Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Your Computer is Low on Memory". (Constant hangs.)


  • This topic is locked This topic is locked
17 replies to this topic

#1 JohnEss

JohnEss

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 20 September 2015 - 12:15 PM

Hello! I sure could use your help. My one-year-old laptop has been working slower and slower. Programs and internet pages are constantly hanging. The operating system is Windows 7. I frequently get messages, such as "Warning: Unresponsive script"; "Microsoft Word not responding"; "Shockwave Flash may be busy or it may have stopped working"; "Firefox not responding"; and increasingly frequently: "Your computer is low on memory. Save your files and close these programs."
 
I originally had Avast, but I uninstalled it, because it seems to slow down my computer when browsing the internet. When I originally downloaded "Commodo" there were some extra things that I didn't want, like a separate browser and something called "GeekBuddy." I uninstalled those extras.
 
At one point, in order to speed up the Firefox browser, I experimented by unchecking the option "Tell sites that I do not want to be tracked".
 
I ran SuperAnti-Spyware and MalwareBytes. Initially Super Anti-Spyware found about 20-30 adware cookies, but MalwareBytes found nothing. I then ran SpyBot last night, which came up with 471 tracking cookies, plus some registry changes and registry keys. I regularly run Piriform CC Cleaner, although I have noticed that when I click on the icon, nothing happens and I keep clicking. Then, all of a sudden 4 distinct CC Cleaner websites open up simultaneously!
 
Incidentally, I use JustCloud to back up my computer. Many anti-spyware programs always try to delete the JustCloud files, especially JunkRemovalTool. If you can instruct me on how to prevent this before we run various scans, I'd appreciate it. Below is my FRST.txt and attached is Addition.txt.
 
Thank you very much for your help.
 
John
 
+++++++++++++++++++++++++++++++++++++++++++++++
 
FRST.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Beckham (administrator) on BECKHAM-PC (20-09-2015 19:18:51)
Running from C:\Users\Beckham\Downloads
Loaded Profiles: Beckham (Available Profiles: Beckham)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hide My IP) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\JustCloud\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-791048534-880053068-3747775147-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\HMIPCore.dll [353280 2015-03-03] (Hide My IP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\HMIPCore.dll [353280 2015-03-03] (Hide My IP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\HMIPCore.dll [353280 2015-03-03] (Hide My IP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\HMIPCore.dll [353280 2015-03-03] (Hide My IP)
Winsock: Catalog9 15 C:\Windows\SysWOW64\HMIPCore.dll [353280 2015-03-03] (Hide My IP)
Winsock: Catalog9-x64 01 C:\Windows\system32\HMIPCore64.dll [460288 2015-03-03] (Hide My IP)
Winsock: Catalog9-x64 02 C:\Windows\system32\HMIPCore64.dll [460288 2015-03-03] (Hide My IP)
Winsock: Catalog9-x64 03 C:\Windows\system32\HMIPCore64.dll [460288 2015-03-03] (Hide My IP)
Winsock: Catalog9-x64 04 C:\Windows\system32\HMIPCore64.dll [460288 2015-03-03] (Hide My IP)
Winsock: Catalog9-x64 15 C:\Windows\system32\HMIPCore64.dll [460288 2015-03-03] (Hide My IP)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8A1C78A8-97BC-4ACD-BFD7-C18B9B5CA2AD}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-791048534-880053068-3747775147-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ru-ru/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-08] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Beckham\AppData\Roaming\Mozilla\Firefox\Profiles\izuuqna4.default-1439894976403
FF DefaultSearchEngine: Yahoo
FF Homepage: www.google.com/advanced_search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: QuickJava - C:\Users\Beckham\AppData\Roaming\Mozilla\Firefox\Profiles\izuuqna4.default-1439894976403\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-09-09]
 
