Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and need help


  • Please log in to reply
31 replies to this topic

#1 water101

water101

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 03:37 PM

My younger sons computer is badly infected I believe. It hasn't been turned on in about  year and when I did it is running beyond slow. I tried to clean it up a bit with malware bytes and ADWCleaner but still running slower then it should. It takes a long time for anything to open or close. I can not download Housecall to scan it for a virus as it will not get past 38% and then an error occur no matter which browser I try. Looking for some help and direction. The computer is running windows 7 Enterprise and I am attaching the ADWcleaner report.
 
Thanks

 

# AdwCleaner v5.030 - Logfile created 20/01/2016 at 14:58:17
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : TJ Trifoli - TJ-PC
# Running from : C:\Users\TJ Trifoli\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater19.1.0

***** [ Folders ] *****

[-] Folder Deleted : C:\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\TJ Trifoli\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\TJ Trifoli\AppData\LocalLow\Conduit

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.clubcrawlers.com_0.localstorage
[-] File Deleted : C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.clubcrawlers.com_0.localstorage-journal
[-] File Deleted : C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\user.js

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7B00E283-7DD4-47CC-841D-42366DF84BA5}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Boot
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Boot.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

***** [ Web browsers ] *****

[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.FF19Solved", "true");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.UserID", "UN19797560771307029");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.fullUserID", "UN19797560771307029.IN.20130815180836");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.installDate", "15/08/2013 18:08:35");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.installSessionId", "{3117B874-0BEC-42F3-97EB-0243D2DFC049}");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.installSp", "false");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.installerVersion", "1.5.4.5");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.keyword", "true");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.originalHomepage", "about:home");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.originalSearchEngine", "Google");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.originalSearchEngineName", "Ask.com");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.searchRevert", "true");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.searchUserMode", "2");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.smartbar.homepage", "true");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.9.6");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("CT3289847.xpeMode", "0");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN19797560771307029&UM=2&SearchSource=13&UP=SPDEC9B142-25B0-420C-BCDD-87D71626139E");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Ask.com");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("extensions.enabledAddons", "plugin%40getwebcake.com:1.00.01,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.installId", "4c4a543f-0f2c-4cf0-a144-f98d787d7d17");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN19797560771307029&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN19797560771307029&UM=2[...]
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN19797560771307029&UM=2&q=");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
[-] [C:\Users\TJ Trifoli\AppData\Roaming\Mozilla\Firefox\Profiles\oqimmol1.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "ZZI0L5JYZVYFW1MLRRVVEPQMA0UQ8UT0WT+FEDWHUDWHP6GCISK+RCSL5P3HTKDCA8ZFEFS91OCU1EYG3R+/PQ");
[-] [C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\TJ Trifoli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13379 bytes] ##########

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 03:47 PM

Hi water101 :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 04:06 PM

Thanks here is the results I couldn't find a attachment section so I cut and pasted it here.

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by TJ Trifoli (administrator) on 20-01-2016 at 15:57:51
Running from "C:\Users\TJ Trifoli\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Model: Aspire 5552 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TJ-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : C4-46-19-46-46-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1df2:cc13:6995:ae41%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, January 20, 2016 3:11:07 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 27, 2016 3:11:07 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 314852889
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FB-CC-49-88-AE-1D-71-26-8C
   DNS Servers . . . . . . . . . . . : 64.71.255.204
                                       64.71.255.198
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 88-AE-1D-71-26-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3B4E0E6C-B1F3-4512-BDFB-60E1433A9964}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns.cp.net.rogers.com
Address:  64.71.255.204

Name:    google.com
Addresses:  2607:f8b0:400b:80a::1000
   209.148.199.54
   209.148.199.50
   209.148.199.34
   209.148.199.44
   209.148.199.29
   209.148.199.59
   209.148.199.35
   209.148.199.45
   209.148.199.20
   209.148.199.40
   209.148.199.49
   209.148.199.39
   209.148.199.24
   209.148.199.55
   209.148.199.30
   209.148.199.25

Pinging google.com [209.148.199.45] with 32 bytes of data:
Reply from 209.148.199.45: bytes=32 time=15ms TTL=59
Reply from 209.148.199.45: bytes=32 time=29ms TTL=59

