Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo Y570 Laptop very slow. Infected?


  • Please log in to reply
15 replies to this topic

#1 helplessgeek

helplessgeek

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 March 2016 - 12:02 PM

I have a Lenovo Y570 laptop with a core i7, 8gb ram, 500gb hard drive running Windows 7 SP1. This thing takes a very long time to boot up and to shut down. I have run Malwarebytes and it had found no issues. I have defragged the hard drive. There are three things I can find in startup and that is Ccleaner, a Microsoft Sidebar and Avast antivirus. What all in services need to be automatically started, i don't know. I am just wondering if I have an infection that I cannot find, or if there is something else, besides reinstalling Windows that would help. I hope I am in the correct subforums, if not, please help me there too.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 05 March 2016 - 12:11 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 March 2016 - 01:32 PM

Security Check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Nancy Drew: The Silent Spy 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
The Malwarebytes Antirootkit found nothing.
 
AdwCleaner:
 

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 11:58:22
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brigitte - BRIGITTE-LENOVO
# Running from : C:\Users\Brigitte\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\iwin games
Folder Found : C:\Program Files (x86)\iWin.com Games
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Found : C:\Users\Brigitte\AppData\Roaming\quickclick
Folder Found : C:\Users\Brigitte\Desktop\Snow
 
***** [ Files ] *****
 
File Found : C:\END
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : RunAsStdUser Task
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKCU\Software\AppDataLow\Software\WinToFlash Suggestor
Key Found : HKLM\SOFTWARE\Conduit
 
***** [ Web browsers ] *****
 
[C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.trovi.com/?gd=&ctid=CT3322295&octid=EB_ORIGINAL_CTID&ISID=M761FA95B-680F-4D07-87F8-DE55A529B791&SearchSource=55&CUI=&UM=6&UP=SPF4B53038-C4F3-4345-B271-2E5E6F840D2A&SSPV=
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [2066 bytes] - [05/03/2016 11:58:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2139 bytes] ##########
 
 
MiniToolBox:
 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Brigitte (administrator) on 05-03-2016 at 12:23:01
Running from "C:\Users\Brigitte\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 0862 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Bluetooth Personal Area Network = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?&3 subinterface=ethernet_6 mtu=1477
set subinterface interface=?&3 subinterface=ethernet_10 mtu=1477
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Brigitte-Lenovo
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Personal Area Network
   Physical Address. . . . . . . . . : 60-D8-19-F2-62-82
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 74-E5-0B-62-4B-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 74-E5-0B-62-4B-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 74-E5-0B-62-4B-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e439:fca7:e5aa:be43%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.104(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 05, 2016 10:03:04 AM
   Lease Expires . . . . . . . . . . : Sunday, March 06, 2016 10:03:04 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 376759563
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-41-5D-AD-DC-0E-A1-5F-B4-42
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-5F-B4-42
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-F8-D0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8d1c:b435:5a99:23dc%24(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 705167399
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-41-5D-AD-DC-0E-A1-5F-B4-42
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{2481E873-1672-4780-B84B-AB92F1E19015}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{81F54B30-66B2-4840-9097-543C6546386E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{92FEDB24-D5F8-46F5-9E74-A047FA2CE94D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 17:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dlinkrouter
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4000:806::200e
 216.58.195.46
 
 
Pinging google.com [216.58.195.46] with 32 bytes of data:
Reply from 216.58.195.46: bytes=32 time=38ms TTL=56
Reply from 216.58.195.46: bytes=32 time=38ms TTL=56
 
Ping statistics for 216.58.195.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 38ms, Average = 38ms
Server:  dlinkrouter
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=91ms TTL=51
Reply from 98.138.253.109: bytes=32 time=87ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 91ms, Average = 89ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...60 d8 19 f2 62 82 ......Bluetooth Personal Area Network
 17...74 e5 0b 62 4b eb ......Microsoft Virtual WiFi Miniport Adapter #2
 16...74 e5 0b 62 4b eb ......Microsoft Virtual WiFi Miniport Adapter
 15...74 e5 0b 62 4b ea ......Intel® WiFi Link 1000 BGN
 13...dc 0e a1 5f b4 42 ......Broadcom NetLink ™ Gigabit Ethernet
 24...08 00 27 00 f8 d0 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.104     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.104    281
    192.168.0.104  255.255.255.255         On-link     192.168.0.104    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.104    281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.104    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.104    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 24    276 fe80::/64                On-link
 15    281 fe80::/64                On-link
 24    276 fe80::8d1c:b435:5a99:23dc/128
                                    On-link
 15    281 fe80::e439:fca7:e5aa:be43/128
                                    On-link
  1    306 ff00::/8                 On-link
 24    276 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/05/2016 10:03:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2016 02:38:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2016 09:44:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/29/2016 09:44:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/28/2016 09:48:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2016 02:40:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2016 11:42:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2016 04:29:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2016 09:26:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/21/2016 04:01:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/04/2016 09:18:20 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/27/2016 11:57:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.213.7261.0).
 
