Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovi/Gamegogle redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 Claytronic

Claytronic

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 12:27 PM

I'm unable to figure out exactly what to call this virus, but one name that stood out to me was "Trovi", which seems to be a redirect search page. I'm working on my sister's computer and she attempted to download "Clash of Clans", and started getting Chinese popups.

Avast was freaking out, citing URLs like "gamegogle", but I'm unable to re-find these pop warnings.

I went through and managed to reset her search page back to Google, but the warnings from Avast continue to pop up randomly.

Any help would be greatly appreciated!



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 02 October 2015 - 01:05 PM

Hello,

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

--------------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S0].txt as well.

----------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 02:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/2/2015
Scan Time: 2:28 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.02.06
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alyssha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335749
Time Elapsed: 16 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Cassiopesa, C:\Users\Alyssha\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [30fe71e18605181e9a5ac1201be9d42c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
____________________________________________________________
 
ADWCleaner
# AdwCleaner v5.009 - Logfile created 02/10/2015 at 14:49:28
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Alyssha - MINE
# Running from : C:\Users\Alyssha\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jcgcoifbkbphhjnekfkmohklfaimhikk
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1801 bytes] ##########
 
__________________________________________
 
 
Junkware Removal Tool Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Alyssha on Fri 10/02/2015 at 14:53:59.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/02/2015 at 14:58:49.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 02 October 2015 - 02:07 PM

Do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 02:14 PM

Yes,

Unfortunately, Avast is still sending up warnings as we speak.



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 02 October 2015 - 02:22 PM

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

-------

 

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 03:23 PM

ESET Log

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\4015E747-1443469243-331C-895C-1C750845D4FF\rnsbF9C8.exe.vir a variant of Win32/Adware.ConvertAd.ZW application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\4015E747-1443469243-331C-895C-1C750845D4FF\Uninstall.exe.vir Win32/Adware.ConvertAd.YY application cleaned by deleting - quarantined
 
___________________________________________________
 
Emsisoft Log
 
Emsisoft Emergency Kit - Version 10.0
Last update: 10/2/2015 4:17:21 PM
User account: MINE\Alyssha
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 10/2/2015 4:17:54 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-476552886-1113993686-2888164755-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143E921-7C9A-4D27-AC43-EACCC78CC55A} detected: Application.Toolbar (A)
C:\Program Files (x86)\baidu detected: Application.AppInstall (A)
 
Scanned 71631
Found 69
 
Scan end: 10/2/2015 4:21:02 PM
Scan time: 0:03:08
 
C:\Program Files (x86)\baidu Quarantined Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-476552886-1113993686-2888164755-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143E921-7C9A-4D27-AC43-EACCC78CC55A} Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
 
Quarantined 69


#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 02 October 2015 - 04:07 PM

If you still have problems you should reset Chrome:

 

To reset your browser settings to default:

§  How to Reset Your Web Browser to its default settings in Google Chrome, Firefox, Internet Explorer


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 04:17 PM

Hi,

 

Unfortunately, the issue persists. Avast and Malwarebytes had blocked a webpage that opened up (by itself, at random) in Internet Explorer.



#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 02 October 2015 - 04:23 PM

Strange. You should check your extensions and disable unknown:

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

 

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

------------

 

rKill.exehttp://www.bleepingcomputer.com/download/rkill/dl/10/

iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----------

 

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 02 October 2015 - 11:58 PM

I've found one suspicious add-on on Chrome called "EasyCalendar". It doesn't enable me to delete it whatsoever, but I'd like to get rid of it.

 

Any ideas?

 

 

(Note: I can't connect my sister's laptop to the wifi right now, so I will have to post the logs when I have wifi access for her laptop tomorrow. Sorry!)


Edited by Claytronic, 03 October 2015 - 12:17 AM.


#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 03 October 2015 - 03:29 AM

I've found one suspicious add-on on Chrome called "EasyCalendar". It doesn't enable me to delete it whatsoever, but I'd like to get rid of it.

 

Any ideas?

 

Well, you can try guide from this link:

 

§  How To Disable Individual Plug-ins in Google Chrome (By following this guide you will install dev version of Chrome, which gives you much more control over Chrome, but bad guys can also modify easier your browser)

 

 

Run programs from my last post, then we will see about that add-on. 


Edited by severac, 03 October 2015 - 03:37 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#13 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 03 October 2015 - 06:15 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Alyssha (administrator) on 03-10-2015 at 01:08:14
Running from "C:\Users\Alyssha\Desktop"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Model: Aspire 5742Z Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Disconnected)
Broadcom 802.11n Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Mine
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-F4-6A-8E-3F-DE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 18-F4-6A-8E-3F-DE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-45-D4-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...1a f4 6a 8e 3f de ......Microsoft Wi-Fi Direct Virtual Adapter
  4...18 f4 6a 8e 3f de ......Broadcom 802.11n Network Adapter
  3...1c 75 08 45 d4 ff ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/02/2015 05:22:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Faulting module name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Exception code: 0xc0000409
Fault offset: 0x00013174
Faulting process id: 0x98c
Faulting application start time: 0xnetservice.exe0
Faulting application path: netservice.exe1
Faulting module path: netservice.exe2
Report Id: netservice.exe3
Faulting package full name: netservice.exe4
Faulting package-relative application ID: netservice.exe5
 