Ping statistics for 209.148.199.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 29ms, Average = 22ms
Server:  dns.cp.net.rogers.com
Address:  64.71.255.204

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=145ms TTL=53
Reply from 98.139.183.24: bytes=32 time=57ms TTL=53

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 145ms, Average = 101ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...c4 46 19 46 46 12 ......Atheros AR5B97 Wireless Network Adapter
 10...88 ae 1d 71 26 8c ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.22     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.22    281
     192.168.0.22  255.255.255.255         On-link      192.168.0.22    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.22    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.22    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.22    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::1df2:cc13:6995:ae41/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/20/2016 03:52:52 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e8

Start Time: 01d153c45692e0ed

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/20/2016 02:21:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15809172

Error: (01/20/2016 02:21:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15809172

Error: (01/20/2016 02:21:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/20/2016 08:09:51 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (01/20/2016 08:02:49 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect by Conduit Updater since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/20/2016 05:06:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21619368

Error: (01/20/2016 05:06:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21619368

Error: (01/20/2016 05:06:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2016 11:06:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15694

System errors:
=============
Error: (01/20/2016 03:11:18 PM) (Source: Service Control Manager) (User: )
Description: The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (01/20/2016 03:11:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Error: (01/20/2016 03:07:34 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (01/20/2016 03:07:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (01/20/2016 03:06:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/20/2016 03:00:00 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/20/2016 02:59:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/20/2016 02:59:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/20/2016 02:58:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/20/2016 02:58:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-09-21 10:09:14.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-21 10:09:13.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-21 10:08:54.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-21 10:08:54.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Acer Crystal Eye Webcam 2.0.7 (HKLM-x32\...\{1CBC1087-4236-4A63-BD81-0753F6554964}) (Version: 2.0.7 - SuYin) Hidden
Acer Crystal Eye Webcam 2.0.7 (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.7 - SuYin)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{8D0A0350-B509-B362-4827-63E4C6520E7B}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG 2014 (HKLM\...\{055E4E62-72ED-4668-9F7A-AE5462B4D466}) (Version: 14.0.4842 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\{34883B9C-CDFE-46F0-9C5B-935484C218C3}) (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\{4ED5A05D-A367-47A4-B8CD-9D8BF1360511}) (Version: 14.0.4477 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4842 - AVG Technologies)
AVG Zen (HKLM\...\{5ED53AC5-2BEA-4B9D-8AA2-41AF9565F75A}) (Version: 1.31.9 - AVG Technologies) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\{4229F016-3A60-439E-B626-DE4BD457469F}) (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
FMW 1 (HKLM\...\{1F610B48-81E7-4A33-AFC9-1D7602C80732}) (Version: 1.52.1 - AVG Technologies) Hidden
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.65.0.WIN.FullTilt.COM - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Lexmark 3500-4500 Series (HKLM\...\Lexmark 3500-4500 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 90%
Total physical RAM: 2810.9 MB
Available physical RAM: 270.76 MB
Total Virtual: 5619.98 MB
Available Virtual: 2330.05 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:123.93 GB) NTFS

========================= Users: ========================================

User accounts for \\TJ-PC

Administrator            Guest                    TJ Trifoli              

**** End of log ****



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 05:28 PM

Please uninstall the following outdated programs. If you can't uninstall one, let me know.
  • Adobe AIR;
  • Adobe Flash Player 10 ActiveX;
  • Adobe Flash Player 11 Plugin;
  • AVG 2014;
  • Java 7 Update 11;
  • Mozilla Firefox 24.0 (x86 en-US);
  • Pando Media Booster;
  • Visual Studio 2012 x64 Redistributables - After uninstalling AVG;
  • Visual Studio 2012 x86 Redistributables - After uninstalling AVG;
If you need to reinstall any of these, we'll do it after the clean-up.