Chrome:
=======
CHR Profile: C:\Users\Beckham\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 BackupStack; C:\Program Files (x86)\JustCloud\BackupStack.exe [57768 2015-05-29] () <==== ATTENTION
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [4341760 2015-04-26] (Hide My IP) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapwp01; C:\Windows\System32\DRIVERS\tapwp01.sys [40664 2014-12-11] (The OpenVPN Project)
S3 wmdusbser; C:\Windows\System32\DRIVERS\wmdusbser.sys [154240 2010-06-11] (WeTelecom Incorporated)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-20 19:18 - 2015-09-20 19:19 - 00010745 _____ C:\Users\Beckham\Downloads\FRST.txt
2015-09-20 19:12 - 2015-09-20 19:19 - 00000000 ____D C:\FRST
2015-09-20 19:10 - 2015-09-20 19:10 - 02191360 _____ (Farbar) C:\Users\Beckham\Downloads\FRST64.exe
2015-09-20 19:10 - 2015-09-20 19:10 - 00001776 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-09-20 15:29 - 2015-09-20 15:29 - 00509440 _____ (Tech Support Guy System) C:\Users\Beckham\Downloads\SysInfo.exe
2015-09-20 12:14 - 2015-09-20 12:14 - 00108840 _____ C:\Users\Beckham\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-20 12:12 - 2015-09-20 18:13 - 00000112 _____ C:\Windows\setupact.log
2015-09-20 12:12 - 2015-09-20 12:12 - 00408928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-20 12:12 - 2015-09-20 12:12 - 00000000 _____ C:\Windows\setuperr.log
2015-09-20 02:41 - 2015-09-20 02:41 - 00013453 _____ C:\Users\Beckham\Desktop\Spybot Scan Results.150920-0240.txt
2015-09-20 00:51 - 2015-09-20 00:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-20 00:51 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-20 00:34 - 2015-09-20 00:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-09-20 00:29 - 2015-09-20 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-20 00:29 - 2015-09-20 00:29 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-20 00:29 - 2015-09-20 00:29 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-20 00:28 - 2015-09-20 02:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-20 00:28 - 2015-09-20 00:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-20 00:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-19 20:53 - 2015-09-19 20:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Beckham\Downloads\spybot-2.4.exe
2015-09-13 14:01 - 2015-09-20 19:12 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-09-13 14:01 - 2015-09-13 14:01 - 00001872 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk
2015-09-13 14:01 - 2015-09-13 14:01 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2015-09-13 13:59 - 2015-09-13 13:59 - 00000000 ____D C:\ProgramData\Shared Space
2015-09-13 13:55 - 2015-09-18 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-13 13:55 - 2015-09-18 18:43 - 00000000 ____D C:\Program Files\COMODO
2015-09-13 13:54 - 2015-09-13 13:54 - 00000000 ____D C:\Users\Beckham\AppData\Local\Comodo
2015-09-13 13:50 - 2015-09-13 14:01 - 00000000 ____D C:\ProgramData\Comodo
2015-09-13 13:01 - 2015-09-13 13:01 - 00000000 ____D C:\e118ef840b4fd009dc43
2015-09-13 13:00 - 2015-09-20 19:05 - 00731549 _____ C:\Windows\WindowsUpdate.log
2015-09-11 12:43 - 2015-09-11 12:43 - 00000000 ____D C:\Users\Beckham\Tracing
2015-09-11 12:41 - 2015-09-11 12:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-11 12:41 - 2015-09-11 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-08 16:04 - 2015-09-08 16:04 - 00000000 ____D C:\Users\Beckham\AppData\Roaming\Sun
2015-09-08 16:04 - 2015-09-08 16:04 - 00000000 ____D C:\Users\Beckham\.oracle_jre_usage
2015-09-08 15:37 - 2015-09-18 18:39 - 00007610 _____ C:\Users\Beckham\AppData\Local\Resmon.ResmonCfg
2015-09-03 12:52 - 2015-09-03 12:52 - 00579408 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-09-03 12:52 - 2015-09-03 12:52 - 00445472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-08-28 17:33 - 2015-08-28 17:33 - 00072632 _____ C:\Users\Beckham\Downloads\28-08-2015_14-28-04.zip
2015-08-28 16:05 - 2015-08-29 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 16:34 - 2015-08-27 16:34 - 00052736 _____ C:\Users\Beckham\Documents\Rescue2.asd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-20 19:05 - 2014-03-17 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-20 19:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-20 18:13 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-20 17:09 - 2009-08-03 20:13 - 00647582 _____ C:\Windows\system32\perfh019.dat
2015-09-20 17:09 - 2009-08-03 20:13 - 00124870 _____ C:\Windows\system32\perfc019.dat
2015-09-20 17:09 - 2009-07-14 08:13 - 01615454 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-20 12:13 - 2015-07-17 13:36 - 00003728 _____ C:\Windows\SysWOW64\HideMyIpSRVOff.ini
2015-09-20 12:13 - 2015-07-17 12:24 - 00003728 _____ C:\Windows\system32\HideMyIpSRVOff.ini
2015-09-20 08:28 - 2014-04-17 14:33 - 00000000 ____D C:\Users\Beckham\Documents\Registry Backups
2015-09-19 20:03 - 2015-08-03 00:17 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-19 01:29 - 2015-07-26 15:49 - 00000000 ____D C:\Users\Beckham\AppData\Roaming\vlc
2015-09-18 23:00 - 2009-07-14 07:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-18 23:00 - 2009-07-14 07:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-18 22:55 - 2014-03-17 19:05 - 00000000 ____D C:\Users\Beckham\AppData\Roaming\Skype
2015-09-18 22:00 - 2014-03-17 18:15 - 00000000 ____D C:\Users\Beckham\AppData\Roaming\uTorrent
2015-09-13 16:25 - 2014-05-19 22:04 - 00001046 _____ C:\Users\Beckham\Desktop\µTorrent.lnk
2015-09-13 13:41 - 2015-03-11 14:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-13 12:57 - 2014-03-17 18:23 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-13 12:39 - 2015-07-26 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-11 12:43 - 2014-03-17 22:42 - 00000000 ____D C:\Users\Beckham
2015-09-11 12:42 - 2014-03-17 19:05 - 00000000 ____D C:\ProgramData\Skype
2015-09-11 12:41 - 2014-03-17 19:05 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-08 16:03 - 2015-07-26 15:23 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-08 16:02 - 2015-07-26 15:21 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 09:20 - 2014-03-17 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-21 19:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-08-21 03:40 - 2014-03-17 23:32 - 00000000 ____D C:\Windows\Panther
 
