Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Flashplayer update hijacks webpages


  • Please log in to reply
25 replies to this topic

#1 LynK2

LynK2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 08:07 AM

For the past four days, web pages have been hijacked and sent to a fake Flashplayer update page from xieghxopso dot com. At first, the fake appeared on only one site so I thought the site might be compromised. This morning it showed up again on a different website, so I'm thinking, "It's not you - it's me." The computer has also been running slow and hanging - if I close Firefox and reload it, I'm not automatically taken to my homepage and a blank tab opens instead.


Using Windows 7 Home Premium, svc. pack 1


Edited by LynK2, 24 February 2016 - 08:32 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 09:03 AM

Hi LynK2 :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 09:16 AM

Thanks for your help - MiniToolBox results:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by lynn (administrator) on 24-02-2016 at 09:13:45
Running from "C:\Users\lynn\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire 5749 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Atheros AR5B125 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : lynn-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B125 Wireless Network Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-47-FA-E6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::209a:e03:414e:756c%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 23, 2016 6:31:10 PM
   Lease Expires . . . . . . . . . . : Saturday, April 01, 2152 3:42:14 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 396146445
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-81-5B-06-04-7D-7B-50-F4-85
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 04-7D-7B-50-F4-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4005:803::200e
      216.58.192.46


Pinging google.com [216.58.192.46] with 32 bytes of data:
Reply from 216.58.192.46: bytes=32 time=607ms TTL=50
Reply from 216.58.192.46: bytes=32 time=595ms TTL=50

Ping statistics for 216.58.192.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 595ms, Maximum = 607ms, Average = 601ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=1130ms TTL=46
Reply from 98.138.253.109: bytes=32 time=1305ms TTL=46

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1130ms, Maximum = 1305ms, Average = 1217ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...9c b7 0d 47 fa e6 ......Atheros AR5B125 Wireless Network Adapter
 11...04 7d 7b 50 f4 85 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    281
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::209a:e03:414e:756c/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/23/2016 06:31:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2016 11:53:31 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d8

Start Time: 01d16e516a687c51

Termination Time: 18863

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b87196e6-da4d-11e5-8859-047d7b50f485

Error: (02/22/2016 04:17:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2016 04:54:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2016 12:16:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 03:25:01 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec0

Start Time: 01d16509f7897de7

Termination Time: 124

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 71d63bd3-d0fd-11e5-947e-047d7b50f485

Error: (02/06/2016 02:13:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2016 12:55:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 04:14:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2015 12:38:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:09:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:09:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:09:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:07:23 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (02/23/2016 06:31:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2016 11:53:31 AM) (Source: Application Hang)(User: )
Description: firefox.exe44.0.2.588410d801d16e516a687c5118863C:\Program Files (x86)\Mozilla Firefox\firefox.exeb87196e6-da4d-11e5-8859-047d7b50f485

Error: (02/22/2016 04:17:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2016 04:54:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2016 12:16:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 03:25:01 PM) (Source: Application Hang)(User: )
Description: firefox.exe43.0.4.5848ec001d16509f7897de7124C:\Program Files (x86)\Mozilla Firefox\firefox.exe71d63bd3-d0fd-11e5-947e-047d7b50f485

Error: (02/06/2016 02:13:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2016 12:55:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 04:14:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2015 12:38:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-3514dcf7-c85e-40ee-b912-74b9527853e3) (Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\{AB398DDB-0E7B-400B-A940-7E61FB91A531}) (Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-c84d156e-e662-46ef-8a12-4ffdb5ee5ac9) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-0d4abdc4-0ca4-4606-b90b-9e56a5736747) (Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chronicles of Albian (HKLM-x32\...\WTA-ecedfd0e-6318-44c2-b869-944dbcab2e35) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-91f40732-562f-4402-b903-e9381ebddf9b) (Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cradle of Rome 2 (HKLM-x32\...\WTA-474671dd-9ee4-4541-a63f-d0618511f40b) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-ef090399-fafd-47a5-8d1d-171cf05fae35) (Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE: The Cursed King (HKLM-x32\...\WTA-e72e6929-da59-4d6e-81db-e1d7418596d2) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (HKLM-x32\...\WTA-512efe47-2bbf-4ddf-8aaf-3cde77766978) (Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\{4C774C35-E0AF-72E1-136A-2BF666702268}) (Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-aea8b8b6-c844-4f67-91d5-3a190bc0f209) (Version: 2.2.0.95 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-cdc58ee0-1182-43fa-8daa-35ef154b6704) (Version: 2.2.0.97 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-025c0025-db99-42e3-bd17-ad60ddae02f9) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (HKLM-x32\...\WTA-97944133-03ea-4a96-830e-bd0734efb62e) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-b889508c-e7c6-43f7-b308-17dc6064576e) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-b8cecda9-6f5a-42c1-9b64-f375e38105ab) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-01ed131c-4505-472d-b8c1-f76fc79e44fb) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKCU\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Torchlight (HKLM-x32\...\WTA-98b87892-683c-4b02-8c54-cd17a7ff2b2c) (Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-a049c27f-dbc1-4791-a44d-e7745cb551ce) (Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WTA-b9707395-8342-4661-9cc4-5346db47a18a) (Version: 2.2.0.97 - WildTangent) Hidden

