Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Spyware on my computer?. Pls help


  • Please log in to reply
8 replies to this topic

#1 Dodoram

Dodoram

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 17 January 2016 - 12:55 PM

I received a message from a reputable vendor that my account was violated. I ensured that it was a genuine message and chaged account settings.  I want to make sure there are no spyware on my computer. I ran Malware Bytes and it found no isssues. Can you please help? I am using Windows 10Pro on my PC.

 

Thanks

 

Arun


Edited by Dodoram, 17 January 2016 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:53 AM

Posted 17 January 2016 - 12:58 PM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 19 January 2016 - 01:40 PM

Sorry, Had been held up and could not complete all steps till now. I made one mistake. After copying the AdwCleaner report, I ran the cleanUp by mistate. It generated another report. I enclosed both these. I ran the other three as you instructed.

 

I noticed a couple of things and will apprciate of you could address them as well (in addition to the clean up steps that you would recommend).

 

AdwCleaner Removed YTDDownloader. I would like to reinstall it. Is it ok?

 

MiniToolBox report said that Removed Sophos Virus Removal Tool. Can I reinstall it or are there any issues with this software?

 

Please let me know the next steps.

 

Thanks

 

Arun

 

 

 

 

Here are the reports:

 

Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 66  
 Java version 32-bit out of Date! 
 Adobe Flash Player 20.0.0.267  
 Mozilla Firefox (43.0.4) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.9.696.8769\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.9.696.8769\AdAwareTray.exe 
 Windows Defender MSASCui.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
___________________________________________________________________________________________________________________________________________________________________
 
No malware was found by MalwareBytes Anti RootKit
 
__________________________________________________________________________________________________________________________________________________________________
 
AdwCleaner report - Before I ran the CleanUp:
 

# AdwCleaner v5.030 - Logfile created 19/01/2016 at 13:15:18
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Arun - ARUNPUGET
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
 
***** [ Files ] *****
 
File Found : C:\Users\Public\Desktop\YTD Video Downloader.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11668D9C06DD0A64689920C3E9AA8BF6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8B2DE8E6BEBB47BBC322B82D20DF9
 
***** [ Web browsers ] *****
 
[C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : madakpajlmcpaodhfbekojajlhbdklol
[C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ocifcogajbgikalbpphmoedjlcfjkhgh
 
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [1853 bytes] ##########
______________________________________________________________________________________________________________________________________________________________________
 

ADW Cleaner After CleanUp
 
# AdwCleaner v5.030 - Logfile created 19/01/2016 at 13:20:48
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Arun - ARUNPUGET
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11668D9C06DD0A64689920C3E9AA8BF6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8B2DE8E6BEBB47BBC322B82D20DF9
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : madakpajlmcpaodhfbekojajlhbdklol
[-] [C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ocifcogajbgikalbpphmoedjlcfjkhgh
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [2023 bytes] ##########
 
_________________________________________________________________________________________________________________________________________________________________________________________
 
MiniToolBox By farber:
 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Arun (administrator) on 19-01-2016 at 13:27:06
Running from "D:\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com
========================= IP Configuration: ================================
 
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Connected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ArunPuget
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 20-CF-30-7F-48-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 20-CF-30-7F-49-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::602b:e218:53c8:86b1%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 19, 2016 1:22:17 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 20, 2016 1:22:17 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 304140080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B7-E8-A2-20-CF-30-7F-48-65
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34ee:36e4:b841:13ee(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::34ee:36e4:b841:13ee%4(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 201326592
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B7-E8-A2-20-CF-30-7F-48-65
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:400b:80a::1006
 74.125.226.131
 74.125.226.134
 74.125.226.137
 74.125.226.130
 74.125.226.133
 74.125.226.129
 74.125.226.132
 74.125.226.128
 74.125.226.135
 74.125.226.136
 74.125.226.142
 
 
Pinging google.com [74.125.226.137] with 32 bytes of data:
Reply from 74.125.226.137: bytes=32 time=22ms TTL=250
Reply from 74.125.226.137: bytes=32 time=23ms TTL=251
 
