Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something executed, shut down my Avira, now have a ton of suspicious processes


  • Please log in to reply
15 replies to this topic

#1 Cartographer7

Cartographer7

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 29 July 2015 - 07:03 PM

Windows 7 64 bit machine

 

I was browsing the web when a couple small windows opened and closed rapidly. Immediately afterward, Windows gave me a notification in the task bar that Avira was turned off. I shut it down pretty quickly by holding the power button down. I tried restarting a couple different times trying to get malwarebytes to update, first in safe mode then a normal boot. (Part of the problem was with Covenant Eyes, which blocks the internet unless it's up and running properly.) I finally got malwarebytes to update, and ran a scan. While I was waiting for that, I looked at my processes and noticed a bunch of strange looking stuff (screenshots attached). Malwarebytes didn't find anything. I tried again using Malwarebytes Chameleon, and it still found nothing.

 

Screenshots below:

0571d-3173984b-3248-441a-8183-a549cf3d00

 

 

0571d-d0ccfb26-6c1a-40e1-902e-be352fd9ef

 

 

Here's the longer ones in full:

 

0571d-d4af6061-d63c-4f1c-b6f8-d253469d2f

 

There were also processes called "conhost" and "consent", one of which disappeared and the other I had force closed before the screenshot.

 

 

 

 

Anyone know what this could be and where to go from here?

 

Thanks in advance!


Edited by Cartographer7, 29 July 2015 - 07:04 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 29 July 2015 - 07:41 PM

Have you installed LogMeIn on your machine before?

 

Did you have this application running on your last shut down?


Edited by TsVk!, 29 July 2015 - 07:41 PM.


#3 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 30 July 2015 - 12:03 AM

Yes, I've had logmein Hamachi for over a year with no trouble as far as I know. It's vpn software. It loads on startup and sits in the tray, so I'm pretty sure it was running when I last shut down.

 

Edit: I also no longer use the VPN, and have it disabled in Hamachi.

 

Edit 2: Logmein is a different piece of software than Hamachi (which is made by the Logmein company), and I've never installed it.


Edited by Cartographer7, 30 July 2015 - 12:11 AM.


#4 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 02 August 2015 - 12:07 AM

Anyone know what I should to next?



#5 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 04 August 2015 - 12:41 AM

It would be helpful to know when someone can help me (if they can at all). I know you guys are super busy and understand if I'm not high on the list right now. I just need to know if I should maybe pursue other options for help. (If so, reccomendations would be nice.)



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 04 August 2015 - 12:58 AM

Sincere apologies... I am watching your thread but have not had time to create instructions for you. If another helper is watching please feel free to jump in.

 

If not, I hope I can get back to you in the next 24 hours.

 

TsVk!



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 04 August 2015 - 09:57 PM

Hi,

 

I've looked at your processes list and not found anything that appears untoward. That said, lets do some scans to put your mind at ease...

 

 

:step1: Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

 

aak3k9.jpg

Click Go and note the saved Result.txt on your desktop, to copy into your reply

 

:step2: Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

Please let me know if this application removes something you want to keep on your system

 

:step3: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

 

:step4: ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications and click Start again.

 

ESET will then download updates, install and begin scanning your computer. Please be patient as this can take some time.

 

  • When the scan completes, click List of found threats. Note: If no malware was found you will not get a list.

 

1446ya9.jpg

  • Click Export to text file and save the log on your desktop. Then click the Back button.

hry77t.jpg

  • Check Uninstall application on close and Delete quarantined files, then click the Finish button.

 

106x9g7.jpg

 

When you click finish the browser will not close but will offer you ESET products. Be aware the scan has actually finished and you need to close the browser window and reboot your computer to complete the process.

  • Please save the log to your desktop for your reply.

 

:step5: Please run MalwareBytes Anti-Malware again at this stage.

 

 

Please attach the logs from all these scans to your reply.

 

TsVk!


Edited by Chris Cosgrove, 12 August 2015 - 06:54 PM.


