Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my system clean ?


  • Please log in to reply
44 replies to this topic

#1 UppinRunnin

UppinRunnin

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 07 November 2015 - 11:38 AM

I was wandering around some part of Pinterest looking at pictures and clicked on a person's name to see their boards.  It took me to the person's personal website.  Kaspersky started flashing that a trojan was attempting to download.  

 

I have scanned with Kaspersky Rescue Disk, Malwarebytes online scanner, Super Antispyware free, Avast free, ESET.  All come up clean.  

 

My system does seem a little flakey, although I don't think it started then.  I lose connection to my ISP sometimes and it gets slow/stalls (resolving host).  My keyboard has been acting odd in some applications recently, too, like email (does not type letters correctly, kept pasting 'test testing test ...' in instead once).  Kaspersky's virtual keyboard also did not respond correctly once, however, when something odd was happening.  That might have been a Java/Flash issue on a site that wanted an update (not Chrome's version).  Not sure about that recollection though.  

 

Pinterest investigated and concluded there were no malicious links on their site related to that user account and suggested it might be something on my computer that caused the problem.  

 

I am wondering if a more in-depth look would see something, as I read that malware can be active but go undetected.  

 

This system was reformatted a couple months ago.  I don't visit risky sites or use pirate software although I do browse/read online and do image searches for benign things.  I look for the Kaspersky greenlight on websites although I did click a gray (unknown) flag once or twice (seemingly innocuous).  

 

Windows 7 Home Premium

Kaspersky Total Security

Chrome


Edited by UppinRunnin, 07 November 2015 - 11:42 AM.


BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 PM

Posted 08 November 2015 - 04:22 AM

Hi UppinRunnin ^_^,
 
3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply.
 
Kindly run the tool below and upload the ZIP File (Located on your Desktop) with your next post. The ZIP file contains information about your system -

http://omgdebugging.com/msinfo-zipper/
 
Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.
 
When you say that you lose connection to the ISP, have you checked the router? What is the state of the router when this happens? Maybe your ISP is not working correctly?

Let me know how it goes ^_^

-Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 08 November 2015 - 08:44 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Home (administrator) on 08-11-2015 at 08:38:54
Running from "C:\Users\Home\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: XPS 8300 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MININT-J75IKEU
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : westell.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 78-2B-CB-A3-F0-1E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::91f8:7e5d:fbe7:efe0%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.18(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 08, 2015 8:23:13 AM
   Lease Expires . . . . . . . . . . : Monday, November 09, 2015 8:23:12 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 242756555
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-9C-6B-17-78-2B-CB-A3-F0-1E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.westell.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter.westell.com
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:807::1003
	  63.117.14.87
	  63.117.14.84
	  63.117.14.91
	  63.117.14.89
	  63.117.14.86
	  63.117.14.88
	  63.117.14.85
	  63.117.14.90


Pinging google.com [63.117.14.90] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 63.117.14.90:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server:  dslrouter.westell.com
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
	  2001:4998:c:a06::2:4008
	  2001:4998:58:c02::a9
	  206.190.36.45
	  98.138.253.109
	  98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...78 2b cb a3 f0 1e ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.18     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.18    276
     192.168.1.18  255.255.255.255         On-link      192.168.1.18    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.18    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.18    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.18    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::91f8:7e5d:fbe7:efe0/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2015 08:22:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 03:04:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 01:09:28 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Failed to Resume COM Class object Type: 88::UnexpectedError. Exception caught in COM Server thread

Error: (11/07/2015 04:02:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 09:27:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 05:23:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 10:00:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2015 07:41:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/05/2015 07:41:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/05/2015 07:41:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: 
%%1069

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: 
%%1115

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
%%1069

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: 
%%1069

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/07/2015 01:09:28 PM) (Source: Service Control Manager) (User: )
Description: The AvastVBox COM Service service failed to start due to the following error: 
%%109


Microsoft Office Sessions:
=========================
Error: (11/08/2015 08:22:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 03:04:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 01:09:28 PM) (Source: CVHSVC)(User: )
Description: Error: Failed to Resume COM Class object Type: 88::UnexpectedError. Exception caught in COM Server thread

Error: (11/07/2015 04:02:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 09:27:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 05:23:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 10:00:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2015 07:41:34 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Home\Desktop\ESET smartinstaller_enu.exe

