Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, hardware failure or windows corruption?


  • Please log in to reply
23 replies to this topic

#1 BlackadderV

BlackadderV

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 November 2015 - 05:46 AM

So much is riding on my computer being ok and not having to do a clean install of windows 7 I was hoping someone can help me get to the bottom of my problem.

 

*This bit may not be relevant but it is worth mentioning*

 

The signal to my monitor has been known to cut out randomly with the computer remaining on. Turning it off and back on later (not immediately) would fix it. I would see the issue every day for 3 or 4 days and then it would not happen for about a month. It did happen right before this started but may be coincidence.

 

**

 

 

The main issue:

 

I cannot go on the internet in normal mode and windows is prone to running really slow and hanging, only in safe mode with networking is everything ok (although trying to play music in safe mode brings an error message). I did just manage to do a windows update when it came back briefly (2 days after it started) but that did not fix the issue and internet never came back in normal mode. Strangely the only thing I can do online at all is play hearthstone. The interactive ads fail to load on the battlenet launcher but I can log on to the server and play, nothing else works.

 

Also since the update I managed to get in I have intermittently been getting a "windows is not genuine build 7601 (or similar numbers) even though it is fine and the sound does not seem to be working.

 

Anti viruses and ccleaner would not work in normal mode but I got them to work in safe mode. Ccleaner cleaned about 1gb of stuff. Malwarebytes returned negative but the scan was really quick so I can't imagine it was too in depth. Superantispyware found nothing after a full scan.

 

Avast does not work in safe mode, I tried to run a boot scan but it failed. It does not run in normal mode either, nor will the shields start. I have been able to copy and paste important stuff from my C drive to another drive in case of reinstall but I really don't want to do this.

 

 

Does this sound like a virus? Something third party is stopping me getting on the internet in normal mode. Or could it be PSU/HDD failure or windows error.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 24 November 2015 - 07:58 AM

Hi BlackadderV :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 November 2015 - 03:05 PM

Thank you Aura. Here are the results.

 

Also if it helps diagnosis when I inserted a usb pen into my usb port in normal mode it appeared in the 'my computer' bit but it was faded out and an error appeared when I tried to click it claiming that it is not in the correct location (or something to that effect). When I entered safe mode and inserted the same usb stick it read it fine and I could transfer files as normal.

 

 

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by MichaelD (administrator) on 24-11-2015 at 19:56:08
Running from "C:\Users\MichaelD\Desktop\Programs"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Belkin F6D4050 Enhanced Wireless USB Adapter = Wireless Network Connection 4 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MichaelD-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Belkin F6D4050 Enhanced Wireless USB Adapter #4
   Physical Address. . . . . . . . . : 94-44-52-86-43-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f598:421d:470d:770a%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 November 2015 19:54:28
   Lease Expires . . . . . . . . . . : 25 November 2015 19:54:27
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 261375058
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-D8-BD-11-94-44-52-86-43-9A
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  routerlogin.net
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:4009:800::200e
      216.58.210.46


Pinging google.com [216.58.210.46] with 32 bytes of data:
Reply from 216.58.210.46: bytes=32 time=19ms TTL=52
Reply from 216.58.210.46: bytes=32 time=18ms TTL=52

Ping statistics for 216.58.210.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server:  routerlogin.net
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=139ms TTL=48
Reply from 98.138.253.109: bytes=32 time=142ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 139ms, Maximum = 142ms, Average = 140ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...94 44 52 86 43 9a ......Belkin F6D4050 Enhanced Wireless USB Adapter #4
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.5    281
      192.168.0.5  255.255.255.255         On-link       192.168.0.5    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.5    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    281 fe80::/64                On-link
 14    281 fe80::f598:421d:470d:770a/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/24/2015 07:54:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 07:53:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/24/2015 07:48:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/24/2015 07:46:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 05:59:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2015 11:22:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/23/2015 11:17:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2015 10:38:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/23/2015 10:36:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/23/2015 10:36:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/24/2015 07:54:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (11/24/2015 07:52:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/24/2015 07:52:32 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/24/2015 07:52:32 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/24/2015 07:54:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 07:53:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000004945030049450300980B0000

Error: (11/24/2015 07:48:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000004945030049450300980B0000

Error: (11/24/2015 07:46:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 05:59:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2015 11:22:59 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000004945030049450300980B0000

Error: (11/23/2015 11:17:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2015 10:38:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000004945030049450300980B0000

Error: (11/23/2015 10:36:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000004945030049450300980B0000