==================== Files in the root of some directories =======
 
2014-07-22 19:36 - 2015-08-06 15:35 - 0011264 _____ () C:\Users\Beckham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-22 16:11 - 2015-03-11 14:48 - 0004096 ____H () C:\Users\Beckham\AppData\Local\keyfile3.drm
2015-09-08 15:37 - 2015-09-18 18:39 - 0007610 _____ () C:\Users\Beckham\AppData\Local\Resmon.ResmonCfg
2014-03-30 11:09 - 2014-03-30 11:09 - 0000000 _____ () C:\Users\Beckham\AppData\Local\{DD3CC8EC-F959-48A7-9DB6-3A9201E8B7E9}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 12:11
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Beckham (2015-09-20 19:21:12)
Running from C:\Users\Beckham\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-17 19:42:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-791048534-880053068-3747775147-500 - Administrator - Disabled)
Guest (S-1-5-21-791048534-880053068-3747775147-501 - Limited - Disabled)
Beckham (S-1-5-21-791048534-880053068-3747775147-1000 - Administrator - Enabled) => C:\Users\Beckham

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-791048534-880053068-3747775147-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
COMODO Antivirus (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
f.lux (HKU\S-1-5-21-791048534-880053068-3747775147-1000\...\Flux) (Version: - )
Hide My IP 6 (HKLM-x32\...\HIDEMYIP_is1) (Version: - My Privacy Tools, Inc)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JustCloud 1.0.0 (HKLM\...\JustCloud) (Version: 1.0.0 - JustCloud)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Subliminal Messages (HKLM-x32\...\{5583D2D0-C960-441C-ACA7-3A0E06C471EC}) (Version: 1.1.2.0 - Mind of Winner)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 1.3 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-09-2015 18:29:48 Scheduled Checkpoint
12-09-2015 12:32:32 Scheduled Checkpoint
13-09-2015 12:37:05 Removed Java 8 Update 51
13-09-2015 12:45:25 avast! antivirus system restore point
13-09-2015 13:56:31 Installing COMODO Antivirus
13-09-2015 14:00:02 Device Driver Package Install: COMODO Network Service
18-09-2015 18:41:13 Removed GeekBuddy.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ABAAC43-BCA4-47D3-B1FE-0BAC15492361} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0CE97D7B-3EBA-4175-8370-DEE7C645448D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {163F7C4E-6A58-4388-86D3-74620A1A2DDE} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {2D52AF6E-C8E5-447E-82F2-EE9EBF80FEAC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {7F2F1755-B33B-4A5E-920D-CB523C7DB8D1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {81FD2D09-E036-4283-8B25-E5CB654393EE} - System32\Tasks\LaunchApp => C:\Program Files (x86)\JustCloud\JustCloud.exe [2015-05-29] ()
Task: {8F38C5BC-6AEA-43CC-8D23-6E2A4FB202B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {98D614F2-E463-4B17-8E28-9757592C99F3} - System32\Tasks\avastBCLRestartS-1-5-21-791048534-880053068-3747775147-1000 => Firefox.exe
Task: {A05B8D78-CAB4-4A74-A1C4-C7E455969B93} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {A7D758E5-6826-4D98-98BF-4A8791F9670F} - \SUPERAntiSpyware Scheduled Task e8827d29-233c-4811-be2b-d01cfe691fa9 -> No File <==== ATTENTION
Task: {C2F2A3F9-9300-437F-A979-954AEFEEACB2} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {C6C339E2-BD57-41F9-B8B4-06EFEF0CA15D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {C88CC915-B4D1-4F34-A4ED-5E5539264792} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {F598CF77-CE34-4D5C-9398-A6F16E40DB4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-06-24 19:58 - 2015-05-29 18:48 - 00057768 _____ () C:\Program Files (x86)\JustCloud\BackupStack.exe
2015-06-24 19:58 - 2015-05-29 18:46 - 01439232 _____ () C:\Program Files (x86)\JustCloud\Shared Stack.dll
2015-06-24 19:58 - 2015-05-29 18:34 - 00191488 _____ () C:\Program Files (x86)\JustCloud\MPCBClient.dll
2015-06-24 19:58 - 2015-05-29 18:34 - 00270336 _____ () C:\Program Files (x86)\JustCloud\AlphaFS.dll
2015-06-24 19:58 - 2015-05-29 18:34 - 00044544 _____ () C:\Program Files (x86)\JustCloud\UIKit.dll
2015-06-24 19:58 - 2015-05-29 18:34 - 00236032 _____ () C:\Program Files (x86)\JustCloud\websocket-sharp.dll
2015-06-24 19:58 - 2015-05-29 18:34 - 00060928 _____ () C:\Program Files (x86)\JustCloud\LinqBridge.dll