#8 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 05 August 2015 - 02:10 PM

Thanks for getting back to me :)

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Family (administrator) on 04-08-2015 at 21:09:34
Running from "C:\Users\Family\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: NY589AAR-ABA p6247c Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

216.239.32.20    www.google.ac 216.239.32.20    www.google.ad 216.239.32.20    www.google.ae 216.239.32.20    www.google.al 216.239.32.20    www.google.am 216.239.32.20    www.google.as 216.239.32.20    www.google.at 216.239.32.20    www.google.az 216.239.32.20    www.google.ba 216.239.32.20    www.google.be 216.239.32.20    www.google.bf 216.239.32.20    www.google.bg 216.239.32.20    www.google.bi 216.239.32.20    www.google.bj 216.239.32.20    www.google.bs 216.239.32.20    www.google.bt 216.239.32.20    www.google.by 216.239.32.20    www.google.ca 216.239.32.20    www.google.cat 216.239.32.20    www.google.cc 216.239.32.20    www.google.cd 216.239.32.20    www.google.cf 216.239.32.20    www.google.cg 216.239.32.20    www.google.ch 216.239.32.20    www.google.ci 216.239.32.20    www.google.cl 216.239.32.20    www.google.cm 216.239.32.20    www.google.cn 216.239.32.20    www.google.co.ao 216.239.32.20    www.google.co.bw 216.239.32.20    www.google.co.ck 216.239.32.20    www.google.co.cr 216.239.32.20    www.google.co.id 216.239.32.20    www.google.co.il 216.239.32.20    www.google.co.in 216.239.32.20    www.google.co.jp 216.239.32.20    www.google.co.ke 216.239.32.20    www.google.co.kr 216.239.32.20    www.google.co.ls 216.239.32.20    www.google.co.ma 216.239.32.20    www.google.co.mz 216.239.32.20    www.google.co.nz 216.239.32.20    www.google.co.th 216.239.32.20    www.google.co.tz 216.239.32.20    www.google.co.ug 216.239.32.20    www.google.co.uk 216.239.32.20    www.google.co.uz 216.239.32.20    www.google.co.ve 216.239.32.20    www.google.co.vi 216.239.32.20    www.google.co.za 216.239.32.20    www.google.co.zm 216.239.32.20    www.google.co.zw 216.239.32.20    www.google.com 216.239.32.20    www.google.com.af 216.239.32.20    www.google.com.ag 216.239.32.20    www.google.com.ai 216.239.32.20    www.google.com.ar 216.239.32.20    www.google.com.au 216.239.32.20    www.google.com.bd 216.239.32.20    www.google.com.bh 216.239.32.20    www.google.com.bn 216.239.32.20    www.google.com.bo 216.239.32.20    www.google.com.br 216.239.32.20    www.google.com.bz 216.239.32.20    www.google.com.co 216.239.32.20    www.google.com.cu 216.239.32.20    www.google.com.cy 216.239.32.20    www.google.com.do 216.239.32.20    www.google.com.ec 216.239.32.20    www.google.com.eg 216.239.32.20    www.google.com.et 216.239.32.20    www.google.com.fj 216.239.32.20    www.google.com.gh 216.239.32.20    www.google.com.gi 216.239.32.20    www.google.com.gt 216.239.32.20    www.google.com.hk 216.239.32.20    www.google.com.jm 216.239.32.20    www.google.com.kh 216.239.32.20    www.google.com.kw 216.239.32.20    www.google.com.lb 216.239.32.20    www.google.com.lc 216.239.32.20    www.google.com.ly 216.239.32.20    www.google.com.mm 216.239.32.20    www.google.com.mt 216.239.32.20    www.google.com.mx 216.239.32.20    www.google.com.my 216.239.32.20    www.google.com.na 216.239.32.20    www.google.com.nf 216.239.32.20    www.google.com.ng 216.239.32.20    www.google.com.ni 216.239.32.20    www.google.com.np 216.239.32.20    