Error: (11/05/2015 07:41:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Home\Desktop\ESET smartinstaller_enu.exe

Error: (11/05/2015 07:41:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Home\Desktop\ESET smartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-08-31 05:28:48.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 05:28:48.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 05:28:48.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 05:28:48.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 05:28:48.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 05:28:48.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-30 15:43:40.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-30 15:43:40.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-30 15:43:40.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-30 15:43:40.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{2D76CB3C-AC17-4143-891E-F4C3BCDC78B6}) (Version: 1.00.0001 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.31.00 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{7BE20D33-EAE9-4E85-870F-204F65E04F89}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-820 Series Printer Uninstall (HKLM\...\EPSON XP-820 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-820 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-820 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Digital Image Suite Anniversary Edition (HKLM-x32\...\PictureItSuite_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyLifeOrganized v. 4.3.3 (HKLM-x32\...\MyLife Organized) (Version: 4.3.3 - MyLifeOrganized.net)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{E07D7C7B-F424-4EEF-BA17-B2C32BD1C107}) (Version: 4.3.0 - SEIKO EPSON CORPORATION)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8174.45 MB
Available physical RAM: 6090.09 MB
Total Virtual: 16347.1 MB
Available Virtual: 13981.42 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.84 GB) (Free:850.12 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.98 GB) NTFS
3 Drive e: (KRD10) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MININT-J75IKEU

Administrator            Guest                    Home                     


**** End of log ****



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 PM

Posted 08 November 2015 - 09:24 AM

Hi,

 

Could you please post the other information as well which I requested in my previous post?

 

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 08 November 2015 - 02:20 PM

 Results of screen317's Security Check version 1.011 --- 10/21/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 Windows Firewall Enabled!  
avast! Antivirus           
Kaspersky Total Security   
 Antivirus up to date!  (On Access scanning [b]disabled[/b]!) 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Adobe Flash Player 19.0.0.226  
 Mozilla Firefox (41.0) 
 Google Chrome (46.0.2490.71) 
 Google Chrome (46.0.2490.80) 
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast avastui.exe  
 Kaspersky Lab Kaspersky Password Manager 8.0.3 kpm.exe  
 Kaspersky Lab Kaspersky Total Security 16.0.0 avp.exe  
 Kaspersky Lab Kaspersky Total Security 16.0.0 avpui.exe  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: 1% 
[b][u]````````````````````End of Log``````````````````````[/b][/u] 



#6 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 08 November 2015 - 03:28 PM

I ran MSINFO and nothing happened.  Ran it again and got this error with an option to continue/ignore or quit:

>

>

See the end of this message for details on invoking 
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.IO.FileNotFoundException: Could not load file or assembly 'System.IO.Compression.FileSystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The system cannot find the file specified.
File name: 'System.IO.Compression.FileSystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
   at Diagnostic_Tool.Form1.Form1_Shown(Object sender, EventArgs e)
   at System.Windows.Forms.Form.OnShown(EventArgs e)
   at System.Windows.Forms.Form.CallShownEvent()
   at System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme)
   at System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme)
   at System.Windows.Forms.Control.InvokeMarshaledCallbacks()

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].



************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.1026 (RTMGDR.030319-1000)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
MSINFO_Zipper
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Home/Downloads/MSINFO_Zipper.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.1032 built by: RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.1036 built by: RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.1026 built by: RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.



Edited by UppinRunnin, 08 November 2015 - 03:29 PM.


#7 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 08 November 2015 - 08:22 PM

When you say that you lose connection to the ISP, have you checked the router? What is the state of the router when this happens? Maybe your ISP is not working correctly?

 

 

I have noticed the green internet light has gone out.  I have seen 'resolving host' messages.  Email loading issues, countdown to try again when refreshing.  Once I noticed the internet light had turned red.  

 

When there is a problem, I generally I turn the router off and on.  


Edited by UppinRunnin, 08 November 2015 - 09:18 PM.


#8 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 08 November 2015 - 10:14 PM

I had set an elaborate password on the router, but not sure if its setup has stayed intact or not.  


Edited by UppinRunnin, 09 November 2015 - 07:34 AM.


