Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spelled website wrong. Popups tell me to call a number. Rogue:JS/FakeCall.D


  • Please log in to reply
11 replies to this topic

#1 mymaus1

mymaus1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 19 November 2015 - 10:37 AM

Last night I was using Internet Explorer to go to a website (I have a Windows 8.1 laptop). I spelled the website’s name incorrectly. Immediately, I started getting pop ups indicating my computer was infected and even a urgent voice came over the computer speakers saying I was infected and I should call a phone number to get uninfected. Obviously, I didn’t take it’s advice. I took a few precious seconds to try to close the windows without success. I then immediately hit the power button on my computer to shut it down.

 

I waited a minute and then turned it back on. My computer requires a password to power on. I entered that. It was late and I was kind of panicked and not thinking too clearly so I opened Internet Explorer again (I was going to download Malewarebytes for a scan). After about 30 seconds I realized I really should shut my internet connection (Wi-Fi) down instead. I then used Windows Defender (the only virus protection I have on this laptop) to for a full scan of the system. Before running the scan I noted that Real Time Protection was on and the Virus and spyware definitions were Up to date.

 

The first scan took about 2 hours and found what Defender called a dangerous virus called Rogue:JS/FakeCall.D. I removed that virus and ran another scan. The second time through the system did not detect anything else.

 

My questions are:

  1. Is there any way the people behind the attack have the password that I enter when I power up?
  1. Is it safe to turn Wi-Fi back and use it to only download Malewarebytes including current definitions for a scan with that software?
  1. If it is not safe, I do have another computer where I can download Malewarebytes to a USB drive, but how do I get current definitions to my laptop after the install if I don’t have my internet connection on?
  1. Repeat questions 2 & 3 for Spybot Search & Destroy.
  1. Is there any other software I should be using to scan for viruses?

 

Thanks for your help,

Tom



BC AdBot (Login to Remove)

 


#2 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 19 November 2015 - 11:03 AM

Hi mymaus1, :welcome:  to the AII fourms at BC. My name is loki and I will be helping you.
 
My questions are:

  • Is there any way the people behind the attack have the password that I enter when I power up? With the infection that was detected, I would say no.
  • Is it safe to turn Wi-Fi back and use it to only download Malewarebytes including current definitions for a scan with that software? If that is the only problem we are dealing with, then yes you should be safe.
  • If it is not safe, I do have another computer where I can download Malewarebytes to a USB drive, but how do I get current definitions to my laptop after the install if I don’t have my internet connection on? I don't think we will have to use your other computer.
  • Repeat questions 2 & 3 for Spybot Search & Destroy.
  • Is there any other software I should be using to scan for viruses? There are other tools you can use to scan for viruses, malware, PUPs etc. We will use some of them now.

Please follow the steps below and report back to me if you encounter any problems.
 
Step 1:
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and post the contents of JRT.txt into your next message.

Step 2:
 
zcMPezJ.pngAdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 3:
 
cvMlKv6.pngESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop, Please copy and paste the results in your next reply.
  • Click Back, then Finish to exit ESET Online Scanner.

 

I would like to see the results of these scans in your next reply. Thanks,

 

loki


 
Member of the Bleeping Computer A.I.I. early response team!

#3 mymaus1

mymaus1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 December 2015 - 01:21 PM

Loki, Thanks for your help!! So I finally had a chance to complete your recommended steps. Below are the the two text files you requested. ESET did not find any threats. I also ran Malewarebytes which found no threats. I ran MS Defender again and now it finds no threats. Am I clean?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.0 (11.12.2015)

Operating System: Windows 8.1 x64

Ran by Tom (Administrator) on Thu 11/19/2015 at 11:55:14.41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 1

 

Successfully deleted: C:\Users\Tom\AppData\Roaming\sp_data.sys (File)

 

 

 

Registry: 1

 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010 (Registry Value)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 11/19/2015 at 11:57:37.42

End of JRT log

 

# AdwCleaner v5.021 - Logfile created 19/11/2015 at 12:04:58

# Updated 14/11/2015 by Xplode

# Database : 2015-11-13.1 [Local]

# Operating system : Windows 8.1  (x64)

# Username : Tom - MAURER-LAPTOP

# Running from : C:\Users\Tom\Documents\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLL ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [769 bytes] ##########



#4 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 01 December 2015 - 01:37 PM

Hi again mymaus1,
 
:thumbup2:  Lets just run a few more scans to make sure everything looks good and then we can call it clean. Please follow the steps below and report back with any issues or questions:

 
Step 1:

3Al62Pm.pngMiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option your Firefox browser should be closed.