Ping statistics for 74.125.226.137:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=84ms TTL=240
Reply from 206.190.36.45: bytes=32 time=85ms TTL=240
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 85ms, Average = 84ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...20 cf 30 7f 48 65 ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  8...20 cf 30 7f 49 c8 ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    266
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  4    306 2001::/32                On-link
  4    306 2001:0:5ef5:79fd:34ee:36e4:b841:13ee/128
                                    On-link
  8    266 fe80::/64                On-link
  4    306 fe80::/64                On-link
  4    306 fe80::34ee:36e4:b841:13ee/128
                                    On-link
  8    266 fe80::602b:e218:53c8:86b1/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    266 ff00::/8                 On-link
  4    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/19/2016 01:20:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: combase.dll, version: 10.0.10586.0, time stamp: 0x5632d3ca
Exception code: 0xc0000005
Fault offset: 0x0000000000056e39
Faulting process id: 0x4b54
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Faulting package full name: Explorer.exe4
Faulting package-relative application ID: Explorer.exe5
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: K:\Search\Data\Applications\>.
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: K:\Search\Data\Applications\>.
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:30 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: K:\Search\Data\Applications\>.
 
Error: (01/19/2016 01:05:30 PM) (Source: Windows Search Service) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:25 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: K:\Search\Data\Applications\>.
 
Error: (01/19/2016 01:05:25 PM) (Source: Windows Search Service) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:24 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: K:\Search\Data\Applications\>.
 
 
System errors:
=============
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 103 time(s).
 
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 102 time(s).
 
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 101 time(s).
 
Error: (01/19/2016 01:27:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (01/19/2016 01:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 100 time(s).
 
Error: (01/19/2016 01:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (01/19/2016 01:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 99 time(s).
 
Error: (01/19/2016 01:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (01/19/2016 01:20:47 PM) (Source: Application Error)(User: )
Description: Explorer.exe10.0.10586.05632d4c0combase.dll10.0.10586.05632d3cac00000050000000000056e394b5401d1520f2f0ceb35C:\WINDOWS\Explorer.exeC:\WINDOWS\system32\combase.dll0c2c829f-2536-4abb-9ee2-d2f64c397e31
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service)(User: )
Description: 10x80070003Failed to create application directory: K:\Search\Data\Applications\
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service)(User: )
Description: 10x80070003Failed to create application directory: K:\Search\Data\Applications\
 
Error: (01/19/2016 01:08:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:30 PM) (Source: Windows Search Service)(User: )
Description: 10x80070003Failed to create application directory: K:\Search\Data\Applications\
 
Error: (01/19/2016 01:05:30 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:25 PM) (Source: Windows Search Service)(User: )
Description: 10x80070003Failed to create application directory: K:\Search\Data\Applications\
 