#9 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 09 November 2015 - 02:13 PM

Since rebooting this morning, I decided to try to run MSINFO again. It generated the same error.  This time I clicked 'Continue'. The error message closed but the Zipper app just sat there.  

 

Rebooted, with the idea of running it in Safe Mode, in case malware was stopping it or something.  I kept hitting F8.  I got a black and white screen with options but it was not the usual one.  I either started something or it took off itself.  Next I got a message at the bottom of the screen.  Still black screen with white text:

 

"Windows Loading Files" 

 

Under that was a white bar extending across the screen.  

 

I panicked and pressed the off button down to shut down.  

 

Rebooted again, hitting F8.  The regular options screen came up with Repair, Safe Mode, etc.  I selected Safe Mode and tried running MSINFO again.  Same error.  

 

 

Are you familiar with this "Windows Loading Files" event and know what screen it took me to instead of F8?  


Edited by UppinRunnin, 09 November 2015 - 02:15 PM.


#10 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 09 November 2015 - 02:19 PM

All Google search requests return a grey icon from Kaspersky.  Not any green flags for secure website.  



#11 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 09 November 2015 - 02:33 PM

Kaspersky warning "Suspicious action of the application WMI Provider Host blocked by Application Control"  

 

Appl:  C:\Windows\...32\wbem\WmiPrvSE.exe

 

Read memory from other processes

 

I'm sure I also saw an 'Avast' reference in the "Application:" notation once.  But no more.  

 

Right before this alerting (which has not stopped), I had been in Kaspersky to see if any settings had been changed/removed and ticked "Detet other s/w that can be used by criminals".  I also had clicked "restore 5 hidden notifications" somwhere and when I did so it said None were there.  

 

I have never seen this message before.

 

I use their Safe Money protected browser most of the time.  


Edited by UppinRunnin, 09 November 2015 - 02:40 PM.


#12 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 09 November 2015 - 02:54 PM

When I exited and opened Chrome again (in Safe Money),  the message continues flashing (even when I reverted the box to unchecked for detecting other s/w that can be used for criminals along with viruses, trojans, malware, etc protection).  

 

I notice upon starting the browser, the first message that appears is that it is blocked suspicious action of the application WIndows explorer.exe.  Then it repeatedly flashes WMI Provider Host blocked.  


Do I need to have this thread moved and get into queue over at the Virus Removal forum?  



#13 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 09 November 2015 - 04:39 PM

Hi, I see you have returned!  

 

I don't trust this system and would like to go through the in-depth cleaning to see if it is infected.  

 

Kaspersky URL Advisor seems to be working again.  It looks like these blocks have been going on for a while, just not flashing the message.  explorer.exe, avast files and whatever the WMI provider host thing is.  Weirder yet is the console panel says no apps or anything else has been blocked in the last 30 days.    

 

Kaspersky does not have good tech support, so that is pointless. 


Do you see anything in what I've been able to run?  MSINFO does not run.


Edited by UppinRunnin, 09 November 2015 - 04:41 PM.


#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 PM

Posted 10 November 2015 - 04:50 AM

Hi UppinRunnin ^_^,
 
The MSINFO app is not running because the application was built to support Dot Net 4 and above. Well don't worry :)
 
I see that multiple antivirus solutions are running on your system. Running only one antivirus solution is strongly advised because of the fact that the two compete with each other for resources and access to files simultaneously which causes problems. Kindly remove Avast Antivirus using the Avast Removal Tool.
 
  
Once you have removed Avast Antivirus from the system, kindly run the following tools -
Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator[/i]
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

Since you mention that the light on the router goes down, doesn't it mean that your ISP is not working correctly? I would suggest you to contact the ISP and then ask if everything is going well on their side or not.

Let me know how it goes ^_^


-Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 UppinRunnin

UppinRunnin
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 10 November 2015 - 06:13 AM

 

 

I see that multiple antivirus solutions are running on your system. Running only one antivirus solution is strongly advised because of the fact that the two compete with each other for resources and access to files simultaneously which causes problems. Kindly remove Avast Antivirus using the Avast Removal Tool.
 

 

 

I don't have them running simultaneously.  The only one I use is Kaspersky.  The others are for one-time scans.  Their real-time protections are turned off.  I am not aware this is a problem and running scans from multiple vendors is supposed to catch things the other doesn't, from what I have understood anyway.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users