========================= Devices: ================================

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: ROOT\UNKNOWN\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Device ID: ACPI\PNP0C0A\1
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 875.86 MB
Available physical RAM: 77 MB
Total Virtual: 1899.86 MB
Available Virtual: 578.81 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:244.2 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            Guest                    lynn                     


**** End of log ****
 



#4 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 09:22 AM

Shoot.  Didn't run as administrator.  Should I repost results after running again?



#5 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 09:23 AM

Re-ran as admin.  Results:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by lynn (administrator) on 24-02-2016 at 09:21:44
Running from "C:\Users\lynn\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire 5749 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Atheros AR5B125 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : lynn-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B125 Wireless Network Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-47-FA-E6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::209a:e03:414e:756c%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 23, 2016 6:31:10 PM
   Lease Expires . . . . . . . . . . : Saturday, April 01, 2152 3:50:06 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 396146445
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-81-5B-06-04-7D-7B-50-F4-85
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 04-7D-7B-50-F4-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4005:803::200e
      216.58.192.46


Pinging google.com [216.58.192.46] with 32 bytes of data:
Reply from 216.58.192.46: bytes=32 time=664ms TTL=47
Reply from 216.58.192.46: bytes=32 time=569ms TTL=47

Ping statistics for 216.58.192.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 569ms, Maximum = 664ms, Average = 616ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=639ms TTL=48
Reply from 98.138.253.109: bytes=32 time=591ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 591ms, Maximum = 639ms, Average = 615ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...9c b7 0d 47 fa e6 ......Atheros AR5B125 Wireless Network Adapter
 11...04 7d 7b 50 f4 85 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    281
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::209a:e03:414e:756c/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/23/2016 06:31:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2016 11:53:31 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d8

Start Time: 01d16e516a687c51

Termination Time: 18863

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b87196e6-da4d-11e5-8859-047d7b50f485

Error: (02/22/2016 04:17:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2016 04:54:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2016 12:16:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 03:25:01 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec0

Start Time: 01d16509f7897de7

Termination Time: 124

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 71d63bd3-d0fd-11e5-947e-047d7b50f485

Error: (02/06/2016 02:13:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2016 12:55:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 04:14:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2015 12:38:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/24/2016 09:21:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:21:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:21:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:16:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:16:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:16:36 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:15:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:15:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:15:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (02/24/2016 09:15:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (02/23/2016 06:31:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2016 11:53:31 AM) (Source: Application Hang)(User: )
Description: firefox.exe44.0.2.588410d801d16e516a687c5118863C:\Program Files (x86)\Mozilla Firefox\firefox.exeb87196e6-da4d-11e5-8859-047d7b50f485

Error: (02/22/2016 04:17:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2016 04:54:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2016 12:16:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 03:25:01 PM) (Source: Application Hang)(User: )
Description: firefox.exe43.0.4.5848ec001d16509f7897de7124C:\Program Files (x86)\Mozilla Firefox\firefox.exe71d63bd3-d0fd-11e5-947e-047d7b50f485

Error: (02/06/2016 02:13:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2016 12:55:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 04:14:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2015 12:38:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-3514dcf7-c85e-40ee-b912-74b9527853e3) (Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\{AB398DDB-0E7B-400B-A940-7E61FB91A531}) (Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-c84d156e-e662-46ef-8a12-4ffdb5ee5ac9) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-0d4abdc4-0ca4-4606-b90b-9e56a5736747) (Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chronicles of Albian (HKLM-x32\...\WTA-ecedfd0e-6318-44c2-b869-944dbcab2e35) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-91f40732-562f-4402-b903-e9381ebddf9b) (Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cradle of Rome 2 (HKLM-x32\...\WTA-474671dd-9ee4-4541-a63f-d0618511f40b) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-ef090399-fafd-47a5-8d1d-171cf05fae35) (Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE: The Cursed King (HKLM-x32\...\WTA-e72e6929-da59-4d6e-81db-e1d7418596d2) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (HKLM-x32\...\WTA-512efe47-2bbf-4ddf-8aaf-3cde77766978) (Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\{4C774C35-E0AF-72E1-136A-2BF666702268}) (Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-aea8b8b6-c844-4f67-91d5-3a190bc0f209) (Version: 2.2.0.95 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-cdc58ee0-1182-43fa-8daa-35ef154b6704) (Version: 2.2.0.97 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-025c0025-db99-42e3-bd17-ad60ddae02f9) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (HKLM-x32\...\WTA-97944133-03ea-4a96-830e-bd0734efb62e) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-b889508c-e7c6-43f7-b308-17dc6064576e) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-b8cecda9-6f5a-42c1-9b64-f375e38105ab) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-01ed131c-4505-472d-b8c1-f76fc79e44fb) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKCU\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Torchlight (HKLM-x32\...\WTA-98b87892-683c-4b02-8c54-cd17a7ff2b2c) (Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-a049c27f-dbc1-4791-a44d-e7745cb551ce) (Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WTA-b9707395-8342-4661-9cc4-5346db47a18a) (Version: 2.2.0.97 - WildTangent) Hidden

