Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Rapidly / Randomly Alt-Tabbing Itself Periodically


  • Please log in to reply
78 replies to this topic

#1 tzonehunter

tzonehunter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 19 December 2015 - 08:45 AM

Hi,

 

I have been having this issue for about three weeks. I had downloaded some free video editing software programs a few weeks ago to try to fix a recording with bad audio. I also downloaded and installed Windows Essentials and a free Windows Audio Codec. Since that time, Windows has been rapidly flashing / alt-tabbing itself.

I'm not sure if this is malware or another Windows issue due to the Windows program I installed. Can anyone help?

 

Thanks!

 

cmt



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:16 PM

Posted 19 December 2015 - 11:56 AM

FWIW:  Those who love to distribute/create malware...love users who are inclined to download "free" whatever, without giving any thought to checking the reliability of the site or download :).  Let's take a look.

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 December 2015 - 07:35 AM

iniToolBox by Farbar  Version: 02-11-2015
Ran by Home (administrator) on 20-12-2015 at 06:34:13
Running from "C:\Users\Home\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 2342CTO Manufacturer: LENOVO

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2015 07:28:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x1f0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/19/2015 07:08:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x21a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/19/2015 07:00:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x24b8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/19/2015 06:58:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x25c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/18/2015 06:06:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 08:18:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 06:07:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 04:10:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 05:03:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5813439

Error: (12/08/2015 05:03:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5813439

System errors:
=============
Error: (12/18/2015 06:06:03 PM) (Source: Service Control Manager) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/09/2015 08:49:09 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (12/09/2015 08:24:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (12/09/2015 06:55:04 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2015 06:34:57 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2015 06:22:31 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2015 06:20:02 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2015 06:13:59 PM) (Source: Service Control Manager) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/09/2015 05:26:44 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2015 05:14:14 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (12/19/2015 07:28:58 AM) (Source: Application Error)(User: )
Description: plugin-container.exe43.0.1.582856723a12mozglue.dll43.0.1.582856722c0b800000030000ed631f001d13a5e68364591C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll74bc0cb9-a654-11e5-acc5-74e54322e1b5

Error: (12/19/2015 07:08:41 AM) (Source: Application Error)(User: )
Description: plugin-container.exe43.0.1.582856723a12mozglue.dll43.0.1.582856722c0b800000030000ed6321a401d13a5d4818712cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll9f69fb48-a651-11e5-acc5-74e54322e1b5

Error: (12/19/2015 07:00:36 AM) (Source: Application Error)(User: )
Description: plugin-container.exe43.0.1.582856723a12mozglue.dll43.0.1.582856722c0b800000030000ed6324b801d13a5cfaf83f2fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll7eb4b932-a650-11e5-acc5-74e54322e1b5

Error: (12/19/2015 06:58:32 AM) (Source: Application Error)(User: )
Description: plugin-container.exe43.0.1.582856723a12mozglue.dll43.0.1.582856722c0b800000030000ed6325c401d13a5c375c0854C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll34d9cf59-a650-11e5-acc5-74e54322e1b5

Error: (12/18/2015 06:06:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 08:18:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 06:07:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 04:10:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 05:03:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5813439

Error: (12/08/2015 05:03:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5813439

