Objects: 0
06 Jul 2015 17:00:34 [1188] - Total Disinfected Objects: 0
06 Jul 2015 17:00:34 [1188] - Total Objects Renamed: 0
06 Jul 2015 17:00:34 [1188] - Total Deleted Objects: 0
06 Jul 2015 17:00:34 [1188] - Total Errors: 8
06 Jul 2015 17:00:34 [1188] - Time Elapsed: 00:25:35
06 Jul 2015 17:00:34 [1188] - Virus Database Date: 06 Jul 2015
06 Jul 2015 17:00:34 [1188] - Virus Database Count: 5761115
06 Jul 2015 17:00:34 [1188] - Sign Version: 7.61424 [520176]
 
06 Jul 2015 17:00:34 [1188] - Scan Completed.



#4 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 06 July 2015 - 07:06 PM

The link to Zemana doesn't work



#5 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 06 July 2015 - 07:25 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.3 (07.06.2015:2)
OS: Windows 7 Home Premium x64
Ran by ChrisG on Mon 07/06/2015 at 17:19:32.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/06/2015 at 17:24:18.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 06 July 2015 - 07:37 PM

# AdwCleaner v4.207 - Logfile created 06/07/2015 at 17:35:42
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : ChrisG - TIBBS
# Running from : C:\Users\ChrisG\Desktop\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [620 bytes] - [06/07/2015 17:35:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [678 bytes] ##########
 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 July 2015 - 05:48 AM

For Zemana

http://www.bleepingcomputer.com/download/windows/

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 07 July 2015 - 06:31 PM

Zemana AntiMalware 2.16.179.292 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/7/7
Operating System       : Windows 7 64-bit
Processor              : 4X AMD A8-3500M APU with Radeon™ HD Graphics
BIOS Mode              : Legacy
CUID                   : 0035A040DAA07C46E47AFE
Scan Type              : Deep Scan
Duration               : 18m 16s
Scanned Objects        : 137043
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Avast Online Security
Status             : Scanned
Object             : %programw6432%\avast software\avast\webrep\ff
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - Avast Online Security

ninja-setup-3.0.7.exe
Status             : Scanned
Object             : %userprofile%\desktop\ninja-setup-3.0.7.exe
MD5                : 5269E6ED06CFFE100ED3F48B4A3DE45E
Publisher          : -
Size               : 2509450
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\ninja-setup-3.0.7.exe

EndProcess.exe
Status             : Scanned
Object             : %homedrive%\hp\bin\endprocess.exe
MD5                : FB9F5EFC10280F3659DCE48069725C3C
Publisher          : -
Size               : 55296
Version            : -
Detection          : Malware:Win32/Fooster.A!Eake
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\hp\bin\endprocess.exe

not sure how to proceed here, I think these might be false positives, unsure of the last one though



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 11 July 2015 - 05:45 PM

Continue with the other scans, these are false positives..... it happens with all antivirus antimalware programs from time to time.



#10 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 July 2015 - 06:51 PM

Sorry for disappearing, been a busy month for me
 

Adware removal tool is down, apparently being updated.

 

~ ZHPCleaner v2015.7.18.300 by Nicolas Coolman (2015/07/18)
~ Run by ChrisG (Administrator)  (18/07/2015 16:44:00)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\ChrisG\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ChrisG\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (23)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 61210
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


End of clean in 5 minutes
===================
ZHPCleaner-[S]-18072015-16_49_29.txt
 



#11 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 July 2015 - 06:55 PM

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Zemana AntiMalware ZAM.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````



#12 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 July 2015 - 07:01 PM

MiniToolBox by Farbar  Version: 01-07-2015
Ran by ChrisG (administrator) on 18-07-2015 at 16:57:47
Running from "C:\Users\ChrisG\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Pavilion dv6 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tibbs
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : AC-81-12-D0-17-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1915:ec32:f40b:3feb%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.16(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, July 18, 2015 12:40:07 PM
   Lease Expires . . . . . . . . . . : Sunday, July 19, 2015 12:40:11 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 313295122
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E6-DD-39-10-1F-74-1D-E0-1D
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 10-1F-74-1D-E0-1D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EF1AF652-60A7-44C8-B7E7-AF265D29071D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4005:803::200e
      216.58.217.206


Pinging google.com [216.58.217.206] with 32 bytes of data:
Reply from 216.58.217.206: bytes=32 time=21ms TTL=52
Reply from 216.58.217.206: bytes=32 time=58ms TTL=52

Ping statistics for 216.58.217.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 58ms, Average = 39ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=63ms TTL=48
Request timed out.

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 63ms, Average = 63ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...ac 81 12 d0 17 20 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
 11...10 1f 74 1d e0 1d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.16     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.16    286
     192.168.1.16  255.255.255.255         On-link      192.168.1.16    286
    192.168.1.255  255.255.255.255         On-link      192.168.1.16    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.16    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.16    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    286 fe80::/64                On-link
 12    286 fe80::1915:ec32:f40b:3feb/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [File Not found] ()
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [File Not found] ()
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:13 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (07/06/2015 03:59:13 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (07/06/2015 03:22:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x10f4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (07/18/2015 00:42:31 PM) (Source: Service Control Manager) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/18/2015 00:42:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/18/2015 00:40:08 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/17/2015 06:34:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 06:34:26 PM) (Source: Service Control Manager) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 06:32:37 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/17/2015 01:32:37 PM) (Source: Service Control Manager) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 01:32:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 01:29:55 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/16/2015 03:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Disk Defragmenter service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/06/2015 03:59:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
Search.JetPropStore

Error: (07/06/2015 03:59:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (07/06/2015 03:59:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
2801

Error: (07/06/2015 03:22:38 PM) (Source: Application Error)(User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa110f401d0b81d75f2827dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll821acb5b-242d-11e5-bab1-101f741de01d


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
HP 3D DriveGuard (HKLM\...\{0128D231-B23B-409C-A531-39D8D8774BA1}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
System Ninja version 3.0.7 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.7 - SingularLabs)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.9w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.06 - PrivacyRoot.com)
WMV9/VC-1 Video Playback (HKLM\...\{CB1A2FE6-2BDF-DECC-C91B-4E5FFD59C5D6}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.292 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3562.9 MB
Available physical RAM: 2036.22 MB
Total Virtual: 7124 MB
Available Virtual: 5193.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:448.57 GB) (Free:408.7 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.89 GB) (Free:1.85 GB) NTFS

========================= Users: ========================================

User accounts for \\TIBBS

Administrator            ChrisG                   Guest                    


**** End of log ****



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 18 July 2015 - 07:32 PM

Eset Scan? How is your machine?



#14 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 July 2015 - 07:52 PM

running it right now



#15 Wizzlmang

Wizzlmang
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 July 2015 - 07:55 PM

it seems like it's stuck on this file, been on it for five minutes now

 

I5jTOq0.jpg






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users