2015-09-20 00:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-20 00:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-20 00:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-20 00:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-20 00:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Beckham\Downloads\egyutt_2012_6.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\egyutt_2012_6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\Gloria Victis (poets).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\Gloria Victis (poets).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\1956.doc:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\1956.doc:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\English.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\English.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\spybot-2.4.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\Szesztay.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\Szesztay.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\SZSM_Kozl_43_Forradalom__pages0-24.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Beckham\Downloads\zdanovich_a_a_bylinin_v_k_gasanov_v_k_korotaev_v_i_lashkul_v.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Beckham\Downloads\zdanovich_a_a_bylinin_v_k_gasanov_v_k_korotaev_v_i_lashkul_v.pdf:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HideMyIpSRV => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-791048534-880053068-3747775147-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beckham\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Beckham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JustCloud.lnk => C:\Windows\pss\JustCloud.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: f.lux => "C:\Users\Beckham\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LoadMdm => C:\Program Files (x86)\Wetelecom\LoadMdm.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WiFiProtLauncher => C:\Program Files (x86)\WiFi Protector\WiFiProtLauncher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D0A28702-3F1E-46A7-9309-FB65A061D179}] => (Allow) C:\Users\Beckham\Downloads\uTorrent.exe
FirewallRules: [{0ADC3341-32F0-4F7E-AC50-9673ABB4F8E9}] => (Allow) C:\Users\Beckham\Downloads\uTorrent.exe
FirewallRules: [{918D9B05-D1FC-459B-AAC6-AA74A2357459}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{454CAF0A-E5D7-4092-8481-F4BA3377A5B8}] => (Allow) C:\Users\Beckham\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C3A7457-EFB3-46D1-B864-966CC0398078}] => (Allow) C:\Users\Beckham\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10DCA182-A66E-481B-9032-760EAF753A7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C704687D-02DE-4269-BCC2-60C9CD3C1F52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1C1BCC0-8632-4677-9A6A-E5579A833265}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D7CBC201-3413-4D43-8BDA-A94D3D3DFE4B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{60B8983E-9D2A-40DB-8BFA-CC49AA19FE91}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe
FirewallRules: [{D6CBE689-6528-4FDC-A41F-22F149883E98}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
FirewallRules: [{7F9BBC22-9347-430F-95EF-1905E4E8CCE7}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe
FirewallRules: [{D470F09C-C153-4638-872D-CA932FC746AE}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
FirewallRules: [{6D0D326E-E158-46D8-BAFC-F7EB09D8B3B4}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe
FirewallRules: [{E0298542-813E-4DCA-92AC-147A32BFD30E}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2015 06:13:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/20/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0x5ba0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/20/2015 05:15:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 40.0.3.5716 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1318

Start Time: 01d0f3857b1a4dce

Termination Time: 32810

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: dc318bc5-5fa1-11e5-8156-208984f6220d

Error: (09/20/2015 03:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmdagent.exe, version: 8.2.0.4703, time stamp: 0x55e81659
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x00000000000586ed
Faulting process id: 0x3fc
Faulting application start time: 0xcmdagent.exe0
Faulting application path: cmdagent.exe1
Faulting module path: cmdagent.exe2
Report Id: cmdagent.exe3

Error: (09/20/2015 12:14:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-791048534-880053068-3747775147-1000}/">.