Once done, follow the instructions below please.


lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • If you uninstalled the programs mentionned above or not;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 07:37 PM

Thanks all programs uninstalled. ADWCleaner came back perfectly clean so no report. I will attach the other two reports.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Enterprise x64
Ran by TJ Trifoli (Administrator) on Wed 01/20/2016 at 18:13:12.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 145

Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{027B3719-8A38-4231-A9C6-847BE2038C78} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{02F8DD21-0711-4776-AEBC-3EB79B69495E} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{033DAB49-97EF-486D-8C33-16E9833800EC} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{052A95FE-F44D-46E3-9CEA-CBCD5E224B55} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{052ED648-6608-4AD1-B20F-EC7791B0212C} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{057D9E33-C6DC-40E5-BEDB-6F8CEBCFA6DD} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{0819B882-B4EC-47D6-8C3C-A1A2EB322E24} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{08A9802D-CD78-4CF2-AD6B-07D2F07D48A9} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{08D15FAA-402E-4814-AFF6-16DA32E5C4D9} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{0DB98069-7C89-43E6-93AF-40CF0C7D357A} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{1195DB3D-066B-49E8-9AFA-06362D92A555} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{11D0A7FE-24B8-4172-9E37-C01EF558C405} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{132D44FE-92A3-412A-AE9A-52E9B6DB5C34} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{1A2E23FC-49A2-44B6-8B1E-42204C1F850B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{1F5429FF-6655-4FB5-B240-18DCC937365C} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{213CECF6-1B70-4909-81D2-8BCA707F0447} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{21B82CAC-1A64-4D2A-B84D-BBC239A3A74D} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{21EF4798-E9FC-4050-B6BF-64B498974A0B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{22598A6A-83D1-492A-8FC1-5363A80F8B63} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{2326B859-E724-4496-8005-80D88C51C074} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{266532C4-5A67-4304-9FA8-7121341E599E} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{2A996E68-CA32-473C-871A-F131225D08E9} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{2CF79E12-C3D7-4314-9237-691D0E4E1546} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{2E65C652-1D5F-4146-9219-93EAC764CD8B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{2F037C41-8CFB-40A6-B4E3-CAA95BA29635} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{32FB0E2B-26D5-4E4A-A36E-8C308EEF45C2} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{369D52AF-1170-48E8-9C08-9D1EF6E6D83D} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{37BB57C9-3FD9-4CB3-9960-72A897210DAA} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{3A248BFC-1F49-4520-B42C-38FF341C9B4B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{41C717E8-E0FD-4842-8A96-18CD291B9D9B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{46ABC8DE-6A40-41CF-BF1B-0B25365F02C4} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{46BB3F12-82A0-4C23-ADD7-990C57C3064B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{4A377F7C-E7E5-4096-976B-6293C47F2E13} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{4AFD8B90-E8D3-4103-80C1-1E0ADF71ABFF} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{4B1F08B7-8880-4B92-9D75-266E12C13E52} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{4C58383E-72BB-47D9-BBF4-FC097FE48A19} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{4F65E3CA-1E14-4AE2-B49D-AE73E817C2AA} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{50C33587-0A10-4959-A7DF-4A8A946309FD} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{51F5C64C-0751-49D9-A83E-540F7E20D27E} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{5333F4A5-8AA5-44CD-8D04-FA3E80047586} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{55713FB4-50F7-46E8-B16B-8612342E4A71} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{55AB0E02-8D7B-4D02-BC48-E068339D0E30} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{562E303E-7A69-4750-B178-CC7A312FBA5E} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{568E07FB-BA7C-4AD2-9CC7-C8C90DF01CF2} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{56D15C45-9AC5-4638-85B2-AD429D2F72D7} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{56D5AA36-8A0E-40E7-94DB-65121305C9A5} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{5800B83F-D3BE-48D5-AD6A-4D9D9E6B1EFA} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{59B7B405-2268-418E-98F2-59EF0CB6AAA6} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{65CC1D71-D278-4A56-AFD9-D7BBB47437BA} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{668DB42E-6890-4FD1-8456-1E04AF91FE8B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{676DDE25-2C45-4EAE-A182-D85148C47EFA} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{68B66320-EB56-488A-853E-B184A74D4FFE} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{6C053BF5-1418-4027-B9F8-37286525BE1A} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{6ED1A376-A1C3-4E41-A6D6-2E551E9152D0} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{71A5F40F-73DB-4E0A-9CDA-ED90B72A9530} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7365E5E3-5272-4E4F-82A3-3AFAD657D339} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7398D2BB-AFB6-4BB9-878F-3C97C678AD3E} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7529DF9D-B17F-4252-B0AF-14F4A3E89E32} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{75C6A7F4-ED96-4ABB-AC08-2D011F83A539} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7A9C4521-A54C-4FC0-B691-FCD3B406E99F} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7CACF995-0C99-4F1E-B242-B292399E86BE} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7E031A7F-86A5-45D4-BC45-61F8BA0E4199} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{7E5B19D5-2629-4CB4-8D7C-2CEC3604D0C1} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8303A798-93E4-4F49-9254-426273BD6127} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8671B929-0DEA-4698-835E-E474885563B7} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8707D3C8-6526-4637-A73F-0C46AAF2D294} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{88F86981-DA54-4B63-A9EE-5AF21F5B6D2F} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8B86FED7-C11E-46D4-84F7-A36A175C5019} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8BC5624D-E0FA-4B48-BBA8-E66F944CF9DE} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