Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection/Malware


  • Please log in to reply
38 replies to this topic

#1 water101

water101

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 19 February 2016 - 09:38 PM

Some how today I got an infection or malware that is new to me I have never seen one like this but I am sure it is common. My bit defender started going crazy with Quarenting items and then I got a YT download installed and TV time and a bunch more programs I seemed to have got most of it stopped by deleting the program from add/remove as well as ADware cleaner. I think their are traces let and things were changed since now on my home page I get a certficate error.

 

Thanks for all thoughts



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 19 February 2016 - 09:43 PM

Hi Joe :)

Let's get started shall we? Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 19 February 2016 - 09:48 PM

Thanks here it is

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Joe's (administrator) on 19-02-2016 at 21:45:45
Running from "C:\Users\Joe's\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 20238 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Joe
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : F0-76-1C-22-3F-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 5E-B5-7D-8E-C3-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-B5-7D-8E-C3-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : AC-B5-7D-8E-C3-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c984:f2ae:44ad:585d%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : February 19, 2016 9:15:24 PM
   Lease Expires . . . . . . . . . . : February 26, 2016 9:15:25 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 78427517
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-0F-3E-E6-F0-76-1C-22-3F-5B
   DNS Servers . . . . . . . . . . . : 64.71.255.204
                                       64.71.255.198
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : AC-B5-7D-8F-00-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:30ab:20f0:9c1c:6c7c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::30ab:20f0:9c1c:6c7c%9(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 452984832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-0F-3E-E6-F0-76-1C-22-3F-5B
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{AA8B173B-747C-4F42-90CE-C5193A0201E4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns.cp.net.rogers.com
Address:  64.71.255.204
 
Name:    google.com
Addresses:  2607:f8b0:400b:80b::1009
   209.148.199.54
   209.148.199.45
   209.148.199.39
   209.148.199.35
   209.148.199.55
   209.148.199.34
   209.148.199.50
   209.148.199.24
   209.148.199.59
   209.148.199.29
   209.148.199.49
   209.148.199.25
   209.148.199.20
   209.148.199.30
   209.148.199.44
   209.148.199.40
 

Pinging google.com [209.148.199.24] with 32 bytes of data:
Reply from 209.148.199.24: bytes=32 time=46ms TTL=59
Reply from 209.148.199.24: bytes=32 time=64ms TTL=59
 
Ping statistics for 209.148.199.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 46ms, Maximum = 64ms, Average = 55ms
Server:  dns.cp.net.rogers.com
Address:  64.71.255.204
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   2001:4998:58:c02::a9
   98.138.253.109
   206.190.36.45
   98.139.183.24
 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=125ms TTL=51
Reply from 206.190.36.45: bytes=32 time=128ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 125ms, Maximum = 128ms, Average = 126ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...f0 76 1c 22 3f 5b ......Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
  5...5e b5 7d 8e c3 af ......Microsoft Hosted Network Virtual Adapter
  2...1e b5 7d 8e c3 af ......Microsoft Wi-Fi Direct Virtual Adapter
  8...ac b5 7d 8e c3 af ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  3...ac b5 7d 8f 00 9f ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    281
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  9    306 2001::/32                On-link
  9    306 2001:0:9d38:6ab8:30ab:20f0:9c1c:6c7c/128
                                    On-link
  8    281 fe80::/64                On-link
  9    306 fe80::/64                On-link
  9    306 fe80::30ab:20f0:9c1c:6c7c/128
                                    On-link
  8    281 fe80::c984:f2ae:44ad:585d/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    281 ff00::/8                 On-link
  9    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/19/2016 09:19:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JOE)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 09:01:53 PM) (Source: Application Hang) (User: )
Description: The program sllauncher.exe version 5.1.30514.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1f98
 
Start Time: 01d16b828b00e364
 
Termination Time: 21
 
Application Path: C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
 
Report Id: e394b68c-d775-11e5-82aa-acb57d8f009f
 
Faulting package full name:
 
Faulting package-relative application ID:
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 

Details:
AddWin32ServiceFiles: Unable to back up image of service BrsHelper since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 

Details:
AddLegacyDriverFiles: Unable to back up image of binary sbmntr.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/19/2016 08:57:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x56c5ac55
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x56c5ac55
Exception code: 0xc0000005
Fault offset: 0x0000000000003f81
Faulting process id: 0x2854
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5
 
Error: (02/19/2016 08:56:56 PM) (Source: Application Hang) (User: )
Description: The program dm.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2910
 
Start Time: 01d16b81ba748bbc
 
Termination Time: 4294967295
 
Application Path: C:\Users\Joe's\AppData\Local\Temp\is-NT5HS.tmp\dm.tmp
 
Report Id: 37419686-d775-11e5-82aa-acb57d8f009f
 
Faulting package full name:
 