CodeIntegrity Errors:
===================================
  Date: 2015-12-06 09:07:33.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-06 09:02:56.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-29 22:11:01.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:11:01.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:56.091
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:56.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:50.966
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:50.917
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:45.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 22:10:45.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fortimon3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Ai Picture Utility v8 (HKLM-x32\...\aipict_v8) (Version:  - )
Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
DVDFab 9.1.8.5 (24/01/2015) Non-Decryption (HKLM-x32\...\DVDFab 9 NonDecALL_is1) (Version:  - Fengtao Software Inc.)
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
foobar2000 v1.1.18 (HKLM-x32\...\foobar2000) (Version: 1.1.18 - Peter Pawlowski)
FxFoto by Triscape (HKLM-x32\...\FxFoto) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{F958F851-8DBE-420C-9D37-5ECBB6C61148}) (Version: 1.0.17 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{2E8A793D-E275-46A2-BAB3-35FB95ACED57}) (Version: 3.0.0 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2725 - Intel Corporation)
Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\{5B0F473D-7E18-477F-99DC-3745D5A711E9}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog My Pals Plugin (HKLM-x32\...\{AB442E2D-CEAF-43C6-B01F-C87489E33722}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (HKLM-x32\...\{37A8B1FF-6ECE-4936-A0C5-8657B6283DDD}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.15 - Lenovo)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.17.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logger Pro 3.8.6.2 Demo (HKLM-x32\...\{0580C1CB-AC11-47DE-C4B8-BF9A9EA547E9}) (Version: 5.173.3862 - Vernier Software & Technology)
Logger Pro 3.8.7 (HKLM-x32\...\{91723F06-AEC9-48CA-7AAE-806AD81D8C60}) (Version: 5.182.429 - Vernier Software & Technology)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (HKLM-x32\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
NVIDIA 3D Vision Driver 345.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 345.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SMART Arabic Language Pack (HKLM-x32\...\{9F6226AA-088E-453F-8A0C-1EC0F3E53876}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.11.0 - SMART Technologies ULC)
SMART Danish Language Pack (HKLM-x32\...\{1EAB215B-E60D-4734-81C6-20D2A7A3B5A3}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Dutch Language Pack (HKLM-x32\...\{9B2B8676-0C52-4F97-9869-3E0CC87C85E0}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART English (United Kingdom) Language Pack (HKLM-x32\...\{AD53E305-0F31-426E-85D1-35C63D913639}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Finnish Language Pack (HKLM-x32\...\{D31510A9-657B-4B88-8BFA-16218345D3BE}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART French Language Pack (HKLM-x32\...\{015BE11B-72BE-44C4-99BA-36CA831757E4}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART German Language Pack (HKLM-x32\...\{5C3C89CB-A719-46C5-80C7-2E2237AD3692}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Hungarian Language Pack (HKLM-x32\...\{452B064F-DBD5-4A79-85AB-CEEF2F2D54C8}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Italian Language Pack (HKLM-x32\...\{DB9D6AF8-FC14-43B2-B3CE-5A6C8C89CF44}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Norwegian Language Pack (HKLM-x32\...\{E5B6189B-2FEE-4B0F-98DE-F86F04975528}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Notebook Interactive Viewer (HKLM-x32\...\{BDC0E727-AF8C-4360-88FD-439144C833A8}) (Version: 2.0.103.0 - SMART Technologies ULC)
SMART Polish Language Pack (HKLM-x32\...\{B009E70F-71B7-43EA-A4A2-EED4D65751AB}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Portuguese (Portugal) Language Pack (HKLM-x32\...\{F9914964-383B-4B92-ADEC-6A5608566219}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Russian Language Pack (HKLM-x32\...\{6BDED2D7-9987-49B1-81B8-6EB2B38B559A}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Spanish (International Latin American) Language Pack (HKLM-x32\...\{F7C06E3B-9BC3-411C-867E-53CAE223DB13}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Spanish Language Pack (HKLM-x32\...\{29ADE094-DA64-46EC-835C-1DEC4A035614}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Swedish Language Pack (HKLM-x32\...\{640A01FF-E76A-458B-A630-EE8BCDBF4649}) (Version: 11.0.50.1 - SMART Technologies ULC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
Triscape FxFoto (HKLM-x32\...\TriscapeFxFoto) (Version:  - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

========================= Memory info: ===================================
Percentage of memory in use: 58%
Total physical RAM: 7889.63 MB
Available physical RAM: 3285.08 MB
Total Virtual: 15777.45 MB
Available Virtual: 11070.5 MB

========================= Partitions: =====================================
1 Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:68.67 GB) NTFS
3 Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:1.73 GB) NTFS

========================= Users: ========================================
User accounts for \\HOME-THINK

Administrator            Guest                    Home                     


**** End of log ****


Edited by hamluis, 20 December 2015 - 04:52 PM.


#4 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 December 2015 - 07:39 AM

http://speccy.piriform.com/results/4PlQwWM3tfUUoUrVgBAuaMN



#5 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 December 2015 - 07:40 AM

Hi Louis,

 

Thank you very much for your help. Sorry for the delay, I had family holiday obligations and got home late last night. Please let me know how you would like me to proceed.