Error: (02/23/2016 09:15:26 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/22/2016 08:04:44 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/21/2016 03:59:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070012: Samsung - Printers - Samsung M2070 Series.
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2016 10:03:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2016 02:38:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2016 09:44:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/29/2016 09:44:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/28/2016 09:48:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2016 02:40:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2016 11:42:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2016 04:29:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2016 09:26:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/21/2016 04:01:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-31 11:42:57.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-31 11:42:57.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-31 11:41:30.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-31 11:41:29.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 11:20:41.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 11:20:41.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 13:52:54.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 13:52:54.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 11:22:26.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 11:22:25.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC BOL Combo (HKLM-x32\...\AC BOL Combo1.0) (Version: 1.0 - Gogii Games)
Acey Deucy Backgammon (HKLM-x32\...\Acey Deucy Backgammon) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie: 4:50 from Paddington (HKLM-x32\...\BFG-Agatha Christie - 450 from Paddington) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bridge (HKLM-x32\...\Bridge) (Version:  - )
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2300 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Build-A-Lot 3 (remove only) (HKLM-x32\...\Build-A-Lot 3) (Version:  - )
Card and Board Games (HKLM-x32\...\Card and Board Games) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cribbage (HKLM-x32\...\Cribbage) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dominoes Deluxe (HKLM-x32\...\Dominoes Deluxe) (Version:  - )
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Escape The Museum (HKLM-x32\...\Escape The Museum1.0) (Version: 1.0 - Gogii)
Gin Rummy (HKLM-x32\...\Gin Rummy) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version:  - )
Hearts (HKLM-x32\...\Hearts) (Version:  - )
Hidden Relics (HKCU\...\Hidden Relics) (Version: 1.0.0.2 - eGames)
Hotel Giant 2 (HKLM-x32\...\{9CB541BB-4C26-4625-ACBA-16B3B2C6B0F8}) (Version: 101 - Nobilis)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iWin Games (remove only) (HKLM-x32\...\iWinArcade) (Version:  - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version:  - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo Service Bridge (HKCU\...\cbe8636f7dd0cf1d) (Version: 1.6.3.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
LibreOffice 3.5 (HKLM-x32\...\{BB21B808-F784-4883-A4D4-B1473384C1C6}) (Version: 3.5.0.13 - The Document Foundation)
Mahjongg Master 2 Special Edition (HKLM-x32\...\Mahjongg Master 2 Special Edition) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Browser DVD/BD Image System Support Package (HKLM\...\pfm-license-mediabrowser.txt) (Version:  - )
Media Browser Server (HKCU\...\Media Browser Server) (Version: 3.0 - Media Browser Team)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Mystery P.I. - The London Caper (HKLM-x32\...\Mystery P.I. - The London Caper) (Version:  - PopCap Games)
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version:  - )
Network Print Monitor for Windows (HKLM-x32\...\Network Print Monitor) (Version:  - )
NVIDIA 3D Vision Controller Driver 266.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.2.4 (HKLM\...\{867DE0DC-A93F-41EA-9654-A212514FA946}) (Version: 4.2.4 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinochle (HKLM-x32\...\Pinochle) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.46.0.0 - Goversoft LLC)
Quik 21 (HKLM-x32\...\Quik 21) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Relic Rescue (HKLM-x32\...\BFG-Relic Rescue) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Restaurant Empire (HKLM-x32\...\{9C0A9803-4592-11D7-B796-0050BFE4DB80}) (Version:  - )
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.92 (3/14/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.29.02(6/19/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.16 (8/18/2014) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (8/2/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.02.07.02 - Samsung Electronics Co., Ltd.) Hidden
Scrabble (HKLM-x32\...\BFG-Scrabble) (Version:  - )
Sea of Lies: Burning Coast Collector's Edition (HKLM-x32\...\BFG-Sea of Lies - Burning Coast Collectors Edition) (Version:  - )
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SimCity™ Societies (HKLM-x32\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts) Hidden
SimCity™ Societies (HKLM-x32\...\{9B0F9788-3141-4009-846E-52E59843E963}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ Societies Destinations (HKLM-x32\...\{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}) (Version: 1.0.0.1 - Electronic Arts)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Solitaire 2 Special Edition (HKLM-x32\...\Solitaire 2 Special Edition) (Version:  - )
Spades (HKLM-x32\...\Spades) (Version:  - )
SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0200 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Granny 4 (HKLM-x32\...\BFG-Super Granny 4) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.3 - Synaptics Incorporated)
The Fall Trilogy: Chapter 1 (HKLM-x32\...\BFG-The Fall Trilogy - Chapter 1) (Version:  - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Tomb Raider - The Lost Artifact (HKLM-x32\...\Tomb Raider - The Lost Artifact) (Version:  - )
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
UltimateDefrag V1 FREE Public Domain Version (HKLM-x32\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
Watchtower Library 2014 - English (HKLM-x32\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2015 - English (HKLM-x32\...\{F0D4F127-987D-4345-AA96-5699CF14AF35}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 36%
Total physical RAM: 8135.86 MB
Available physical RAM: 5127.05 MB
Total Virtual: 16269.93 MB
Available Virtual: 13090.07 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:654.69 GB) (Free:526.45 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:20.12 GB) NTFS
3 Drive f: (SCS Deluxe) (CDROM) (Total:2.77 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\BRIGITTE-LENOVO
 