8C4FF1C4-4A40-452D-9EF2-C606198AEE49} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8C6C759E-8EC6-44E3-BA26-5CB9354F3DE0} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{8D67E2AB-EC6F-490B-8274-03EBA1E0EAEB} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{915BDF41-4922-489A-BF2E-6BE4AADD713F} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{9480A8A7-2153-421F-B404-BE6868C86887} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{95537967-59E9-47B1-93AE-7C24A6BFAACD} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{96E099AD-E995-4EFF-AE65-D1286FB70C06} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{971B9E4C-43E4-4F19-83B4-9750EB9AA467} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{989FFB4B-30C9-4E10-9A6B-2A565FC4B2A4} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{9B4B7DD9-FBD2-4C60-8AEB-A7E620EC0661} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{9FD4436C-5D46-4FEA-9271-AA0348D831FC} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A171B431-3805-4791-9E5F-BA4DE7877274} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A184DCB2-8BB7-4EF7-A8CF-58738103C407} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A1A73816-0968-48BD-AC37-8ED3B2468BE9} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A2F48E46-42F5-4FC6-964A-1F6EFE4FAEDC} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A644CF67-F6B1-4CA8-B491-B68809A48549} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A69FB322-B026-41F1-8ADB-6ADA6FF5960F} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A8167F83-001F-439D-BAFC-E00EC647EFF0} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{A89FAD1C-F4C1-4DF1-A8A4-206933E18296} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{ABB50C18-6749-4C69-982E-D5B73770C7C5} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{AEF55057-2542-49A1-9ED5-549367FE1E40} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{B1160726-A7D0-49C0-8419-89B6EB5A4586} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{B201F79C-6978-4652-9B2B-AFD336132E51} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{B67F5024-6843-411D-AC2C-97193BFB79E8} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{B75E0C37-E1F5-4227-950D-E0190E8C8C01} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{B902DE94-E401-4EAE-9D39-6100D53685F0} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{BE3EDAB3-8F62-4F14-BBC5-A4E872D0A032} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C3492DED-5985-4706-A78B-2CEE9BD95ED7} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C354F312-E47E-49F6-88B8-AD4876E2BD13} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C4B9A488-3F78-4671-992D-2D55DF22CC14} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C7211A91-B00A-4346-A15C-8D0361C072B2} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C7A42E2D-090D-4F9A-B74E-18F9F6D70BFF} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{C99C642F-BF15-4260-B44D-CBA50CC6F138} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CB569866-38D2-45ED-A9F4-28B723923020} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CBFE682A-DAB7-4E39-91BF-50980091045B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CC3A3EED-500A-45DD-BE8B-00FDB93BC661} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CD1FD41C-3E89-486D-BED4-52C468BE244B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CE4ED19E-9988-4B53-8765-D94D5829897F} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CF511A97-94B0-4A82-B8E9-09A0C916A5F5} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CF664B6B-CBEB-4CEB-8F63-0AACC96771E6} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{CF8111B7-F655-46BC-9090-1081E99A6BBD} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D513D7F3-50A7-4B5F-892B-C5FD70278F08} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D7741209-30C5-444F-98CC-F22AA085D904} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D8511AB3-C1C5-451F-B962-EBB779CB8605} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D8549316-7653-451F-8EA1-E4EFE69A3292} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D85CF57E-2F16-44DD-8154-67ECB81651CC} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{D8B1F80B-5604-4717-A3F2-AFBDE85872EC} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{DBBEE928-0BF9-4304-8B0F-28ACF6CD8BA7} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{DCCEA32E-8438-4711-937B-B19DA694FDFB} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{DEC343F3-02AC-4C4D-B486-862B728849A1} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{E4B06CCC-BDA5-4438-B88F-7A29CFB4E6D1} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{E8AAF95C-77E2-422D-ABDF-9192C119247B} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{EC2BA4B7-089F-420C-AE16-19D6A167AF01} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{ECDC5348-9007-420A-A7E3-1D679141EEE3} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{F16342F4-9D16-4D39-B4A4-E1A8D8F8D7E6} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{F3202EF4-E233-435A-B121-B7B0DC505833} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{F419D85D-345B-453E-B3BD-0595C4A5C233} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{F5FB5C3C-183B-4FC6-BF0F-7ED1FED2FE23} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{F739EE23-CB10-4D7C-9245-942A579AAFE8} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{FAB30D75-81DF-44A8-96DD-CED9F206E0CD} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{FBC93267-D045-4C9A-9112-1D94645B1149} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{FCD14CC6-40D6-46B2-9D59-2253A3D412BE} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\{FD54D5D7-6844-43C7-80E3-864BBA0850BE} (Empty Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2142YJKK (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RY3TT8T (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VSOP3ZW (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50NEPMMY (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LWLUZ6F (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9QV7KXY (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8FGBZJK (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJJN1SUJ (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6A9FC2Z (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLJYQXG1 (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDZYIHAL (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHXAMWY1 (Folder)
Successfully deleted: C:\Users\TJ Trifoli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3DO56E0 (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/20/2016 at 18:17:37.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/20/2016
Scan Time: 6:44 PM
Logfile: Malware.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.20.07
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TJ Trifoli