 

Thanks!

cmt



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:16 PM

Posted 20 December 2015 - 04:59 PM

Thank you :).

 

Moving topic to Am I Infected for a malware check.

 

Louis



#7 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 December 2015 - 06:19 PM

Ok, thanks!



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 23 December 2015 - 10:37 PM

Lets have a look at some logs. :)

 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.



#9 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 08:45 AM

# AdwCleaner v5.026 - Logfile created 24/12/2015 at 07:40:04
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Home - HOME-THINK
# Running from : C:\Users\Home\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Exploremedia

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\pc optimizer pro
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1199 bytes] ##########



#10 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 09:10 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by Home (Administrator) on Thu 12/24/2015 at  7:46:34.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 36

Successfully deleted: C:\ProgramData\1449717791.bdinstall.bin (File)
Successfully deleted: C:\Users\Home\AppData\Local\{03857180-E8F1-4477-802B-B3390BF4F3C5} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{110B27E1-C264-473A-80D8-4101016531A4} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{1C3BCF7D-BB34-4DF4-9711-CAF99C8E5C5F} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{28EBFE3E-3307-46D3-908D-D24A35DCA90F} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{29D61D7E-68DA-4464-9B64-7D48BD72D866} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{2FDE3028-56A7-4836-8FD5-5F701A29A5B1} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{323C0A00-F572-4F06-9C0B-E897F98F3438} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{4024D793-6EE9-4F71-A090-5E3D19F5DC14} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{5277BE6C-10B1-4734-B37F-C5C953A20309} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{59556791-7B25-4364-81BE-0B2C8126D7CB} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{64110ACF-0ACB-4AC9-BDDA-A6750A27CDF6} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{66B9EA8B-5576-4D03-860E-152628D0FD03} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{67DBE06E-0CBD-44ED-B0BE-34532228CB1C} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{6BF6CC90-9D30-41A0-8623-0669DBEF9F06} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{793AB0DD-A339-48E5-B17B-82CC644FDCFD} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{9EC301A8-922E-4D35-9D00-02C6E7AF61AC} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{A304B949-6174-49D5-A8DB-5222392AF7F9} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{A3FAC704-FDF5-4E19-996B-AB212F898F98} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{A9F9D629-16AC-401F-97AE-4BA6F9078842} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{AE930F42-6A65-4F69-9A4C-3509F8B08E3C} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{BC3608B6-B9D9-4800-A88B-5459CF7FA365} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{CB570BB6-1F6E-41C2-ADD2-2EFF16056ECE} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{CD7D8819-D995-4A10-BB76-E879166E39C7} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{CFE607A4-43C2-40C3-9F3A-4E5370BB7E34} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{D55EF4CF-51F8-47EC-97F1-4599D93A263A} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{DF803E56-8380-44E4-A837-E237CCB06299} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{E56D9BB6-4188-4C74-BF36-917C2A3E6051} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{E7C3EDFC-D83E-4993-967E-06F267960A11} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{ECC5A2A8-E34F-4ABF-A595-6FADFEDF9AA9} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{F2489126-0E29-4D4C-A9A2-E37F66462307} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{F45A14A9-B0EE-496F-9B2D-895FDE74ED67} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{F45E943C-50A8-43EC-9ECA-4254F8B286B8} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{F9C10C45-FA3B-437D-BFC9-057081232814} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{FAB006CA-B602-4AD0-8568-121C1A31CC9D} (Empty Folder)
Successfully deleted: C:\Users\Home\AppData\Local\{FC894B11-2BA5-4202-A6EF-AC96940B7265} (Empty Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/24/2015 at  7:52:43.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 09:43 AM

Result of Adware Removal Tool (no log file was generated automatically)

 

Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\DVDFab\V9



#12 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 09:50 AM

~ ZHPCleaner v2015.12.23.405 by Nicolas Coolman (2015/12/23)
~ Run by Home (Administrator)  (24/12/2015 08:44:08)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Home\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Home\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>]  =>Hijacker.Proxy