Once the scan is complete please copy and paste the log in your next reply!
 
 
Step 2:
 
P32ZMcU.pngSecurityCheck

  • Download SecurityCheck and move the program to your Desktop.
  • Right-click on the SecurityCheck icon and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Press any key and let the scan run.
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply.

Please post both logs to your next reply. Thanks,

loki


 
Member of the Bleeping Computer A.I.I. early response team!

#5 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:49 PM

Posted 01 December 2015 - 02:02 PM

When Malware Team is done, you can get programs with a better rating than Spybot.  Ask for their recommendations.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 mymaus1

mymaus1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 December 2015 - 02:07 PM

Here you go:

 

MiniToolBox by Farbar  Version: 02-11-2015

Ran by Tom (administrator) on 01-12-2015 at 13:46:52

Running from "C:\Users\Tom\Desktop"

Microsoft Windows 8.1  (X64)

Model: X551MA Manufacturer: ASUSTeK COMPUTER INC.

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

 

Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)

Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : maurer-laptop

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : cinci.rr.com

 

Wireless LAN adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 16-27-1E-6A-A6-46

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : cinci.rr.com

   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter

   Physical Address. . . . . . . . . : 54-27-1E-6A-A6-46

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::c5b4:f10e:cf30:389d%4(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.127(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Tuesday, December 1, 2015 10:44:18 AM

   Lease Expires . . . . . . . . . . : Wednesday, December 2, 2015 11:57:13 AM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 257173278

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-DB-A0-36-54-27-1E-6A-A6-46

   DNS Servers . . . . . . . . . . . : 209.18.47.61

                                       209.18.47.62

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : cinci.rr.com

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 40-16-7E-9E-B3-42

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.cinci.rr.com:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : cinci.rr.com

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 13:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c55:6ed:3f57:fe80(Preferred)

   Link-local IPv6 Address . . . . . : fe80::1c55:6ed:3f57:fe80%6(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 134217728

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-DB-A0-36-54-27-1E-6A-A6-46

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  dns-cac-lb-01.rr.com

Address:  209.18.47.61

 

Name:    google.com

Addresses:  2607:f8b0:4009:806::1004

              74.125.225.4

              74.125.225.9

              74.125.225.7

              74.125.225.2

              74.125.225.0

              74.125.225.8

              74.125.225.5

              74.125.225.14

              74.125.225.3

              74.125.225.1

              74.125.225.6

 

 

Pinging google.com [216.58.216.206] with 32 bytes of data:

Reply from 216.58.216.206: bytes=32 time=40ms TTL=52

Reply from 216.58.216.206: bytes=32 time=42ms TTL=52

 

Ping statistics for 216.58.216.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 40ms, Maximum = 42ms, Average = 41ms

Server:  dns-cac-lb-01.rr.com

Address:  209.18.47.61

 

Name:    yahoo.com

Addresses:  2001:4998:c:a06::2:4008

              2001:4998:58:c02::a9

              2001:4998:44:204::a7

              98.139.183.24

              98.138.253.109

              206.190.36.45

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=67ms TTL=47

Reply from 98.138.253.109: bytes=32 time=60ms TTL=47

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 60ms, Maximum = 67ms, Average = 63ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  7...16 27 1e 6a a6 46 ......Microsoft Wi-Fi Direct Virtual Adapter

  4...54 27 1e 6a a6 46 ......Qualcomm Atheros AR9485 Wireless Network Adapter

  2...40 16 7e 9e b3 42 ......Realtek PCIe FE Family Controller

  1...........................Software Loopback Interface 1

  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.127     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.127    281

    192.168.1.127  255.255.255.255         On-link     192.168.1.127    281

    192.168.1.255  255.255.255.255         On-link     192.168.1.127    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.127    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.127    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  6    306 ::/0                     On-link