Error: (10/02/2015 03:29:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/02/2015 03:17:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/02/2015 03:00:44 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fc4
 
Start Time: 01d0fd4480ed53ca
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: df808f07-6937-11e5-8279-1c750845d4ff
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/02/2015 12:55:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/02/2015 12:51:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/01/2015 06:10:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Faulting module name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Exception code: 0xc0000409
Fault offset: 0x00013174
Faulting process id: 0xd04
Faulting application start time: 0xnetservice.exe0
Faulting application path: netservice.exe1
Faulting module path: netservice.exe2
Report Id: netservice.exe3
Faulting package full name: netservice.exe4
Faulting package-relative application ID: netservice.exe5
 
Error: (10/01/2015 05:59:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Faulting module name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Exception code: 0xc0000409
Fault offset: 0x00013174
Faulting process id: 0x67c
Faulting application start time: 0xnetservice.exe0
Faulting application path: netservice.exe1
Faulting module path: netservice.exe2
Report Id: netservice.exe3
Faulting package full name: netservice.exe4
Faulting package-relative application ID: netservice.exe5
 
Error: (10/01/2015 04:04:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/01/2015 04:04:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
 
System errors:
=============
Error: (10/02/2015 05:22:47 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Service Handler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/02/2015 03:29:44 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/02/2015 03:29:44 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Alyssha\AppData\Local\Temp\ehdrv.sys
 
Error: (10/02/2015 03:29:43 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/02/2015 03:29:43 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Alyssha\AppData\Local\Temp\ehdrv.sys
 
Error: (10/02/2015 03:29:43 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/02/2015 03:29:43 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Alyssha\AppData\Local\Temp\ehdrv.sys
 
Error: (10/02/2015 03:10:54 PM) (Source: DCOM) (User: MINE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (10/02/2015 03:10:24 PM) (Source: DCOM) (User: MINE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (10/02/2015 02:56:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/02/2015 05:22:47 PM) (Source: Application Error)(User: )
Description: netservice.exe0.0.0.0557e7cf3netservice.exe0.0.0.0557e7cf3c00004090001317498c01d0fd5714c518dcC:\Users\Alyssha\AppData\Roaming\NetService\netservice.exeC:\Users\Alyssha\AppData\Roaming\NetService\netservice.exeb9804b58-694b-11e5-827a-1c750845d4ff
 
Error: (10/02/2015 03:29:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
 
Error: (10/02/2015 03:17:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\alyssha\desktop\esetsmartinstaller_enu.exe
 
Error: (10/02/2015 03:00:44 PM) (Source: Application Hang)(User: )
Description: chrome.exe45.0.2454.101fc401d0fd4480ed53ca4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exedf808f07-6937-11e5-8279-1c750845d4ff
 
Error: (10/02/2015 12:55:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\$Recycle.Bin\S-1-5-21-476552886-1113993686-2888164755-1002\$RY9CZLZ.exe
 
Error: (10/02/2015 12:51:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\alyssha\desktop\esetsmartinstaller_enu.exe
 
Error: (10/01/2015 06:10:27 PM) (Source: Application Error)(User: )
Description: netservice.exe0.0.0.0557e7cf3netservice.exe0.0.0.0557e7cf3c000040900013174d0401d0fc949418ebdeC:\Users\Alyssha\AppData\Roaming\NetService\netservice.exeC:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe3829e565-6889-11e5-8278-1c750845d4ff
 
Error: (10/01/2015 05:59:26 PM) (Source: Application Error)(User: )
Description: netservice.exe0.0.0.0557e7cf3netservice.exe0.0.0.0557e7cf3c00004090001317467c01d0fc930a007fa0C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exeC:\Users\Alyssha\AppData\Roaming\NetService\netservice.exeadf0c841-6887-11e5-8278-1c750845d4ff
 
Error: (10/01/2015 04:04:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
 
Error: (10/01/2015 04:04:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-09-30 19:13:42.395
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:42.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:41.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:39.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:39.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:14.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:13:13.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:12:37.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:12:37.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:12:09.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
SpaceSoundPro Service (HKLM-x32\...\zz.2977.ssp) (Version: 1.0.0 - CSDI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.19 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 19%
Total physical RAM: 5814.7 MB
Available physical RAM: 4698.3 MB
Total Virtual: 6198.7 MB
Available Virtual: 4948.4 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.42 GB) (Free:440 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MINE
 
Administrator            Alyssha                  Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
16-09-2015 20:43:58 Windows Update
25-09-2015 16:34:41 Scheduled Checkpoint
28-09-2015 18:29:04 Windows Update
01-10-2015 17:55:37 avast! antivirus system restore point
01-10-2015 20:41:34 Trovi
 
**** End of log ****
 
_________________________________________________
 

RKill Log
 
Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/03/2015 01:09:42 AM in x64 mode.
Windows Version: Windows 8.1 Pro with Media Center 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/03/2015 01:10:23 AM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
 

_________________________________________________

 

Security Check Log

 

 Results of screen317's Security Check version 1.009  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.93) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:30 PM

Posted 03 October 2015 - 06:28 PM

Do you still have problems with trovi? 

 

Can you use google regularly?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 AM

Posted 03 October 2015 - 09:27 PM

Chrome doesn't redirect, and I'm able to get onto these forums using that laptop, but whenever the laptop is connected to the internet, Avast pops up (at random, even if I don't have a browser open) and blocks .exe files.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users