Administrator            Brigitte                 Guest                    
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
21-02-2016 20:57:56 Restore point
21-02-2016 21:53:19 Windows Update
23-02-2016 02:05:08 Windows Update
27-02-2016 17:55:54 Windows Update
27-02-2016 19:00:10 Windows Update
03-03-2016 15:50:05 Windows Update
 
**** End of log ****
 
I was unable to find the Result.txt file


#4 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 05 March 2016 - 01:51 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 March 2016 - 03:05 PM

Thank you for your patience!

 

Malwarebyte Antirootkit found nothing.

 

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 13:47:47
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brigitte - BRIGITTE-LENOVO
# Running from : C:\Users\Brigitte\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\iwin games
[-] Folder Deleted : C:\Program Files (x86)\iWin.com Games
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder Deleted : C:\Users\Brigitte\AppData\Roaming\quickclick
[-] Folder Deleted : C:\Users\Brigitte\Desktop\Snow
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : RunAsStdUser Task
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\WinToFlash Suggestor
[-] Key Deleted : HKLM\SOFTWARE\Conduit
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3322295&octid=EB_ORIGINAL_CTID&ISID=M761FA95B-680F-4D07-87F8-DE55A529B791&SearchSource=55&CUI=&UM=6&UP=SPF4B53038-C4F3-4345-B271-2E5E6F840D2A&SSPV=
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2263 bytes] - [05/03/2016 13:47:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [2222 bytes] - [05/03/2016 11:58:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [2295 bytes] - [05/03/2016 13:29:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2482 bytes] ##########
 
JRT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Brigitte (Administrator) on Sat 03/05/2016 at 13:58:31.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 84 
 