www.google.com.om 216.239.32.20    www.google.com.pa 216.239.32.20    www.google.com.pe 216.239.32.20    www.google.com.pg 216.239.32.20    www.google.com.ph 216.239.32.20    www.google.com.pk 216.239.32.20    www.google.com.pr 216.239.32.20    www.google.com.py 216.239.32.20    www.google.com.qa 216.239.32.20    www.google.com.sa 216.239.32.20    www.google.com.sb 216.239.32.20    www.google.com.sg 216.239.32.20    www.google.com.sl 216.239.32.20    www.google.com.sv 216.239.32.20    www.google.com.tj 216.239.32.20    www.google.com.tn 216.239.32.20    www.google.com.tr 216.239.32.20    www.google.com.tw 216.239.32.20    www.google.com.ua 216.239.32.20    www.google.com.uy 216.239.32.20    www.google.com.vc 216.239.32.20    www.google.com.vn 216.239.32.20    www.google.cv 216.239.32.20    www.google.cz 216.239.32.20    www.google.de 216.239.32.20    www.google.dj 216.239.32.20    www.google.dk 216.239.32.20    www.google.dm 216.239.32.20    www.google.dz 216.239.32.20    www.google.ee 216.239.32.20    www.google.es 216.239.32.20    www.google.fi 216.239.32.20    www.google.fm 216.239.32.20    www.google.fr 216.239.32.20    www.google.ga 216.239.32.20    www.google.ge 216.239.32.20    www.google.gf 216.239.32.20    www.google.gg 216.239.32.20    www.google.gl 216.239.32.20    www.google.gm 216.239.32.20    www.google.gp 216.239.32.20    www.google.gr 216.239.32.20    www.google.gy 216.239.32.20    www.google.hn 216.239.32.20    www.google.hr 216.239.32.20    www.google.ht 216.239.32.20    www.google.hu 216.239.32.20    www.google.ie 216.239.32.20    www.google.im 216.239.32.20    www.google.io 216.239.32.20    www.google.iq 216.239.32.20    www.google.ir 216.239.32.20    www.google.is 216.239.32.20    www.google.it 216.239.32.20    www.google.je 216.239.32.20    www.google.jo 216.239.32.20    www.google.kg 216.239.32.20    www.google.ki 216.239.32.20    www.google.kz 216.239.32.20    www.google.la 216.239.32.20    www.google.li 216.239.32.20    www.google.lk 216.239.32.20    www.google.lt 216.239.32.20    www.google.lu 216.239.32.20    www.google.lv 216.239.32.20    www.google.md 216.239.32.20    www.google.me 216.239.32.20    www.google.mg 216.239.32.20    www.google.mk 216.239.32.20    www.google.ml 216.239.32.20    www.google.mn 216.239.32.20    www.google.ms 216.239.32.20    www.google.mu 216.239.32.20    www.google.mv 216.239.32.20    www.google.mw 216.239.32.20    www.google.ne 216.239.32.20    www.google.nl 216.239.32.20    www.google.no 216.239.32.20    www.google.nr 216.239.32.20    www.google.nu 216.239.32.20    www.google.pl 216.239.32.20    www.google.pn 216.239.32.20    www.google.ps 216.239.32.20    www.google.pt 216.239.32.20    www.google.ro 216.239.32.20    www.google.rs 216.239.32.20    www.google.ru 216.239.32.20    www.google.rw 216.239.32.20    www.google.sc 216.239.32.20    www.google.se 216.239.32.20    www.google.sh 216.239.32.20    www.google.si 216.239.32.20    www.google.sk 216.239.32.20    www.google.sm 216.239.32.20    www.google.sn 216.239.32.20    www.google.so 216.239.32.20    www.google.st 216.239.32.20    www.google.td 216.239.32.20    www.google.tg 216.239.32.20    www.google.tk 216.239.32.20    www.google.tl 216.239.32.20    www.google.tm 216.239.32.20    www.google.tn 216.239.32.20    www.google.to 216.239.32.20    www.google.tt 216.239.32.20    www.google.us 216.239.32.20    www.google.vg 216.239.32.20    www.google.vu 216.239.32.20    www.google.ws