========================= Devices: ================================

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: ROOT\UNKNOWN\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Device ID: ACPI\PNP0C0A\1
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 88%
Total physical RAM: 875.86 MB
Available physical RAM: 104.89 MB
Total Virtual: 1899.86 MB
Available Virtual: 572.16 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:244.2 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            Guest                    lynn                     


**** End of log ****
 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 09:35 AM

Please uninstall the following programs:
  • Adobe AIR - Outdated and vulnerable;
  • Java 8 Update 60 - Outdated and vulnerable;
Once done, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 10:51 AM

Here they are, Aura.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by lynn (Administrator) on Wed 02/24/2016 at  9:46:14.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 26

Successfully deleted: C:\Users\lynn\AppData\Local\{004332C6-F875-494F-96E7-3D0A202C8402} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{014E7F27-8BCD-4020-A841-64F69C53EA98} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{2847D10B-5A69-4A43-86AF-69DA077D4DBE} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{9B0FBFC1-469F-4B46-A9CE-1D1655350864} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{B8B47C93-6FAE-4E64-ADE2-5FCBCDD2349F} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{D5C4259E-EA80-4913-819E-DCB4BF132BCF} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\{E89C2F06-21B6-4861-A8A3-722EAB630E88} (Empty Folder)
Successfully deleted: C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\ege3yx0m.default-1425390668592\searchplugins\startpage-hxxps.xml (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60H48YK0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B391WTQL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCONADF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7A8Z48T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60H48YK0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B391WTQL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCONADF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7A8Z48T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho4B1.tmp (File)

Deleted the following from C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\ege3yx0m.default-1425390668592\prefs.js
user_pref(extensions.yesscript.sites, hxxp://bbq.about.com hxxp://blog.laptopmag.com hxxp://conservativetribune.com hxxp://food52.com hxxp://mashable.com hxxp://mcintoshand



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/24/2016 at  9:48:57.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v5.009 - Logfile created 29/09/2015 at 20:52:22
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : lynn - LYNN-PC
# Running from : C:\Users\lynn\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[!] Key Not Deleted : [x64] HKCU\Software\distromatic

***** [ Web browsers ] *****

[-] [C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\ege3yx0m.default-1425390668592\prefs.js] [Preference] Deleted : user_pref("extensions.brandthunder.websearchplus", false);

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1015 bytes] ##########
# AdwCleaner v5.036 - Logfile created 24/02/2016 at 09:56:18
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : lynn - LYNN-PC
# Running from : C:\Users\lynn\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2484 bytes] - [29/09/2015 19:27:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [2082 bytes] - [29/09/2015 19:52:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [2267 bytes] - [29/09/2015 19:24:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [2259 bytes] - [29/09/2015 19:49:38]
C:\AdwCleaner\AdwCleaner[S3].txt - [634 bytes] - [30/09/2015 12:19:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2373 bytes] ##########
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/24/2016
Scan Time: 10:03 AM
Logfile: malwarereport.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.24.05
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lynn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337560
Time Elapsed: 25 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Disabled
PUM: Disabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 11:06 AM

Hi Aura, 

 

Even though I'm not qualified in even a marginal way to read the scan results, I did notice on the malwarebytes threat scan results that PUM and PUP were disabled.  I am running another custom scan for those two items and will post the results once the scan with those two detections enabled have finished running.  Thanks again for all your help and Patience.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 12:57 PM

I'll be waiting for your Malwarebytes log with PUM and PUP enabled before moving on :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 01:42 PM

Well here it is, Aura, in all its splendored glory.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/24/2016
Scan Time: 11:03 AM
Logfile: malware pup and pum report.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.24.05
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lynn

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 443849
Time Elapsed: 1 hr, 52 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|spoolsv.exe, 0, , [f78efd67cecbee48f64d96ac927211ef]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by LynK2, 24 February 2016 - 02:34 PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 02:57 PM

Thanks :) Follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 03:21 PM

I wish my house could get cleaned up that quickly.


Total Files Cleaned = 138.00 mb

Edited by LynK2, 24 February 2016 - 03:24 PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 03:29 PM

I wish as well :) What is your main web browser, Mozilla Firefox?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 LynK2

LynK2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 February 2016 - 03:38 PM

Yes, Mozilla Firefox



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 24 February 2016 - 03:45 PM

In that case, I suggest you to back-up your Mozilla Firefox profile, settings and data, and then reset it to its default settings.

Back-up: https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
Reset: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users