Faulting package-relative application ID:
 
Error: (02/19/2016 08:46:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JOE)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 08:39:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: setup_ra.exe, version: 0.0.0.0, time stamp: 0x4b1ae3cc
Faulting module name: SHELL32.dll, version: 10.0.10586.103, time stamp: 0x56a84f03
Exception code: 0xc0000005
Fault offset: 0x002a357b
Faulting process id: 0x3964
Faulting application start time: 0xsetup_ra.exe0
Faulting application path: setup_ra.exe1
Faulting module path: setup_ra.exe2
Report Id: setup_ra.exe3
Faulting package full name: setup_ra.exe4
Faulting package-relative application ID: setup_ra.exe5
 
Error: (02/19/2016 08:32:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: setup_ra.exe, version: 0.0.0.0, time stamp: 0x4b1ae3cc
Faulting module name: SHELL32.dll, version: 10.0.10586.103, time stamp: 0x56a84f03
Exception code: 0xc0000005
Fault offset: 0x002a357b
Faulting process id: 0x3474
Faulting application start time: 0xsetup_ra.exe0
Faulting application path: setup_ra.exe1
Faulting module path: setup_ra.exe2
Report Id: setup_ra.exe3
Faulting package full name: setup_ra.exe4
Faulting package-relative application ID: setup_ra.exe5
 

System errors:
=============
Error: (02/19/2016 09:16:11 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
 
Error: (02/19/2016 09:16:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (02/19/2016 09:16:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Policies service failed to start due to the following error:
%%1053
 
Error: (02/19/2016 09:16:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Policies service to connect.
 
Error: (02/19/2016 09:15:11 PM) (Source: Service Control Manager) (User: )
Description: The SAService service failed to start due to the following error:
%%2
 
Error: (02/19/2016 09:14:47 PM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (02/19/2016 09:14:10 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_5d0dd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 09:14:10 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_5d0dd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 09:14:10 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_5d0dd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 09:14:10 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_5d0dd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 

Microsoft Office Sessions:
=========================
Error: (02/19/2016 09:19:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JOE)
Description: Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong-2144927148
 
Error: (02/19/2016 09:01:53 PM) (Source: Application Hang)(User: )
Description: sllauncher.exe5.1.30514.01f9801d16b828b00e36421C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exee394b68c-d775-11e5-82aa-acb57d8f009f
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service BrsHelper since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary sbmntr.
 
System Error:
The system cannot find the file specified.
 
Error: (02/19/2016 09:01:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (02/19/2016 08:57:04 PM) (Source: Application Error)(User: )
Description: spbia.exe1.0.0.456c5ac55spbia.exe1.0.0.456c5ac55c00000050000000000003f81285401d16b81db36c0e4C:\Program Files\Common Files\ShopperPro3\spbia.exeC:\Program Files\Common Files\ShopperPro3\spbia.exe4d975be7-b541-418f-a867-4fb0a181d6ae
 
Error: (02/19/2016 08:56:56 PM) (Source: Application Hang)(User: )
Description: dm.tmp51.52.0.0291001d16b81ba748bbc4294967295C:\Users\Joe's\AppData\Local\Temp\is-NT5HS.tmp\dm.tmp37419686-d775-11e5-82aa-acb57d8f009f
 
Error: (02/19/2016 08:46:02 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JOE)
Description: Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong-2144927148
 
Error: (02/19/2016 08:39:28 PM) (Source: Application Error)(User: )
Description: setup_ra.exe0.0.0.04b1ae3ccSHELL32.dll10.0.10586.10356a84f03c0000005002a357b396401d16b7f890b646fC:\Users\Joe's\AppData\Local\Temp\setup_ra.exeC:\WINDOWS\SYSTEM32\SHELL32.dlle7fd7341-d891-4f2a-b347-bbfb9f9489c7
 
Error: (02/19/2016 08:32:52 PM) (Source: Application Error)(User: )
Description: setup_ra.exe0.0.0.04b1ae3ccSHELL32.dll10.0.10586.10356a84f03c0000005002a357b347401d16b7e9c8b03f2C:\Users\Joe's\AppData\Local\Temp\setup_ra.exeC:\WINDOWS\SYSTEM32\SHELL32.dll3416b89c-09d3-4294-b7e5-126e36a6a187
 

CodeIntegrity Errors:
===================================
  Date: 2016-02-19 20:41:21.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:41:21.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:40:00.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:39:59.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:36:58.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:36:58.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:35:47.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:35:47.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:35:39.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:35:39.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 