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)
Hamachi Network Interface = Local Area Connection 2 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.0.10 metric=1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : P6247c
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
   Physical Address. . . . . . . . . : 90-E6-BA-87-17-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fd4d:d767:94fa:c78b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 04, 2015 8:28:13 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 11, 2015 8:28:13 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 244377274
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5E-1E-09-90-E6-BA-87-17-B0
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.3.25
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-1E-B7-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::191e:b718(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9cd7:42ee:996:6870%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 25.30.183.24(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 04, 2015 8:28:13 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 04, 2015 9:12:54 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 343570876
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5E-1E-09-90-E6-BA-87-17-B0
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.domain.actdsltmp:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{798986DE-9AFC-46C5-9937-9307F5FA2D70}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  qwestmodem.domain.actdsltmp
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:400a:807::200e
      216.58.216.174


Pinging google.com [216.58.216.174] with 32 bytes of data:
Reply from 216.58.216.174: bytes=32 time=21ms TTL=57
Reply from 216.58.216.174: bytes=32 time=20ms TTL=57

Ping statistics for 216.58.216.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server:  qwestmodem.domain.actdsltmp
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=80ms TTL=53
Reply from 98.138.253.109: bytes=32 time=78ms TTL=53

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 80ms, Average = 79ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...90 e6 ba 87 17 b0 ......NVIDIA nForce 10/100 Mbps Ethernet
 15...7a 79 19 1e b7 18 ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1     25.30.183.24   9256
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.7     20
         25.0.0.0        255.0.0.0         On-link      25.30.183.24   9256
     25.30.183.24  255.255.255.255         On-link      25.30.183.24   9256
   25.255.255.255  255.255.255.255         On-link      25.30.183.24   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0     192.168.0.10      192.168.0.7     21
      169.254.0.0      255.255.0.0         On-link      25.30.183.24   9256
  169.254.255.255  255.255.255.255         On-link      25.30.183.24   9256
      192.168.0.0    255.255.255.0         On-link       192.168.0.7    276
      192.168.0.7  255.255.255.255         On-link       192.168.0.7    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.7    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.7    276
        224.0.0.0        240.0.0.0         On-link      25.30.183.24   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.7    276
  255.255.255.255  255.255.255.255         On-link      25.30.183.24   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0     192.168.0.10       1
          0.0.0.0          0.0.0.0         25.0.0.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 15    276 2620:9b::/64             On-link
 15    276 2620:9b::/96             On-link
 15    276 2620:9b::191e:b718/128   On-link
 10    276 fe80::/64                On-link
 15    276 fe80::/64                On-link
 15    276 fe80::9cd7:42ee:996:6870/128
                                    On-link
 10    276 fe80::fd4d:d767:94fa:c78b/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 15    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\CovenantEyesProxy.dll [331264] (CovenantEyes)
Catalog9 02 C:\Windows\system32\CovenantEyesProxy.dll [331264] (CovenantEyes)
Catalog9 03 C:\Windows\system32\CovenantEyesProxy.dll [331264] (CovenantEyes)
Catalog9 04 C:\Windows\system32\CovenantEyesProxy.dll [331264] (CovenantEyes)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\CovenantEyesProxy.dll [331264] (CovenantEyes)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\CovenantEyesProxy64.dll [400384] (CovenantEyes)
x64-Catalog9 02 C:\Windows\System32\CovenantEyesProxy64.dll [400384] (CovenantEyes)
x64-Catalog9 03 C:\Windows\System32\CovenantEyesProxy64.dll [400384] (CovenantEyes)
x64-Catalog9 04 C:\Windows\System32\CovenantEyesProxy64.dll [400384] (CovenantEyes)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\CovenantEyesProxy64.dll [400384] (CovenantEyes)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2015 08:29:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Avira.Systray.exe, version: 1.1.42.10415, time stamp: 0x55951d10
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xe3c
Faulting application start time: 0xAvira.Systray.exe0
Faulting application path: Avira.Systray.exe1
Faulting module path: Avira.Systray.exe2
Report Id: Avira.Systray.exe3

Error: (08/04/2015 08:29:39 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (08/04/2015 08:29:39 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])

Error: (08/04/2015 11:50:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: Avira.Systray.exe, version: 1.1.42.10415, time stamp: 0x55951d10
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x2440
Faulting application start time: 0xAvira.Systray.exe0
Faulting application path: Avira.Systray.exe1
Faulting module path: Avira.Systray.exe2
Report Id: Avira.Systray.exe3

Error: (08/04/2015 11:50:24 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (08/03/2015 12:29:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.42.10415, time stamp: 0x55951cdf
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xf50
Faulting application start time: 0xAvira.ServiceHost.exe0
Faulting application path: Avira.ServiceHost.exe1
Faulting module path: Avira.ServiceHost.exe2
Report Id: Avira.ServiceHost.exe3