  1    306 ::1/128                  On-link

  6    306 2001::/32                On-link

  6    306 2001:0:5ef5:79fb:1c55:6ed:3f57:fe80/128

                                    On-link

  4    281 fe80::/64                On-link

  6    306 fe80::/64                On-link

  6    306 fe80::1c55:6ed:3f57:fe80/128

                                    On-link

  4    281 fe80::c5b4:f10e:cf30:389d/128

                                    On-link

  1    306 ff00::/8                 On-link

  4    281 ff00::/8                 On-link

  6    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (12/01/2015 11:56:35 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (12/01/2015 11:55:59 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (12/01/2015 11:55:47 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (11/20/2015 03:47:13 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

 

System errors:

=============

Error: (12/01/2015 11:57:56 AM) (Source: Application Popup) (User: )

Description: \??\C:\Users\Tom\AppData\Local\Temp\ehdrv.sys

 

Error: (12/01/2015 11:57:56 AM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (12/01/2015 11:57:55 AM) (Source: Application Popup) (User: )

Description: \??\C:\Users\Tom\AppData\Local\Temp\ehdrv.sys

 

Error: (12/01/2015 11:57:55 AM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (12/01/2015 11:57:55 AM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (12/01/2015 11:57:55 AM) (Source: Application Popup) (User: )

Description: \??\C:\Users\Tom\AppData\Local\Temp\ehdrv.sys

 

Error: (11/19/2015 12:17:06 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\Tom\AppData\Local\Temp\ehdrv.sys

 

Error: (11/19/2015 12:17:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (11/19/2015 12:17:06 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\Tom\AppData\Local\Temp\ehdrv.sys

 

Error: (11/19/2015 12:17:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

 

Microsoft Office Sessions:

=========================

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Desktop\esetsmartinstaller_enu(1).exe

 

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Desktop\esetsmartinstaller_enu(1).exe

 

Error: (12/01/2015 11:56:39 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Desktop\esetsmartinstaller_enu(1).exe

 

Error: (12/01/2015 11:56:35 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Desktop\esetsmartinstaller_enu(1).exe

 

Error: (12/01/2015 11:55:59 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Desktop\esetsmartinstaller_enu(1).exe

 

Error: (12/01/2015 11:55:47 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestE:\esetsmartinstaller_enu(1).exe

 

Error: (11/20/2015 03:47:13 AM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestc:\users\tom\documents\esetsmartinstaller_enu.exe

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Documents\esetsmartinstaller_enu.exe

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Documents\esetsmartinstaller_enu.exe

 

Error: (11/19/2015 12:13:15 PM) (Source: SideBySide)(User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Users\Tom\Documents\esetsmartinstaller_enu.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-11-20 23:05:05.928

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-20 23:05:04.944

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-20 23:05:03.944

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-20 23:04:54.803

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-20 23:04:53.709

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-19 09:57:52.014

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-19 09:57:50.921

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-19 09:57:49.827

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-19 09:57:47.423

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-19 09:57:46.219

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

=========================== Installed Programs ============================

 

Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)

ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)

ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)

Azteca (HKLM-x32\...\WTA-baee0226-8abd-44de-acf0-4469c54acd02) (Version: 2.2.0.97 - WildTangent) Hidden

Bejeweled 3 (HKLM-x32\...\WTA-300528be-6cb0-4daf-9f1a-1ed861c3d155) (Version: 2.2.0.97 - WildTangent) Hidden

ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)

Cut the Rope (HKLM-x32\...\WTA-2f37a8f4-f44d-4d6a-afb3-80bbe9dc78b1) (Version: 3.0.2.38 - WildTangent) Hidden

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)

Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.304.16315 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)

OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

Peggle (HKLM-x32\...\WTA-a9ab6aab-28ce-4502-b8b2-adc6cb75f60a) (Version: 2.2.0.95 - WildTangent) Hidden

Penguins! (HKLM-x32\...\WTA-9516301f-005d-47c0-871c-7d6da0032d49) (Version: 2.2.0.98 - WildTangent) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Tales of Lagoona (HKLM-x32\...\WTA-b9847515-e6c4-4db4-b28f-d343a1997d25) (Version: 2.2.0.110 - WildTangent) Hidden

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)

WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.5 - WildTangent) Hidden

Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 44%

Total physical RAM: 3982.68 MB

Available physical RAM: 2216.82 MB

Total Virtual: 5582.68 MB

Available Virtual: 3506.42 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:407.47 GB) NTFS

2 Drive d: (SELMA) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

3 Drive e: () (Fixed) (Total:14.9 GB) (Free:14.8 GB) FAT32

 

========================= Users: ========================================

 

User accounts for \\MAURER-LAPTOP

 

Administrator            Guest                    Tom                     

 

 

**** End of log ****

 

Results of screen317's Security Check version 1.013 --- 11/28/15 

   x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Spybot - Search & Destroy

 Adobe Reader 10.1.14 Adobe Reader out of Date! 