Error: (11/23/2015 10:36:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.4.2233 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.0.1.0218 - Code Laboratories, Inc.)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.59 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.4.11652 - )
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith Productions, Inc.)
FM PDF To Word Converter Pro 2.4 (HKLM-x32\...\FM PDF To Word Converter Pro_is1) (Version: 2.4 - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free PDF To Word Converter 1.7 (HKLM-x32\...\Free PDF To Word Converter_is1) (Version: 1.7 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
HOTAS WARTHOG drivers (HKLM-x32\...\{C33F3C7C-F964-4919-97D3-0C4F2A538D87}) (Version: 1.TMHW.2011 - Thrustmaster)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.0 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
OpenIV (HKCU\...\OpenIV) (Version: 2.6.4.642 - .black/OpenIV Team)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Pro Evolution Soccer 2016 Demo (HKLM-x32\...\Steam App 376890) (Version:  - Konami Digital Entertainment)
Python 2.5 comtypes-0.5.2 (HKLM-x32\...\comtypes-py2.5) (Version:  - )
Python 2.5 PIL-1.1.6 (HKLM-x32\...\PIL-py2.5) (Version:  - )
Python 2.5 psyco-1.6 (HKLM-x32\...\psyco-py2.5) (Version:  - )
Python 2.5 pywin32-212 (HKLM-x32\...\pywin32-py2.5) (Version:  - )
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Python 2.6.2 (HKLM-x32\...\{24aab420-4e30-4496-9739-3e216f3de6ae}) (Version: 2.6.2150 - Python Software Foundation)
Python 2.7 comtypes-0.6.2 (HKCU\...\comtypes-py2.7) (Version:  - )
Python 2.7 pywin32-216 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
Rise of Flight (HKLM-x32\...\{1101370E-0BBC-4939-8037-2AED92A5C15C}_is1) (Version:  - 777)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Shogun Bros. Ballista MK-I (HKLM-x32\...\Shogun Bros. Ballista MK-I) (Version: 1.02 - Shogun Bros.)
Smart Technology Programming Software 7.0.24.8 (HKLM\...\{AB98EBC0-1F36-4525-8CBE-E1C63700C7AD}) (Version: 7.0.24.8 - Mad Catz)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version:  - Nomad Games Limited)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Thrustmaster TARGET (HKLM-x32\...\{8036A569-CA02-4D33-A7E9-E9BC8A482E91}) (Version: 2.0.10.0 - Thrustmaster)
TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint)
USB Game Controllers (HKLM-x32\...\USB Game Controllers) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
wxPython 2.8.7.1 (ansi) for Python 2.5 (HKLM-x32\...\wxPython2.8-ansi-py25_is1) (Version: 2.8.7.1-ansi - Total Control Software)

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&DDEC341&0&00E1
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05\3&11583659&0&C8
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 8167.13 MB
Available physical RAM: 6732.07 MB
Total Virtual: 12165.34 MB
Available Virtual: 10567.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:3.35 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:53.03 GB) NTFS
3 Drive e: () (Fixed) (Total:465.76 GB) (Free:76 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHAELD-PC

Administrator            ASPNET                   Guest                    
MichaelD                 


**** End of log ****
 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 24 November 2015 - 03:12 PM

Looks like you have a few important drivers missing. In order to install them you'll need to be able to access a normal boot, so we'll do that after. Follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 November 2015 - 04:17 PM

https://drive.google.com/open?id=0Bx4i2120kcHoTG1zTmdGc0RKTUE

 

Here is the file. Thanks again.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 24 November 2015 - 06:46 PM

Apparently I need to ask your permission to download this file, I need a public download URL for it please :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 November 2015 - 07:15 PM

Sorry I have never used google drive before. I usually use sendspace.

 

Here is a shared link https://drive.google.com/file/d/0Bx4i2120kcHoTG1zTmdGc0RKTUE/view?usp=sharing



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 24 November 2015 - 07:42 PM

Alright, can you configure your system for a clean boot, then boot normally and see if you can navigate around properly?

https://support.microsoft.com/en-us/kb/929135

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 November 2015 - 08:12 PM

msconfig froze in normal mode but I got the clean boot instructions to activate in safe mode. In the clean boot the internet came back, I could get into windows updates and I could open music files in windows media player unlike before. I restarted in normal mode and the conditions remained, the issues seemed to have disappeared although I literally only checked things out for about 20 seconds as I have to head to bed.

 

What does this mean? How have these tests seemingly fixed some of the issues? I will check more tomorrow when I get home from work.

 

Thanks for your time.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 24 November 2015 - 08:47 PM

It means that a third-party program and/or service is causing all these issues. I couldn't tell which ome however. If you un-do the clean boot state, I'm sure all the issues will comeback. You'll have to check what programs you have starting under msconfig (the Startup tab) and check them one by one and then see when the issues comeback.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 25 November 2015 - 04:45 AM

Ok I will have a look this evening. The issue did not seem to come back instantly when I restarted so I will try and get a boot scan done too while I have a chance.

 

Is it looking more or less likely that this is caused by a virus/malware rather than a corrupt legit program/service?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 25 November 2015 - 06:23 AM

Personally I don't think that you are infected by a malware/virus (or if you are, I doubt it's causing these issues), but once you've done troubleshooting on your end (identifying the third party program and/or service causing all your issues in normal boot), we can run a few scans to see if they pick up something just in case :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 25 November 2015 - 05:10 PM

After some serious testing it seems that the guilty party for stopping my internet connection and stopping avast from working (and maybe everything) is RIMBB launch agent which is software for blackberry. I can't believe it would do all this.

 

I am trying to uninstall the blackberry software suite but it won't uninstall, the green bar just hangs about a fifth of the way down. I tried in safe mode but it turns out you cannot uninstall in safe mode so I turned off all startup programs so virtually nothing but windows is running but it still hangs. What can I do to unistall it? Can blackberry software really do all this? (assuming it is also the reason why my sound no longer works).

 

I did an avast boot scan on all 3 of my drives on high heuristics and nothing was found.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 25 November 2015 - 05:15 PM

What's the full name of the software, and also what version is it? And yes, it's possible for software like that (which have services/drivers running) to cause various issues under Windows when their installation is damaged or conflicting with the system.

Is that it?

BlackBerry Desktop Software 7.1

Edited by Aura, 25 November 2015 - 05:15 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 BlackadderV

BlackadderV
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 25 November 2015 - 05:38 PM

Yes it is Blackberry Desktop Software 7.1. The uninstall is still hanging after 1 hour. It was installed this June although the big issues only started a week or so ago.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users