Error: (09/20/2015 12:13:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/20/2015 12:13:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/20/2015 12:13:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/20/2015 12:13:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (09/20/2015 12:13:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/20/2015 05:20:45 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (09/20/2015 04:48:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 04:41:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TMD-DTZ88I3JPRT
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 04:36:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 04:24:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 04:12:07 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 04:00:16 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 03:47:42 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 03:35:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MICROSOF-F187CE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D48C5B1C-CC9A-4F9A-99BC-80853280C5BE}.
The master browser is stopping or an election is being forced.

Error: (09/20/2015 03:24:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD E1-2100 APU with Radeon™ HD Graphics
Percentage of memory in use: 84%
Total physical RAM: 1485.36 MB
Available physical RAM: 229.53 MB
Total Virtual: 4970.73 MB
Available Virtual: 3294.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:107.81 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:315.66 GB) (Free:255.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 25 September 2015 - 08:35 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 25 September 2015 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/591009 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:55 PM

Posted 25 September 2015 - 08:32 PM

Greetings John and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. It appears your syptoms are related to the lack of available memory rather than associated with malware. Your computer needs more memory to function properly.

Percentage of memory in use: 84%
Total physical RAM: 1485.36 MB
Available physical RAM: 229.53 MB


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {A7D758E5-6826-4D98-98BF-4A8791F9670F} - \SUPERAntiSpyware Scheduled Task e8827d29-233c-4811-be2b-d01cfe691fa9 -> No File <==== ATTENTION
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 September 2015 - 05:02 AM

Dear Gary,

 

God bless you. You are going to Heaven.

 

I have uninstalled UTorrent.

 

Below is the Fixlog.txt.  I will do the ESET thing next.

 

Thank you for your help.

 

John

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Smith (2015-09-27 12:43:25) Run:1
Running from C:\Users\Smith\Downloads
Loaded Profiles: Smith (Available Profiles: Smith)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {A7D758E5-6826-4D98-98BF-4A8791F9670F} - \SUPERAntiSpyware Scheduled Task e8827d29-233c-4811-be2b-d01cfe691fa9 -> No File <==== ATTENTION
emptytemp:
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7D758E5-6826-4D98-98BF-4A8791F9670F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7D758E5-6826-4D98-98BF-4A8791F9670F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task e8827d29-233c-4811-be2b-d01cfe691fa9" => key removed successfully
EmptyTemp: => 176.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:43:49 ====



#5 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 September 2015 - 10:59 AM

Hi Gary.

 

Below is the ESET Log. It looks like some of my files for JustCloud have been deleted, which is my cloud backup. Every time I run some kind of anti-malware program, these files always get deleted and I have to reinstall my Cloud software. Is there any way to avoid this?

 

Thank you for your help.

 

John

 

ESET Log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\JustCloud\JustCloud.exe.vir    a variant of MSIL/MyPCBackup.H potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\JustCloud\JustCloud.exe    a variant of MSIL/MyPCBackup.H potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Smith\Downloads\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
D:\Downloads\defragsetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
D:\Downloads\JustCloud_Setup.exe    MSIL/MyPCBackup.D potentially unwanted application    deleted - quarantined
D:\My Data Sources\Duplicate Finder\duplicate-file-finder-setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted - quarantined
D:\My Data Sources\Subtitle Searcher\MovieSubtitlesSearcher.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
D:\My Data Sources\Subtitles Player\OpenSubtitlesPlayer.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
 



#6 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 September 2015 - 11:28 AM

Hi Gary. Here is my Security Log:

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 8 Update 51  
 Java 8 Update 60  
 Adobe Flash Player 19.0.0.185  
 Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Thank you again for your help!

 

John



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:55 PM

Posted 27 September 2015 - 02:38 PM

Hi John,

Thanks for your kindness.

