Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big problem with internet explorer


  • This topic is locked This topic is locked
30 replies to this topic

#1 ed-e-dee

ed-e-dee

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 12 April 2016 - 08:18 PM

Hi Guy's,

               I know I have pushed this one but I've just can't seem to find the right answer.

Every day I get " Internet Explorer cannot display the webpage" error, or IE has stopped working.  it seems to happen the most when I'm in a long session ie: facebook or reading my emails.

 

I've had help through virus and infection and everything was clear,,,so I'm back to you guy's, I have put a couple of same threads but I don't get an answer , I know you guy's are very busy and you will get around to me but I'm just about to hit the bottle as this is driving me mad.

 

thank you for your help.I


Edited by hamluis, 12 February 2018 - 07:21 AM.
Moved from AII to MRL due to tools used - Hamluis.

Eddee

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:47 PM

Posted 12 April 2016 - 09:06 PM

1.  Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
2.  Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download.  
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
Louis


#3 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 13 April 2016 - 06:21 AM

Thank you Louis.

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by admin (administrator) on 13-04-2016 at 21:09:51
Running from "C:\Users\admin\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: H81M-D2V Manufacturer: Gigabyte Technology Co., Ltd.

Boot Mode: Normal
***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:
==================
Error: (04/13/2016 09:05:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0xb060
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/13/2016 08:49:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0xce0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/12/2016 08:36:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0xaa0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/12/2016 04:04:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0xc78
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/10/2016 09:25:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0x1374
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/10/2016 08:30:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0xef0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/10/2016 08:23:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000017
Fault offset: 0x0007e318
Faulting process id: 0x165c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (04/08/2016 11:34:26 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (04/08/2016 11:34:26 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (04/08/2016 11:22:44 AM) (Source: WinMgmt) (User: )
Description: 0x8004401eC:\$WINDOWS.~Q\DATA\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL

 

System errors:
=============
Error: (04/13/2016 05:20:02 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

Error: (04/13/2016 11:19:07 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

 

Error: (04/13/2016 10:58:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

 

Error: (04/13/2016 10:44:41 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

 

Error: (04/12/2016 02:24:09 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

Error: (04/12/2016 02:14:28 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

Error: (04/11/2016 07:46:40 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

Error: (04/11/2016 11:54:18 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (04/11/2016 11:54:18 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (04/11/2016 11:54:18 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Microsoft Office Sessions:
=========================
Error: (04/13/2016 09:05:48 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318b06001d195722375e6a9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllaca571f4-0167-11e6-b520-74d435d2457b

 

Error: (04/13/2016 08:49:16 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318ce001d1956da50b2348C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll5d6418f6-0165-11e6-b520-74d435d2457b

 

Error: (04/12/2016 08:36:34 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318aa001d194a18619da24C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll6cc54afc-009a-11e6-b002-74d435d2457b

 

Error: (04/12/2016 04:04:38 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318c7801d194732f2697ceC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll6fa83f24-0074-11e6-b002-74d435d2457b

 

Error: (04/10/2016 09:25:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318137401d19317eea1f7dbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllf2158caa-ff0e-11e5-8465-74d435d2457b

 

Error: (04/10/2016 08:30:13 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318ef001d1931313a35e5bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll34d94d49-ff07-11e5-8465-74d435d2457b

 

Error: (04/10/2016 08:23:39 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1823156b8edd6ntdll.dll6.1.7601.1916056bcd51fc00000170007e318165c01d1930cd0fbc415C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll4a013dd0-ff06-11e5-8465-74d435d2457b

 

Error: (04/08/2016 11:34:26 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (04/08/2016 11:34:26 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (04/08/2016 11:22:44 AM) (Source: WinMgmt)(User: )
Description: 0x8004401eC:\$WINDOWS.~Q\DATA\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL

 

CodeIntegrity Errors:
===================================
  Date: 2015-12-30 12:21:40.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-30 12:21:40.449
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:20:51.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:20:51.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{4CBCD610-92A0-4B1E-893F-FC1E889F8B90}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG (HKLM\...\{2B8ECD93-21E5-4FC5-9CA6-AD616C42BA63}) (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{ACC5B116-C09D-429E-9ACF-768FA52DC072}) (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.64 - PC Drivers HeadQuarters LP)
Elevated Installer (HKLM-x32\...\{8B20B453-8EB7-4F65-BF42-DA8B18C33CB0}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
eM Client (HKLM-x32\...\{6D1C3187-2820-44F9-B64F-83FD3DEE0201}) (Version: 6.0.22344.0 - eM Client Inc.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
FMW 1 (HKLM\...\{0AB3CCB3-5C0B-4C65-9FA4-CFEF6283F7F1}) (Version: 1.62.2 - AVG Technologies) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5D34B8AF-7FB5-41AC-AEDC-B705FAF8BCAB}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{86A1F284-5314-402B-90C3-9B4E47CEEC77}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Photos Backup (HKCU\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.14.361 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.14.361 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWebFace Internet Explorer Homepage and New Tab (HKCU\...\MyWebFaceTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.5 - Tweaking.com)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

 

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 8068.75 MB
Available physical RAM: 6054.46 MB
Total Virtual: 16135.71 MB
Available Virtual: 13632.63 MB

 

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.25 GB) (Free:29.28 GB) NTFS
2 Drive d: () (Fixed) (Total:465.75 GB) (Free:0.05 GB) NTFS

 

========================= Users: ========================================

User accounts for \\COMPUTER

admin                    Administrator            Guest                   

 

**** End of log ****


Edited by hamluis, 13 April 2016 - 01:04 PM.