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342614
Time Elapsed: 27 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 07:52 PM

Awesome :) Follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 08:02 PM

That computer does not have Dropbox, Google Drive or Onedrive as it has not been on in almost 3 years is there another way to get you the report



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 08:07 PM

You can upload the .arn file on ge.tt and post the download URL for it here :) Also, all of these services have a web interface where you can drag and drop files to upload them. No need to download, nor install anything.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 08:09 PM

I just realized that I can log in through IE and upload the file so hopefully I will do it right



#10 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 08:31 PM

Here it is I hope

 

https://www.dropbox.com/s/m4foq06c42lscgr/TJ-PC.arn?dl=0



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 08:39 PM

Alright. Now, you'll open Autoruns again with Admin Rights, and you're going to delete the entries listed below in the screenshots (you can click on them to enlarge). To delete an entry, simply right-click on it and select Delete. They are shown in order (so from the top of the log to the bottom), and they're all highlighted in yellow or pink.
mhIYoQI.png
If you can't delete an entry, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 08:46 PM

Did you only want me to delete the one file you listed or all the files in yellow. I deleted the one you asked me to.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 20 January 2016 - 08:58 PM

Just the one in yellow is fine :) Alright, now follow the instructions below please.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
    UNSds6D.png
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
    r1NTvJ5.png
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 20 January 2016 - 09:37 PM

Thanks for the help. Here is the report, I will perform your next request tomorrow. Thanks again for all the help

 

Emsisoft Emergency Kit - Version 10.0
Quarantine log

Date Source Event Detection 
1/20/2016 9:34:03 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI Moved to quarantine Application.AdReg (A) 
1/20/2016 9:34:03 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI.1 Moved to quarantine Application.AdReg (A) 
1/20/2016 9:34:02 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE Moved to quarantine Application.AdReg (A) 
1/20/2016 9:34:02 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1 Moved to quarantine Application.AdReg (A) 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 21 January 2016 - 06:16 AM

Alright good :) Now, follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users