The deletion of JustCloud might be different depending on the program you are running. Some of the programs will allow you to specify which entries you want to delete/quarantine and which to leave alone. For most programs there is an option to dequarantine items if they were moved.

The problem with JustCloud is that it is sometimes packaged with other software and installed without a user's specific consent. It is therefore considered a Potentially Unwanted Application. 

D:\Downloads\JustCloud_Setup.exe MSIL/MyPCBackup.D potentially unwanted application


Everything looks good. Are you having any other issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 September 2015 - 10:34 PM

Thank Gary. How can you tell me what the problems were that you detected, and how I can avoid them in the future?

 

 

Did we fix the memory problem? Can we check it once more?

 

How exactly do I go about adding more RAM? Can it be bought over the internet, or do I need to bring the laptop in to a store?

 

Thanks again for your help!

 

John

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:55 PM

Posted 27 September 2015 - 11:04 PM

Hi John,

The entries we cleaned up were not anything to be concerned about. The only thing you can do is add more memory.

I am ending for the evening but please do this and I will review it in the morning to see if I can provide some direction to help you add more memory.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 28 September 2015 - 04:33 AM

Hi Gary. Here is the System Summary report. I am still getting constant messages like "Shockflash is not responding"...."MS Word is not responding"...."Firefox is not responding"......"Unresponsive script." Etcetera. The computer is running very slowly, despite the fact that it is only one year old. I also have the fastest internet connection available in the region, paying top dollar. Is this solely a problem of low memory? If so, I would really appreciate it if you could walk me through how to add RAM to this computer. Thank you very much for your help! 

 

John

 

OS Name        Microsoft Windows 7 Ultimate

Version           6.1.7601 Service Pack 1 Build 7601

Other OS Description             Not Available

OS Manufacturer        Microsoft Corporation

System Name SMITH-PC

System Manufacturer LENOVO

System Model 20240

System Type   x64-based PC

Processor        AMD E1-2100 APU with Radeon™ HD Graphics, 1000 Mhz, 2 Core(s), 2 Logical Processor(s)

BIOS Version/Date     LENOVO 82CN21WW(V2.01), 9/5/2013

SMBIOS Version        2.7

Windows Directory    C:\Windows

System Directory       C:\Windows\system32

Boot Device    \Device\HarddiskVolume1

Locale United States

Hardware Abstraction Layer  Version = "6.1.7601.17514"

User Name      Smith-PC\Smith

Time Zone      FLE Daylight Time

Installed Physical Memory (RAM)   2.00 GB

Total Physical Memory          1.45 GB

Available Physical Memory  476 MB

Total Virtual Memory            4.85 GB

Available Virtual Memory     3.09 GB

Page File Space          3.40 GB

Page File         C:\pagefile.sys



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:55 PM

Posted 28 September 2015 - 09:50 AM

Hi John,

Could you please attach the System Summary report? If you follow the steps above it should create a more substantial report for me to review.

We can continue to examine your computer to make sure it is clean but Microsoft says the bare minimum your system needs in order to run is 2 GB of ram. Think of it this way. A Prius is fine going uphill but if you start to tow something, like a tractor, it doesn't have enough guts to get the job done like you would like. You may make it but it will be awfully slow going and it may even have to stop now and again to regroup.

Let's run another program to take a look at your system.

===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary report
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 28 September 2015 - 02:45 PM

Hi Gary.

 

I'm sorry. Did I not do the System Summary right? I will try it again. My apologies.

 

A few hours ago I took this laptop down to a small computer shop. The technician added 8 GB of RAM.

 

Can you check to see that everything is all right? It's late at night here, so tomorrow I will submit the two  tests, 1) system summary report and 2) Zoek report tomorrow.

 

I do appreciate your very clear instructions.

 

I am curious how one's RAM gets worn down in the first place. As I said, the laptop is only one year old. I mainly only do word processing. No games or fancy graphics requiring a lot of memory. The technician did find some cat fur and dust inside the machine. Would that slow down RAM?

 

Thank you very much for your help. I'll get back to you again soon.

 

John



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:55 PM

Posted 28 September 2015 - 05:06 PM

It isn't the age of the computer, it is the lack of sufficient resources. I would imagine your computer should run better now.

Cat hair could cause overheating because of the lack of airflow but we would usually see a computer freezing and/or abrupt shutdowns rather than hanging and getting the notification you have been getting.

BTW, good morning! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 29 September 2015 - 11:14 AM

Hi Gary,

 

Here is the System Summary. I hope I did this right this time.