Eddee

#4 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 13 April 2016 - 06:27 AM

http://speccy.piriform.com/results/FvQdfP8xTkGcI441pLm7ySR


Eddee

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:47 PM

Posted 13 April 2016 - 01:47 PM

DriverSupport.exe     Process ID: 1872     User: admin     Domain: COMPUTER     Path: C:\Program Files (x86)\Driver Support\DriverSupport.exe
  Memory Usage: 8.65 MB     Peak Memory Usage: 111 MB
 
DriverSupportAO.exe     Process ID: 3536     User: SYSTEM     Domain: NT AUTHORITY     Path: C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
  Memory Usage: 18 MB     Peak Memory Usage: 64 MB
 
DriverSupportAOsvc.exe     Process ID: 1972     User: SYSTEM     Domain: NT AUTHORITY     Path: C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
  Memory Usage: 1.29 MB     Peak Memory Usage: 16 MB

 

Above look like PUPs, from what I see.  Note that your installed program does NOT reflect the named program as being installed, but the above processes are running.

 

I would run the chkdsk /r command on the hard drive (not the SSD).

 

Topic moved to Am I Infected for a look.

 

Louis



#6 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 17 April 2016 - 11:05 PM

Help


Eddee

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:47 PM

Posted 20 April 2016 - 12:12 PM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

Download 51a46ae42d560-malwarebytes_anti_malware. MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 22 April 2016 - 07:14 AM

Thanks fireman4it for your help.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/02/2016
Scan Time: 5:13 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.06.01
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364186
Time Elapsed: 5 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)# AdwCleaner v5.032 - Logfile created 06/02/2016 at 17:01:27
# Updated 31/01/2016 by Xplode
# Database : 2016-02-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : admin - COMPUTER
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ReimageRealTimeProtector

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{BBE09607-D9BF-4B2E-88C2-C8D5DF7A7D37}
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Express
[!] Key Not Deleted : HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Reimage
[!] Key Not Deleted : HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2472 bytes] ##########
# AdwCleaner v5.112 - Logfile created 22/04/2016 at 22:10:26
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : admin - COMPUTER
# Running from : C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFSW3WSI\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\TweakBit
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\ProgramData\TweakBit
[#] Folder Deleted : C:\ProgramData\Application Data\TweakBit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder Deleted : C:\Windows\SysNative\Tasks\TweakBit
[#] Folder Deleted : C:\Windows\SysNative\Tasks\TweakBit

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5232 bytes] - [06/02/2016 16:01:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [822 bytes] - [06/02/2016 16:59:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [4283 bytes] - [06/02/2016 16:00:42]
C:\AdwCleaner\AdwCleaner[S2].txt - [730 bytes] - [06/02/2016 16:58:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5522 bytes] ##########


Eddee

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:47 PM

Posted 22 April 2016 - 07:20 AM

1.

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

 

How is the computer running after this scan?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 23 April 2016 - 03:18 AM

Hi I hope I've done this right, I feel as if it's incomplete.

#####################################################################

      Emsisoft Emergency Kit

   Plug in and run - It's that easy to clean an infected computer
   with an Emsisoft Emergency Kit USB Stick!

#####################################################################

 

                     --- How it works: ---

The Emsisoft Emergency Kit contains a collection of programs that
can be used without software installation to scan for malware and clean
infected computers.

Emsisoft Emergency Kit Scanner:

  The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft
  Scanner complete with graphical user interface. Scan the infected
  PC for Viruses, Trojans, Spyware, Adware, Worms, Bots, Keyloggers,
  Ransomware and other malicious programs. 

  Run the Emsisoft Emergency Kit Scanner with a double click on:
  Start Emergency Kit Scanner.exe
 
  Detected Malware can be moved to quarantine or later deleted.

Emsisoft Commandline Scanner:

  This scanner contains the same functionality as the Emergency Kit
  Scanner but without a graphical user interface. The command line
  tool is made for advanced users and is perfect for batch jobs.

  To run the Emsisoft Commandline Scanner, perform the following
  actions:

  - Double click the file "Start Commandline Scanner.exe" to open a
    new command window and display the available scan parameters.

  or

  - Open a command prompt window (Run: cmd.exe) with Administrator rights.
  - Switch to the Emsisoft Emergency Kit folder (e.g.: cd c:\eek\bin64\)
  - Run the scanner by typing: a2cmd.exe

  Next you will see a help page describing all available parameters.