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (22)
FOUND folder: C:\Windows\Installer\MSI84E1.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI94BC.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI95E9.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI982B.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI98D8.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI9CCF.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIA078.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIA26C.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIA386.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIB02B.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIB338.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIB3F4.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIB74F.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIB9A2.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIBD56.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSID5F8.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSID743.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIE847.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIE980.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIEA6B.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIEAF8.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIEB57.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (7)
FOUND key: HKEY_USERS\S-1-5-21-3299110017-3753101801-837207151-1001\SOFTWARE\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
FOUND key: HKCU\Software\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
FOUND key: [X64] HKLM\SOFTWARE\Classes\NCH.Crescendo.cdo [Crescendo Music Notation File]  =>PUP.Optional.Proxy
FOUND key: [X64] HKLM\Software\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 [Itibiti RTC]  =>PUP.Optional.Itibiti
FOUND key: [X64] HKLM\SOFTWARE\Classes\Applications\crescendo.exe [Crescendo Music Notation Editor]  =>PUP.Optional.Proxy
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} [Itibiti Inc]  =>PUP.Optional.Itibiti


---\\  Summary of the elements found (4)






---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 78236
~ Items found : 30
~ Items cancelled : 0
~ Items repaired : 0
 



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 24 December 2015 - 10:53 AM

Looking for the Zemana Scan log.

 

 

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

Minitoolbox scan.

 

 

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#14 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 10:53 AM

Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/24
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5-3360M CPU @ 2.80GHz
BIOS Mode              : Legacy
CUID                   : 0044D24F134ECC4D709603
Scan Type              : Deep Scan
Duration               : 57m 39s
Scanned Objects        : 307633
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

localhost
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B34191C5F67E6DBCAAEE3D58381CE21BB9FEC5A4\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B34191C5F67E6DBCAAEE3D58381CE21BB9FEC5A4\Blob = 1900000001000000100000004931656498EB193BA4636B2786845A5D0F00000001000000140000001DACCAEE6063B05D27317162C9E8BBA87558EE590B000000010000004800000044004C004D0020006C006F00630061006C0068006F00730074002000630065007200740069006600690063006100740065005F0077006900780043006500720074005F0030000000030000000100000014000000B34191C5F67E6DBCAAEE3D58381CE21BB9FEC5A4140000000100000014000000FE24B1EF174981F0BE375DFDFFC5C5022759185620000000010000007502000030820271308201DA020900DD1916863EAAB3B9300D06092A864886F70D0101050500307D310B3009060355040613025347310B300906035504080C025347310B300906035504070C02534731123010060355040A0C096C6F63616C686F737431123010060355040B0C096C6F63616C686F73743112301006035504030C096C6F63616C686F73743118301606092A864886F70D01090116096C6F63616C686F7374301E170D3132303332323134313430395A170D3232303332303134313430395A307D310B3009060355040613025347310B300906035504080C025347310B300906035504070C02534731123010060355040A0C096C6F63616C686F737431123010060355040B0C096C6F63616C686F73743112301006035504030C096C6F63616C686F73743118301606092A864886F70D01090116096C6F63616C686F737430819F300D06092A864886F70D010101050003818D0030818902818100BE3928FD9B7955B4C59BE61A497FA4A1AA6AD4403810858D1FAC0401F4D474B401FDDF050D084B79AF344DB16EF255864ABB71ADE530C4B810B544D58A015B54C570E0F0EFBFBF550F182A9B7219AD529A9EEF8DF88B1D5B75FC3751B6D808210205EED119FA0CA055A87D6951463E9CBB73CEA1C9561631618E4D5A48723A3D0203010001300D06092A864886F70D010105050003818100BB4ADBD5538264C4EB5B1E502408667EF9EEBD71A714C428D8BAF74E3E7078B9FE63E9EEB9BE4BCE346BEBC18145413AC9E911D25ADD0B1790FAF6DB5B88A58F8A7AA4AC3E33E2ED5207258C19DB060D752CCC07B578B7A46E92DE0418B291B5A4E242980F860C7B404B53F2DAEC62BF570BF1B95DFA575C59826994C3BFFB04


Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0

 



#15 tzonehunter

tzonehunter
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 December 2015 - 11:08 AM

Thank you very much for your help. We have slowish internet speeds where we live. Sorry for the delay. Working on your second reply now.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users