 Google Chrome (46.0.2490.80)

 Google Chrome (46.0.2490.86)

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Windows Defender MSASCui.exe

 Spybot Teatimer.exe is disabled!

 Windows Defender MpCmdRun.exe  

 Windows Defender MSASCui.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````



#7 Digitalblonde2001

Digitalblonde2001

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 01 December 2015 - 03:39 PM

Hi All

 

I'm new to this forum but want to send you all a big thanks!  I did the same thing that Tom did earlier today ( the site was www.mexicondo.com) and chrome froze up with a nasty threatening blue screen warning as well as an audo admonition that I need to contact Windows tech support immediately by calling 1-888-502-8241.  It disabled Windows defender and wasn't identified by Avast.  I disabled the processes it was running, turned on Defender and ran a scan, the Defender scan came back clean and then found this forun using Firefox. I downloaded JRT, AdWareCleaner and ESET.  JRT found nothing but Adware cleaner hit paydirt and removed it. I'm running the ESET scan now.

 

Digitalblonde :bananas:



#8 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 01 December 2015 - 04:02 PM

You should update Adobe Reader if you still use it, otherwise it's outdated and can be uninstalled. Please follow the step below to run TFC while I continue to go over your MiniToolBox log.
 
Step 1:
 
3DPGbxe.pngTemp File Cleaner (TFC)

  • Please download Temp File Cleaner (TFC) and move it to your Desktop
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on Start to launch the cleanup process and wait until it completes
  • TFC may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • Please restart your computer
  • There will be no log generated by this tool

 
Member of the Bleeping Computer A.I.I. early response team!

#9 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 01 December 2015 - 04:41 PM

Hi again mymaus1, I would say all looks good unless you are having anymore problems? Were you able to update Adobe? Also were you able to run TFC? If you are not having anymore issues I think we are done. Thanks,

 

loki


 
Member of the Bleeping Computer A.I.I. early response team!

#10 mymaus1

mymaus1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 02 December 2015 - 11:59 AM

TFC ran fine. Adobe updated fine. I guess all system are go!!  Thank you so much for your help.

 

While you're here, Member RolandJS suggested (see above) that I ask for reccomendations for ongoing protection. I am usually very careful when going to web sites.  This latest mispeeling issue was the first virus I've had in years. I use Windows Defender as my main virus protection (real time protection & weekly scans) and I run a Malewarebytes scan weekly. Are there other free solutions that would work better for me?

 

Also, I downloaded Windows 10 on both of my computers (the other is a Windows 7 system) a while ago and I still haven't upgraded. Do you think I should go ahead & upgrade?



#11 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 03 December 2015 - 02:28 PM

From what I gather about spybot, it's not very good with keeping up with the latest malware, having said that, if you like it, keep it. Just something to consider. As far as active malware protection, the paid version of Malwarebytes provides good active protection, but it's not free. I just scan weekly with the free version of MBAM and that works just fine for me, I think it has been working fine for you also. As far as Antivirus protection, each free one has good things and bad things that could be said about it. I think if your happy with Windows Defender then you should stick with it. I would just scan every couple of weeks with ESET Online scanner to add an extra level of protection.

 

With Windows 10, I have heard both good things and bad things about, try it on the one machine that you maybe don't use as much to see what you think, if you like it, upgrade both, if not, I believe you can go back within so many days of upgrading. I personally haven't upgraded my Windows 7 machines yet and am not sure if I will :)

 

I hope this helps. If you have any questions let me know. Thanks,

 

loki


 
Member of the Bleeping Computer A.I.I. early response team!

#12 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:08:49 PM

Posted 05 December 2015 - 09:40 AM

Also please see this excellent article by quietman7 to help with making a decision about selecting a free AV:

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629

 

:thumbup2:


 
Member of the Bleeping Computer A.I.I. early response team!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users