Error: (08/03/2015 12:29:28 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])

Error: (08/01/2015 09:03:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Avira.Systray.exe, version: 1.1.42.10415, time stamp: 0x55951d10
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xe74
Faulting application start time: 0xAvira.Systray.exe0
Faulting application path: Avira.Systray.exe1
Faulting module path: Avira.Systray.exe2
Report Id: Avira.Systray.exe3

Error: (08/01/2015 09:03:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.42.10415, time stamp: 0x55951cdf
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1110
Faulting application start time: 0xAvira.ServiceHost.exe0
Faulting application path: Avira.ServiceHost.exe1
Faulting module path: Avira.ServiceHost.exe2
Report Id: Avira.ServiceHost.exe3

Error: (08/01/2015 09:02:47 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])


System errors:
=============
Error: (08/04/2015 08:29:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (08/04/2015 08:29:15 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (08/04/2015 08:29:04 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (08/04/2015 08:29:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (08/04/2015 08:28:05 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:58:57 AM on ‎8/‎4/‎2015 was unexpected.

Error: (08/04/2015 11:59:12 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ASPIRE_5741Z
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{35EFCF5D-2BE8-41CA-A21F-2607232AF611}.
The master browser is stopping or an election is being forced.

Error: (08/03/2015 12:29:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (08/03/2015 12:29:14 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (08/03/2015 12:29:11 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (08/03/2015 12:29:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.


Microsoft Office Sessions:
=========================
Error: (08/04/2015 08:29:54 PM) (Source: Application Error)(User: )
Description: Avira.Systray.exe1.1.42.1041555951d10KERNELBASE.dll6.1.7601.18869556363bce04343520000c42de3c01d0cf2edda78160C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeC:\Windows\syswow64\KERNELBASE.dll3ccda0c0-3b22-11e5-8cc3-90e6ba8717b0

Error: (08/04/2015 08:29:39 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (08/04/2015 08:29:39 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])

Error: (08/04/2015 11:50:26 AM) (Source: Application Error)(User: )
Description: Avira.Systray.exe1.1.42.1041555951d10KERNELBASE.dll6.1.7601.18869556363bce04343520000c42d244001d0cee66a81b630C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeC:\Windows\syswow64\KERNELBASE.dllaad30310-3ad9-11e5-a6e4-90e6ba8717b0

Error: (08/04/2015 11:50:24 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (08/03/2015 12:29:44 PM) (Source: Application Error)(User: )
Description: Avira.ServiceHost.exe1.1.42.1041555951cdfKERNELBASE.dll6.1.7601.18869556363bce04343520000c42df5001d0ce22affdeb80C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dllfdc0b7d0-3a15-11e5-a6e4-90e6ba8717b0

Error: (08/03/2015 12:29:28 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])

Error: (08/01/2015 09:03:02 PM) (Source: Application Error)(User: )
Description: Avira.Systray.exe1.1.42.1041555951d10KERNELBASE.dll6.1.7601.18869556363bce04343520000c42de7401d0ccd8047dbd80C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeC:\Windows\syswow64\KERNELBASE.dll5e5b3b70-38cb-11e5-a835-90e6ba8717b0

Error: (08/01/2015 09:03:02 PM) (Source: Application Error)(User: )
Description: Avira.ServiceHost.exe1.1.42.1041555951cdfKERNELBASE.dll6.1.7601.18869556363bce04343520000c42d111001d0ccd8152cace0C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dll5e5b1460-38cb-11e5-a835-90e6ba8717b0

Error: (08/01/2015 09:02:47 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: NLog.NLogConfigurationException
Stack:
   at NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean)
   at NLog.Config.XmlLoggingConfiguration..ctor(System.String)
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost..ctor()
   at Avira.OE.ServiceHost.Program.RunService(System.Collections.Generic.IEnumerable`1<System.String>)
   at Avira.OE.ServiceHost.Program.Main(System.String[])