 

Under Software Environment, note the numerous Windows Error Reporting and Application Hangs! Do you know what is causing this?

 

So far today, since adding the 8 GB of RAM, I have not had any hangs, I'm happy to report.

 

I will do Zoek by Smeenk next.

 

Thank you very much for your help.

 

John

Attached Files



#15 JohnEss

JohnEss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 29 September 2015 - 01:53 PM

Hi Gary,

 

Here is the Zoek Summary. It looks like there are some missing files....

 

John

 

Zoek.exe v5.0.0.1 Updated 28-09-2015
Tool run by Smith on Tue 09/29/2015 at 19:20:28.36.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Smith\Downloads\zoek.exe [Scan all users]  [Checkboxes used]

==== System Restore Info ======================

9/29/2015 9:12:44 PM Zoek.exe System Restore Point Created Successfully.

==== Running Processes ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe
C:\Users\Smith\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 9678 MB
CPU Info: AMD E1-2100 APU with Radeon™ HD Graphics
CPU Speed: 1025.3 MHz
Sound Card: Speakers (2- High Definition Au |
Display Adapters: AMD Radeon HD 8210 | AMD Radeon HD 8210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: TV 9 | 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter | Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (E: | ) E: PLDS    DVD-RW DS8A9SH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Mouse Present
Hard Disks: C:  150.0GB | D:  315.7GB
Hard Disks - Free: C:  93.7GB | D:  255.6GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 09/05/13 | HPQOEM - 1
Time Zone: FLE Standard Time
Motherboard *: LENOVO Lenovo G505
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
Default Browser: Firefox    40.0.3
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 40.0.3 (x86 en-US)
Sun Java version: 1.8.0_60 (32-bit)
Sun Java version: 1.8.0_60 (64-bit)
Flash Player version: 19.0.0.185

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Smith~1\AppData\Local\Temp ====
2015-09-27 10:19:05    560EDC0912BDB68290930E2542823A24    135760    ----a-w-    C:\Users\Smith\AppData\Local\Temp\ehdrv.sys
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-09-22 14:05:15    D145C05FF834730CD5A9C3B00F439976    18819272    ----a-w-    C:\Windows\SysWOW64\FlashPlayerInstaller.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-09-28 12:15:07    A590061E3F53895407E366C45FEFE22C    408928    ----a-w-    C:\Windows\Sysnative\FNTCACHE.DAT
2015-09-19 21:28:54    82446D358A9FB51CB9DA32A5C901D7A0    21040    ----a-w-    C:\Windows\Sysnative\sdnclean64.exe
====== C:\Windows\Sysnative\drivers =====
2015-09-20 16:10:46    D65E32DA40A5EC7FEA6E31522B167427    1776    ----a-w-    C:\Windows\Sysnative\drivers\fvstore.dat
2015-09-13 11:01:27    A355EB7C39B7D82763185D8817A6E303    1474832    ----a-w-    C:\Windows\Sysnative\drivers\sfi.dat
====== C:\Windows\Tasks ======
2015-09-19 21:34:00    --------    d-----w-    C:\Windows\Sysnative\Tasks\Safer-Networking
2015-09-13 11:01:38    --------    d-----w-    C:\Windows\Sysnative\Tasks\COMODO
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-09-19 21:51:32    --------    d-----w-    C:\Program Files\Common Files\AV
2015-09-13 10:55:29    --------    d-----w-    C:\Program Files\COMODO
======= C:\PROGRA~2 =====
2015-09-27 10:18:17    --------    d-----w-    C:\PROGRA~2\ESET
2015-09-11 09:41:50    --------    d-----w-    C:\PROGRA~2\COMMON~1\Skype
2015-09-11 09:41:47    --------    d-----r-    C:\PROGRA~2\Skype
2015-09-08 13:05:18    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Smith\AppData\Roaming ======
2015-09-28 12:16:32    C08CA5B1334A74203204A55A442CF903    108840    ----a-w-    C:\Users\Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 21:50:30    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2015-09-13 10:54:56    --------    d-----w-    C:\Users\Smith\AppData\Local\Comodo
2015-09-08 13:04:58    --------    d-----w-    C:\Users\Smith\AppData\Roaming\Sun
2015-09-08 13:01:50    --------    d-----w-    C:\Users\Smith\AppData\Locallow\Oracle
2015-09-08 12:37:02    DC4535F64F746F20A4765163A353BB10    7610    ----a-w-    C:\Users\Smith\AppData\Local\Resmon.ResmonCfg
====== C:\Users\Smith ======
2015-09-20 16:10:04    E0F80113E97C5E9C8530D28ED24FC042    2192384    ----a-w-    C:\Users\Smith\Downloads\FRST64.exe
2015-09-20 12:29:42    A94E2F637B9D3755B8FE3BA5ADBD7B8B    509440    ----a-w-    C:\Users\Smith\Downloads\SysInfo.exe
2015-09-13 10:59:18    --------    d-----w-    C:\ProgramData\Shared Space
2015-09-13 10:55:07    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-13 10:50:30    --------    d-----w-    C:\ProgramData\Comodo
2015-09-11 09:43:10    --------    d-----w-    C:\Users\Smith\Tracing
2015-09-11 09:41:50    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 10:09:48    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\.oracle_jre_usage
2015-09-08 13:04:56    --------    d-----w-    C:\Users\Smith\.oracle_jre_usage