Error: (01/19/2016 01:05:25 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (01/19/2016 01:05:24 PM) (Source: Windows Search Service)(User: )
Description: 10x80070003Failed to create application directory: K:\Search\Data\Applications\
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-01-19 12:54:16.066
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:54:16.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:54:16.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:54:16.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:53:21.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:53:21.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:53:21.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:53:21.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:52:20.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-19 12:52:20.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
16.0.0.0 (HKLM-x32\...\{6B75BAF2-A67A-418D-A3D4-B27A5C04F2F5}_is1) (Version: 16.0.0 - Duplicate Video Search)
3ware Disk Management Tools (HKLM\...\8c793da9f0aa7e94d3b4faba721006ff-1001563592) (Version: 9.5.3 - LSI Corporation)
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}) (Version: 18.0.6525 - Acronis) Hidden
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}Visible) (Version: 18.0.6525 - Acronis)
Ad-Aware Antivirus (HKLM\...\{9A711B34-77B5-4DDA-A97E-2FD6663729E1}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft)
AdAwareInstaller (HKLM\...\{925E421B-0E75-47B0-A777-9BE05334F531}) (Version: 11.9.696.8769 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{9A711B34-77B5-4DDA-A97E-2FD6663729E1}) (Version: 11.9.696.8769 - Lavasoft) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.3.189 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Production Premium (HKLM-x32\...\{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Extension Manager CS6 (HKLM-x32\...\{83463106-DD1C-4FE5-A61C-DF6715472AD4}) (Version: 6.0.8 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_0) (Version: 19.2.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.2.0.100 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AKVIS OilPaint (HKLM\...\{EB956473-E6EC-43D9-A706-0276B7C560AE}) (Version: 4.0.436.11981 - AKVIS)
AKVIS Sketch (HKLM\...\{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}) (Version: 17.0.2946.11963 - AKVIS)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
AntimalwareEngine (HKLM\...\{B6547F83-398A-4E22-BB5A-DC6A9F013796}) (Version: 3.0.99.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998142702.48.56.41225450 - Audible, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Briz Video Joiner (HKLM-x32\...\Briz Video Joiner_is1) (Version:  - )
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DiskAid 5.06 (HKLM-x32\...\DiskAid_is1) (Version: 5.06 - DigiDNA)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FaceFilter Studio 2 (HKLM-x32\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - )
Fast Duplicate File Finder 3.5.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.5.0.1 - MindGems, Inc.)
FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
ffdshow v1.2.4436 [2012-04-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4436.0 - )
Fidelity Active Trader Pro® (HKCU\...\b5fb46aa4436cce0) (Version: 10.6.445.0 - Fidelity Investments)
Fidelity Active Trader Pro® (HKLM-x32\...\{4C5FBE19-3780-48E3-A0FF-8DDEBCF5C46C}) (Version: 7.00.0000 - Fidelity Investments) Hidden
Fidelity Active Trader Pro® (HKLM-x32\...\{DDEDCA60-9412-4C23-8B60-D224F1FE1B01}) (Version: 10.3.1571.0 - Fidelity Investments) Hidden
FotoSketcher 3.00 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Free PDF Solutions PDF to WORD version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.9.0.4288 (HKCU\...\GoToMeeting) (Version: 7.9.0.4288 - CitrixOnline)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block New York 2011 (HKLM-x32\...\{6C434B52-8D0F-4080-9649-7497445DDCD4}) (Version: 1.11.4401 - HRB Technology, LLC.)
H&R Block New York 2012 (HKLM-x32\...\{0A5FB059-9FF1-4A78-9753-4D7656560DAF}) (Version: 1.12.7001 - HRB Technology, LLC.)
H&R Block New York 2013 (HKLM-x32\...\{E3B9117D-7476-4C74-8C22-337F630D6602}) (Version: 1.13.5901 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM-x32\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{859963C1-E908-49E8-9FA3-9E833D717563}) (Version: 1.8.8 - Verizon)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.18.0.183 - LogMeIn, Inc.)
K-Lite Mega Codec Pack 7.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
MakeitOne - MP3AlbumMaker (HKLM-x32\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{64867E7B-D4D7-422E-883D-55C4BEB0E326}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MPC-HC 1.6.5.6366 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
Network Recording Player (HKLM-x32\...\{21706D5B-A09C-42F1-95B5-CBDFE20F9852}) (Version: 29.10.1.10115 - Cisco WebEx LLC)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Plug-in (HKLM-x32\...\{9A0FE2C0-7A7E-444E-8BD4-087178A91865}) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{345E25C8-EC20-45D5-A088-C5891FC603D4}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{AD4E43FF-20E5-4E91-9B10-5BFAB7F66EE2}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
Psykopaint (HKLM-x32\...\{CC4EA2EB-C7C4-175E-0AA1-9DEE8A8DA4BE}) (Version: 1.3.12 - Psykosoft Inc) Hidden
Psykopaint (HKLM-x32\...\net.psykosoft.psykopaint) (Version: 1.3.12 - Psykosoft Inc)
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Question Writer 4 (HKLM-x32\...\{D6DDBEC7-69DD-4BFB-A1A1-E7CA828856B2}) (Version: 4.0.0 - Question Writer Corporation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Self-service Plug-in (HKLM-x32\...\{6C487153-A286-48F7-BE55-717552E90E20}) (Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spotify (HKCU\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
SymMover (HKLM-x32\...\SymMover) (Version:  - )
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
VectorVest 7 (HKLM-x32\...\{93057e39-ceeb-4f3b-8a79-223512e8cb5b}) (Version: 1.16.175.0 - VectorVest, Inc.)
VectorVest Options Analyzer 7 (HKLM-x32\...\{667FACC4-CB9A-4B90-97CB-BFD41298CA45}) (Version: 7.9.0.0 - VectorVest)
Virtual Account Numbers (HKLM-x32\...\{43925F87-020B-406C-AEDD-9B621424D401}) (Version: 1.0.6.0 - Citi) Hidden
Virtual Account Numbers (HKLM-x32\...\{9C411DC9-B8B8-45F3-B688-073BF4B59094}) (Version: 1.0.1.0 - Citi) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.81.0 - Verizon)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WM Capture 5 (HKLM-x32\...\WM Capture 5) (Version: 5.0 - AllAlex,Inc)
WM Capture 7 (HKLM-x32\...\WM Capture 7) (Version: 7.2 - AllAlex, Inc.)
WM Recorder (HKLM-x32\...\WM Recorder) (Version:  - )
WM Recorder 15 (HKLM-x32\...\WM Recorder 1515.2.0.0) (Version: 15.2.0.0 - AllAlex, Inc)
WM Recorder 15 (HKLM-x32\...\WM Recorder 1515.2.1.0) (Version: 15.2.1.0 - AllAlex, Inc)
WM Splitter 2.2.1305.22 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 2.2.1305.22 - All Alex Inc.)
Xilisoft Video Cutter 2 (HKCU\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20120901 - Xilisoft)
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.6 - Yahoo! Inc.)
YouTube Downloader Toolbar v6.0 (HKLM-x32\...\{590E3295-A11B-4C9F-9F88-399397EE393D}) (Version: 6.0 - Spigot, Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 8%
Total physical RAM: 24567.1 MB
Available physical RAM: 22446.47 MB
Total Virtual: 24567.1 MB
Available Virtual: 22411.11 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:237.5 GB) (Free:147.12 GB) NTFS
2 Drive d: () (Fixed) (Total:1862.62 GB) (Free:1018.49 GB) NTFS
4 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
5 Drive g: () (Fixed) (Total:74.43 GB) (Free:74.28 GB) NTFS
6 Drive h: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:260.15 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ARUNPUGET
 