=========================== Installed Programs ============================

Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.1_1.0 - Thom Robertson)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2008628478.48.56.11799786 - Audible, Inc.)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{B4A68153-E9A2-4BC1-96C3-BEE5F56E788D}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio Add-in for Adobe FXG Import (HKLM-x32\...\{834B6E00-F509-40F2-A677-E86261184576}) (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version:  - )
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 5.2.91 - Covenant Eyes, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
EASy68K v5.15.02 (HKLM-x32\...\EASy68K) (Version: v5.15.02 - Professor Kelly)
Edraw Max 6.3 (HKLM-x32\...\Edraw Max_is1) (Version:  - EdrawSoft)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
FileLocator Lite x64 (HKLM\...\{BA37CA0B-6815-46A7-8493-0061FD96EC1A}) (Version: 7.0.828.1 - Mythicsoft Ltd)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.2 (HKLM-x32\...\foobar2000) (Version: 1.2 - Peter Pawlowski)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
Glance 2.7 (HKLM-x32\...\Glance_is1) (Version:  - Glance Networks, Inc.)
GPL Ghostscript 8.64 (HKLM\...\GPL Ghostscript 8.64) (Version:  - )
Grabilla (HKCU\...\Grabilla) (Version: 1.23.0.0 - grabilla.com)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.1.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Color LaserJet Pro MFP M177 (HKLM-x32\...\{78461e2a-5016-4b73-967b-20581efe6a2e}) (Version: 8.0.13192.930 - Hewlett-Packard)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM177DSService (HKLM-x32\...\{16E34867-E672-4949-AC92-77F9CCB0C0D7}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPCLJProMFPM177 (HKLM-x32\...\{1120F88C-2B16-43F6-86FC-E9A42A999217}) (Version: 0.00.0001 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{C1223A79-3983-4877-B162-75031E7CE322}) (Version: 3.0.26.39 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM177 (HKLM-x32\...\{B2654649-4D7B-43DC-8A05-867933FA54E3}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM176LaserJetService (HKLM-x32\...\{C79999B9-4522-470B-8A71-2355AA0C8B9B}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM177 (HKLM-x32\...\{092FCD1C-5203-4BD1-B4F4-0F0C6B237A6A}) (Version: 080.046.00111 - Hewlett-Packard) Hidden
IntelliJ IDEA 14.1.1 (HKLM-x32\...\IntelliJ IDEA 14.1.1) (Version: 141.178.9 - JetBrains s.r.o.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Learning Ally Audiobook Manager (HKCU\...\LearningAllyAudiobookManager) (Version: 1.1.0.28 - Learning Ally)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
LogMeIn Hamachi (HKLM-x32\...\{B8E7EF80-9719-4EEB-944D-E68D1F3DFA7B}) (Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MechWarrior Black Knight (HKLM-x32\...\MechWarrior Black Knight) (Version:  - )
MechWarrior Online (HKCU\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (HKLM-x32\...\{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}) (Version: 1.2.0.0 - Piranha Games Inc.) Hidden
MechWarrior Vengeance (HKLM-x32\...\MechWarrior Vengeance) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Threat Modeling Tool 2014 (HKLM-x32\...\{03E0398F-A15D-4C0F-A4A2-D259E97C9AC4}) (Version: 6.1.2000.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft VisioModeler 3.1 (HKLM-x32\...\VisioModelerv3.1) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 7.3.1 (HKLM\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org)
NowSmart Cut (HKLM-x32\...\{95769100-3972-4D75-ADA8-348A4649D431}) (Version: 1.0.10728 - NowSmart)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
RFB&D Download Manager (HKLM-x32\...\RFB&D Download Manager_is1) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.304 - SanDisk Corporation)
SDL MiniFuzz (HKLM-x32\...\{F9132DF8-EA0E-4246-9060-E02BA1965DC2}) (Version: 01.05.0500 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TagScanner 5.1.602 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Thief 2 - The Metal Age  (Remove Only) (HKLM-x32\...\Thief 2 - The Metal Age) (Version: 1.18 - Mastertronic Group Ltd.)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
Wave Editor 3.2.0.8 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.0.8 - AbyssMedia.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version:  - )
Windows Media Player Plus! 2.5 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.5 - BM-productions)
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
WMP Tag Plus version 2.1 (HKLM-x32\...\{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1) (Version: 2.1 - BM-productions)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