====== C: exe-files ==
2015-09-27 10:18:23    F0B5FAE0268D84B1CE6EA3B98D4D69EB    331464    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-09-27 10:18:23    E78517BD20C282FBCA150D2B3ACCC760    2870984    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-09-27 10:18:23    B23901621E5BD2EF1AAC3E6E6CB9E7FF    422600    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-09-27 10:18:23    4B0F506ACF0A8AE6D6B3E4CF6778B722    122568    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-09-27 10:18:23    21B9AB1916917F9476B767F605345E62    532168    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
=== C: other files ==
2015-09-29 16:05:19    97E98807B42E956F6BFC35E8B00B23F3    65993    ----a-w-    C:\Users\Smith\Downloads\SUMMARY.zip
2015-09-28 20:15:26    5B97340299184EC34313F57A73D5F6F0    137735    ----a-w-    C:\Users\Smith\Downloads\24-09-2015_23-49-27.zip
2015-09-28 14:38:59    E96E565B2733E7725CF02F68E9E028D1    392    ----a-w-    C:\Users\Smith\AppData\Local\Temp\hds_control.vbs
2015-09-27 10:19:05    560EDC0912BDB68290930E2542823A24    135760    ----a-w-    C:\Users\Smith\AppData\Local\Temp\ehdrv.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-791048534-880053068-3747775147-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrobat Assistant 8.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat DC\\Acrobat\\Acrotray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Acrobat Synchronizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Acrobat Synchronizer"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat DC\\Acrobat\\AdobeCollabSync.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Synchronizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Synchronizer"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AdobeCollabSync.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f.lux]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="f.lux"
"hkey"="HKCU"
"command"="\"C:\\Users\\Smith\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LoadMdm]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LoadMdm"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Wetelecom\\LoadMdm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WiFiProtLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WiFiProtLauncher"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\WiFi Protector\\WiFiProtLauncher.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Smith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JustCloud.lnk]
"path"="C:\\Users\\Smith\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\JustCloud.lnk"
"backup"="C:\\Windows\\pss\\JustCloud.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\JUSTCL~1\\JUSTCL~1.EXE "
"item"="JustCloud"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/22/2015 05:05 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-791048534-880053068-3747775147-1000" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\LaunchApp" [C:\Program Files (x86)\JustCloud\JustCloud.exe]
"C:\Windows\SysNative\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Smith~1\AppData\Roaming\Mozilla\Firefox\Profiles\izuuqna4.default-1439894976403
user_pref("browser.startup.homepage", "www.google.com/advanced_search");
user_pref("browser.search.defaultenginename", "Yahoo");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Smith~1\AppData\Roaming\Mozilla\Firefox\Profiles\izuuqna4.default-1439894976403
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Smith\AppData\Roaming\Mozilla\Firefox\Profiles\izuuqna4.default-1439894976403
1A62BB86D17B8DC0D4339BACC8D60635    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll -    Shockwave Flash


==== Chromium Look ======================


undetermined - Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\WebNavigation.crx

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Old Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== HijackThis Entries ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D2D0DB6-BA20-4C6D-9B32-08CDBC576468}: NameServer = 10.0.0.1 91.224.178.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D2D0DB6-BA20-4C6D-9B32-08CDBC576468}: NameServer = 10.0.0.1 91.224.178.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Computer Backup (JustCloud) (BackupStack) - Unknown owner - C:\Program Files (x86)\JustCloud\BackupStack.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 09/29/2015 at 21:29:56.50 ======================
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users