=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{4CBCD610-92A0-4B1E-893F-FC1E889F8B90}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF8200C Series (HKLM\...\{C2938963-3BB0-41cd-9769-E28814C59075}) (Version: 4.2.0.0 - CANON INC.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.56.50 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.38.128 - OSToto Co., Ltd.)
Elevated Installer (HKLM-x32\...\{8B20B453-8EB7-4F65-BF42-DA8B18C33CB0}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5D34B8AF-7FB5-41AC-AEDC-B705FAF8BCAB}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{86A1F284-5314-402B-90C3-9B4E47CEEC77}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{f2fa2583-cd6d-4da1-803c-2983cc6f7791}) (Version: 10.1.2.10 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.2.1031 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11107 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Service Bridge (HKCU\...\cbe8636f7dd0cf1d) (Version: 1.6.1.1 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
SoundTouch (HKLM-x32\...\{9957FC13-D866-4CBD-895B-64DB4BE44AE5}) (Version: 10.0.13.12393 - BOSE)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.12 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinX DVD Author 6.3.6 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
 
========================= Devices: ================================
 

========================= Memory info: ===================================
 
Percentage of memory in use: 33%
Total physical RAM: 8104.27 MB
Available physical RAM: 5373.29 MB
Total Virtual: 16808.27 MB
Available Virtual: 13876.16 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows8_OS) (Fixed) (Total:447.3 GB) (Free:219.36 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.55 GB) NTFS
4 Drive f: (Joe) (Fixed) (Total:442.02 GB) (Free:317.89 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JOE
 
Administrator            DefaultAccount           Guest                   
Joe's                   
 

**** End of log ****


#4 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 19 February 2016 - 10:24 PM

http://imgur.com/I2OaHK0



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 20 February 2016 - 07:21 AM

Alright, uninstall Driver Talent, then follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 09:11 AM

JRT Report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Joe's (Administrator) on 2016-02-20 at  9:02:12.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder) 
Successfully deleted: C:\Users\Joe's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-02-20 at  9:07:27.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 09:19 AM

AdwCleaner report

 

# AdwCleaner v5.030 - Logfile created 21/01/2016 at 14:03:13
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Joe's - JOE
# Running from : C:\Users\Joe's\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [768 bytes] ##########
# AdwCleaner v5.035 - Logfile created 20/02/2016 at 09:15:38
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Joe's - JOE
# Running from : C:\Users\Joe's\Downloads\AdwCleaner (3).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
 
***** [ Files ] *****
 
[-] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\MPC
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1725 bytes] ##########


#8 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 10:01 AM

Malewarebytes Report

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2016-02-20
Scan Time: 9:22 AM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.20.01
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Joe's
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351814
Time Elapsed: 23 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Delete-on-Reboot, [0be61f43d4c5a195f7d01ccb49b8728e], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.HahoMedia, C:\Windows\SysWOW64\Policies2021, Quarantined, [4ba673efedac66d0c3cee338b64fc838], 
 
Files: 3
PUP.Optional.MorePowerfulCleaner, C:\Windows\System32\drivers\MPCKpt.sys, Delete-on-Reboot, [0be61f43d4c5a195f7d01ccb49b8728e], 
PUP.Optional.HahoMedia, C:\Windows\SysWOW64\Policies2021\Policies.exe.config, Quarantined, [4ba673efedac66d0c3cee338b64fc838], 
PUP.Optional.HahoMedia, C:\Windows\SysWOW64\Policies2021\Policies.exe, Quarantined, [4ba673efedac66d0c3cee338b64fc838], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 20 February 2016 - 10:18 AM

Good :) Let's run EEK now to take care of the remnants.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 10:40 AM

Here it is

 

Seems to be running better except for Microsoft edge is very very slow and most times wont load pages. Chrome seems pretty normal a little slower but not as bad as edge

 

Emsisoft Emergency Kit - Version 11.0
Quarantine log
 
Date Source Event Detection
2016-02-20 10:38:04 AM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Moved to quarantine Setting.DisableTaskMgr (A)
2016-02-20 10:38:04 AM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
2016-02-20 10:38:04 AM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Moved to quarantine Setting.NoRun (A)


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 20 February 2016 - 10:47 AM

Let's run TFC then :)

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 11:00 AM

Done that and edge is still really slow some things seems like they are running at 1/10 the speed they should.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 20 February 2016 - 11:08 AM

Do you have another web browser where you could test your web browsing speed? Is it better in another browser?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 20 February 2016 - 11:13 AM

Yes chrome is better not perfect but better, edge is unusable right now while chrome is OK


I think it could be a video driver do you happen to know a good drive utility. 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 20 February 2016 - 11:15 AM

I don't suggest you to use driver updater, you don't need them.

Did you try to reset Edge yet? There's no official way to do it, but the following can work.

http://www.thewindowsclub.com/reset-microsoft-edge-browser-to-default-settings-in-windows-10

If you want the latest driver for your GPU, I'll find it for you.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users