**** End of log ****

 

 

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 21:45:48

# Updated 09/07/2015 by Xplode

# Database : 2015-07-09.2 [Local]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Family - P6247C

# Running from : C:\Users\Family\Downloads\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8B6684F-2004-44A2-885A-350B37C3861C}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17909

 

 

-\\ Mozilla Firefox v39.0 (x86 en-US)

 

 

*************************

 

AdwCleaner[R0].txt - [5360 bytes] - [04/08/2015 21:14:58]

AdwCleaner[R1].txt - [5226 bytes] - [04/08/2015 21:36:24]

AdwCleaner[S0].txt - [5137 bytes] - [04/08/2015 21:45:48]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5196  bytes] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Family on Tue 08/04/2015 at 21:23:59.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{927BD2E1-2287-49D2-AE71-95F492CE662E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A8B6684F-2004-44A2-885A-350B37C3861C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A8B6684F-2004-44A2-885A-350B37C3861C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{0BA18835-5A00-44C5-9CC8-BBF8E705B7D5}
Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{10D20C70-C791-4154-A341-069BCB864620}
Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{343557F6-44DE-47F1-9F43-7692C26A8014}
Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{49A99D39-4A3D-44E6-9FFF-44CAC65FF346}
Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{99DBF9A9-7E60-42C8-9B35-097B918710EE}
Successfully deleted: [Empty Folder] C:\Users\Family\Appdata\Local\{E67BDBDA-156E-4003-8099-5B3F2D21C69A}



~~~ FireFox

Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\kwzmny2q.default\minidumps [120 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/04/2015 at 21:34:31.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

ESET Results

C:\Users\Family\Downloads\FAE.exe      Win32/Tsingsoft.A potentially unwanted application   deleted - quarantined

C:\Users\Family\Downloads\Anti-spyware\zaSetupWeb_101_079_000.exe Win32/Toolbar.Conduit potentially unwanted application  deleted - quarantined

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/5/2015

Scan Time: 7:05 AM

Logfile:

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.08.05.04

Rootkit Database: v2015.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Family

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 457404

Time Elapsed: 49 min, 36 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


Edited by Cartographer7, 05 August 2015 - 03:16 PM.


#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 05 August 2015 - 05:45 PM

Has your antivirus started working again?



#10 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 12 August 2015 - 08:53 AM

 It has.

 

(Sorry for the slow reply, I've been out of town without internet access.)



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 12 August 2015 - 05:10 PM

That's good, your computer appears to be malware free. Let's cleanup.

 

Please download and run Delfix, please check

  • remove tools
  • purge restore points

and then run the tool. You can now create a new restore point to get back to this "happy" place.

 

To ensure there are no additional malicious files remaining in temp files please install and run CCleaner. This is a good application to have on hand for every healthy Windows pc.

 

When running this tool please opt out of registry cleanups, they are unnecessary and can do more damage than good. If you feel compelled to do the registry clean make sure you back up your registry first.

 

All good now? Any questions?

 

TsVk!



#12 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 12 August 2015 - 06:28 PM

Well, I'm still feeling a little paranoid since the initial strange behavior is still unexplained. But if all reasonable checks have been made, I think I can get over it.

 

Thank you very much for help!



#13 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 12 August 2015 - 06:40 PM

Actually, I have one final question: When poking around in my computer, I noticed that the Malwarebytes service (MBAMService) was stopped, even though it is supposed to run automatically. It also shut itself down when I tried to start it, and didn't start when I opened Malwarebytes. Is this ok?



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:43 PM

Posted 12 August 2015 - 09:31 PM

The behavior of MBAM is definitely of concern... there is nothing that I found that suggests a persistent infection in your logs so you would need to perform some deeper scans to identify the issue.

 

Please follow this guide and create a new topic in the Malware Removal Logs section. Please link this topic to give your helper as much information as possible to assist you.

 

TsVk!



#15 Cartographer7

Cartographer7
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 02 September 2015 - 10:35 PM

Hi TsVk!,
 
I decided to double check the behavior over on the MalwareBytes forum. Just so you know, it turns out that the service only runs for the paid version of the product, and I'm using the free version. So in my case there's no cause for concern.

 

Thanks again for you help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users