Administrator            Arun                     DefaultAccount           
Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
10-01-2016 23:19:23 Windows Update
14-01-2016 19:24:33 Windows Update
17-01-2016 18:04:03 Removed Sophos Virus Removal Tool.
 
**** End of log ****
 
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:53 AM

Posted 19 January 2016 - 02:03 PM

It is your own risk if you re-install adware which was deleted before.

I do not know why you think that Sophos Virus Removal Tool has been removed?

ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


How the computer is running now?

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 19 January 2016 - 08:47 PM

Thanks J0*. . I see that Sophos Virus Removal Tool was not removed. I read the last item in the MiniToolBox which said  "17-01-2016 18:04:03 Removed Sophos Virus Removal Tool" and posted that question, but now I see under which heading this item appeared.

 

 

Following is the Emsisoft Log:

 

Emsisoft Emergency Kit - Version 10.0
Quarantine log
 
Date Source Event Detection
1/19/2016 8:23:17 PM C:\ProgramData\free youtube downloader Moved to quarantine Application.AppInstall (A)
1/19/2016 8:22:36 PM C:\Program Files (x86)\free youtube downloader File locked, removal on next computer restart Application.AppInstall (A)
1/19/2016 8:22:36 PM Value: HKEY_USERS\S-1-5-21-1426296062-3513457769-928350731-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Moved to quarantine Setting.DisableTaskMgr (A)
1/19/2016 8:22:36 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
1/19/2016 8:22:36 PM Value: HKEY_USERS\S-1-5-21-1426296062-3513457769-928350731-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
1/19/2016 8:22:36 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREE YOUTUBE DOWNLOADER Moved to quarantine Application.InstallAd (A)
 
__________________________________________________________________________________________________________________________________________________________________________________________
Emsisoft Emergency Kit - Version 10.0
Scan log
 
Date Scan Method Objects Scanned Objects                                  Detected              Duration                                 Type
1/19/2016 8:13:36 PM Malware 92431                                                  7                     0:07:48                              Manual scan
 


#6 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:53 AM

Posted 20 January 2016 - 06:18 AM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 21 January 2016 - 07:32 AM

Hi. Thanks for all your help. Here is the Eset log. The computer has been working fine.

 

C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir a variant of Win32/Toolbar.Widgi.W potentially unwanted application deleted
D:\AR\FYTD_Setup_2 (2).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\AR\FYTD_Setup_2 (3).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\AR\New folder (5)\FYTD_Setup_2 (2).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\Downloads\ccsetup509 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\Downloads\FreeYouTubeDownloaderOC(1).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\Downloads\FreeYouTubeDownloaderOC.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\Downloads\FYTD_Setup_2 (1).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\Downloads\FYTD_Setup_2.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
D:\Downloads\MediaInfo_GUI_0.7.69_Windows.exe Win32/OpenCandy potentially unsafe application deleted
D:\Downloads\YTDSetup.exe Win32/Toolbar.Widgi potentially unwanted application deleted
H:\zips\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView potentially unsafe application cleaned by deleting
H:\zips\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA potentially unsafe application cleaned by deleting
 
Thanks
 
Arun


#8 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:53 AM

Posted 21 January 2016 - 09:58 AM

It Appears That Your Pc Is Now Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 26 January 2016 - 09:33 PM

Thank you for all your help.

 

Arun






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users