Successfully deleted: C:\Users\Brigitte\AppData\Local\{000DA02A-164F-403F-B39E-0C64F3EDAABB} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{10962CC5-DAE3-40B7-98C5-7AC53E17DC9B} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{1295934E-8C69-4596-8BC5-02D06C9669AE} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{2090F63A-0BB4-42FC-8959-81AF89BDC278} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{20A4B8E9-B7DA-414F-9629-8CC8CCF82E5A} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{220A60B2-EF9C-42DD-965C-963BDB77A459} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{222E03D7-50D1-4A99-B36F-8574DF5CA8A3} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{244AA579-9567-486D-AAFC-278CBA9BF6AF} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{247BB60A-925D-4974-B7D9-4D002F5BF522} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{2A608E99-3EF4-4200-816D-03760AE4F02D} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{2E8CD925-4F9D-4319-9AEB-48379F85B0D1} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{366A380A-F743-4DD7-B853-B55584A2E00F} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{41DEADEE-C282-49D2-B3BD-A15CFC893B88} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{4DF93207-F1BD-4FD5-B073-DFC82D2A4029} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{4EE4378E-C8D9-4315-87D2-62A4BD818155} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{4F804742-E900-4B74-B56C-633C19AD23B8} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{6020E5D9-7F85-479F-A437-9CF653004A83} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{67A44281-8FEE-4A57-8E20-E513A5CA3137} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{6C4F91D8-E988-4097-8578-BB6142DCC5B8} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{7280694C-EFCC-4EB2-8208-DC70253C4583} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{7451AF5F-9ECD-4945-BA09-B860329174C6} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{7B511942-6DB6-4713-93F0-29E943DCBF1B} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{8A34C2DA-3621-41C3-A32D-1112CA916CDC} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{9170B99D-46E6-43AC-B9F4-8CA7C47EB0FD} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{99B51DAE-91DA-4574-AB68-168573BB4E0C} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{A1AA2934-C6BD-4B24-9D79-86605DBD93AA} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{A8D260AD-FE1A-4AE2-8FBD-EABE54B49A23} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{ADB2D29F-4FAD-41FF-9C5B-4C97EDC9EF8C} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{B2538758-1EED-497A-938D-292D71E8772B} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{BFEF55BB-3663-41EA-B310-431EDBA0B42A} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{C143E3C7-5570-456E-A510-EAD4A3263DEF} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{C639B9E1-1B4C-4B85-98D2-5C4AFD56A465} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{C7BF6FEC-39A2-4DF2-834C-15926FE4FE7B} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{CEBD2447-CD3A-44D6-A99C-2E180ACA52CB} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{D1CE0CCD-85F3-4E6F-839D-B3724BBD0809} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{D3D6A4AD-36FC-44D9-BEEA-A62C2FFFD048} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{D5FCC9BE-F450-4D73-9641-2F5603D8B97D} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{D70CB139-489C-4DFB-A662-834B7B2A54FD} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{E8BEBEA7-D4A2-4BE9-9CF8-6E9336176929} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{ECC78024-76BD-4B95-93F8-D07882571A33} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{EFA9629E-C108-4E4F-96DD-5A9C39B32C4C} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Local\{FFDB3E46-AACB-4FB3-85B3-E2CB163DC7CD} (Empty Folder)
Successfully deleted: C:\Users\Brigitte\AppData\Roaming\alawarentertainment (Folder) 
Successfully deleted: C:\windows\s.bat (File) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EPD9DGM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XUMV13S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10HPW68P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64PONVD0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NMYP2KV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805LUX7X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VDQNJMY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE0SH6U6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUCNBVPM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K20JZ9AX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2GSCCBU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFNKPV11 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6DPSDBM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBLS88VJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOO44RX7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT41L4IC (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EPD9DGM (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XUMV13S (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10HPW68P (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64PONVD0 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NMYP2KV (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805LUX7X (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VDQNJMY (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE0SH6U6 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUCNBVPM (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K20JZ9AX (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2GSCCBU (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFNKPV11 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6DPSDBM (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBLS88VJ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOO44RX7 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT41L4IC (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/05/2016 at 14:02:51.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thank you again.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 05 March 2016 - 03:53 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 March 2016 - 04:26 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/5/2016
Scan Time: 3:06 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.05.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brigitte
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393585
Time Elapsed: 13 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Farbar Service Scanner Version: 27-01-2016
Ran by Brigitte (administrator) on 05-03-2016 at 15:25:13
Running from "C:\Users\Brigitte\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 


#8 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 March 2016 - 04:31 PM

I just rebooted the thing and it really does not seem to be any faster.

Thank you



#9 gaberilde

gaberilde

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 05 March 2016 - 04:35 PM

it can be caused by disk failure use a disk checking software to see if it is healthy as failing disk once caused slowness on my pc


The Friget spinner is spreading like the WanaCry ransomware!


#10 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 05 March 2016 - 04:40 PM

Hello again,

:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***


:step2: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u66-windows-i586.exe or Windows x64: jre-8u66-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u66-windows-i586.exe (or jre-8u66-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.


***


:step3: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 06 March 2016 - 08:19 AM

ESET Online Scanner
 
C:\Users\Brigitte\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AJ application cleaned by deleting
C:\Users\Brigitte\Downloads\Core-Temp-installer.exe Win32/Somoto.Q potentially unwanted application deleted


#12 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 06 March 2016 - 08:29 AM

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 06 March 2016 - 03:45 PM

It's still the same as to boot up time, but maybe my expectations are too high? I actually timed it and it's over a minute from power till log in screen. Then it's over three minutes from log in screen till a usable desktop. It just seems that it could be quicker. Programs seem to be slow in loading up. I looked at services, but didn't know what really should be changed from Automatic. I did run a hard drive utility and the drive is running okay.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 AM

Posted 06 March 2016 - 04:01 PM

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.
Or windows-crashes-bsod-and-hangs-help forum section.



===================================




***

It Appears That Your Pc Is Now Clean!




***

Clean up:




***

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***

Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.




***

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 helplessgeek

helplessgeek
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 06 March 2016 - 05:22 PM

Thank you for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users