  The following parameter is an example of scanning drive c:\ with
  Memory and Traces (Registry) scan enabled, and archive support active.
  Detected Malware is moved to the default quarantine folder.

  a2cmd.exe /f="c:\" /m /t /a /q="c:\eek\quarantine\"

 

                     --- 32 and 64 bit notes ---

Emsisoft Emergency Kit contains two folders: bin32 and bin64.

You may either directly navigate to the right folder and start the edition
that matches your operating system or simply use the starter applications
in the package root folder.
 
If you run either of the editions to perform an online update, the other
edition will always be updated too.
 
The 32 bit edition can not be started on 64 bit Windows and vice versa.

 
 
                          --- License ---

Private users:

   Emsisoft Emergency Kit is free for private use only.

Professional users:

   Companies and other professional users can get a commercial PRO license
   of the Emsisoft Emergency Kit. PRO licensing starts at $99 per year, for
   up to 250 scanned PCs a year and includes a high-quality aluminum 16 GB USB
   flash drive, a free Emsisoft Anti-Malware license for 1 PC/1 year and free
   shipping.
  
   Larger license packages for 500, 1000, 2000 and more PCs per year are also
   available.
  
   See product details and purchase options:
   http://www.emsisoft.com/en/business/eek/

  
            --- Do-It-Yourself Emergency Kit USB stick ---
    
Extract the contents of the Emsisoft Emergency Kit to a USB stick to create
your own universal tool for scanning and cleaning infected PCs.

Ensure that you download the latest version from:
http://www.emsisoft.com/en/software/eek/

 

        --- WARNING! ---
     
Please be aware that Emsisoft Emergency Kit is a 'cleaning' utlity only and does
not replace any 'protection' software that prevents infections in the first place.

You should always use a high quality protection software with real-time file-
monitoring and behavior blocking such as Emsisoft Anti-Malware:
http://www.emsisoft.com/en/software/antimalware/

 

                    --- Support & Help ---

1. Contact us:

   Professional malware fighters will help you to clean your PC.

   http://www.emsisoft.com/en/support/

2. Knowledgebase/Blog

   Many high quality articles about security topics and tutorials.

   http://blog.emsisoft.com

3. Website:

   The Emsisoft website contains a lot of useful information.

   http://www.emsisoft.com

 

 


Eddee

#11 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 23 April 2016 - 03:25 AM

May be this is the right one,???

Emsisoft Emergency Kit - Version 11.0
Last update: 23/04/2016 6:21:02 PM
User account: COMPUTER\admin

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 23/04/2016 6:21:12 PM

Scanned 81036
Found 0

Scan end: 23/04/2016 6:21:55 PM
Scan time: 0:00:43


Eddee

#12 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 23 April 2016 - 03:27 AM

Internet Explorer had stopped twice during the process.


Eddee

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:47 PM

Posted 25 April 2016 - 04:19 PM

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 26 April 2016 - 09:56 PM

Well it finally finished took forever left it run all night.....

thank you for helping.C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Users\admin\Downloads\ccsetup515pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\admin\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\admin\Downloads\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Windows\Installer\2392d47.msi a variant of Win32/Systweak.L potentially unwanted application deleted
D:\COMPUTER\Backup Set 2014-09-07 190000\Backup Files 2014-09-07 190000\Backup files 1.zip multiple threats deleted
D:\COMPUTER\Backup Set 2014-09-07 190000\Backup Files 2014-09-21 190005\Backup files 1.zip multiple threats deleted
D:\COMPUTER\Backup Set 2014-09-28 190000\Backup Files 2014-09-28 190000\Backup files 21.zip multiple threats deleted
D:\COMPUTER\Backup Set 2014-09-28 190000\Backup Files 2014-09-28 190000\Backup files 22.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-09-28 190000\Backup Files 2014-10-12 200408\Backup files 10.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-10-24 155933\Backup Files 2014-10-24 155933\Backup files 24.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-10-24 155933\Backup Files 2014-11-09 190004\Backup files 24.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-11-23 193846\Backup Files 2014-11-23 193846\Backup files 23.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-11-23 193846\Backup Files 2014-11-30 190000\Backup files 23.zip Win32/Spigot.A potentially unwanted application deleted
D:\COMPUTER\Backup Set 2014-12-28 190004\Backup Files 2014-12-28 190004\Backup files 22.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2014-12-28 190004\Backup Files 2014-12-28 190004\Backup files 23.zip Win32/Spigot.A potentially unwanted application deleted
D:\COMPUTER\Backup Set 2014-12-28 190004\Backup Files 2015-01-04 190004\Backup files 23.zip Win32/Spigot.A potentially unwanted application deleted
D:\COMPUTER\Backup Set 2015-01-11 211619\Backup Files 2015-01-11 211619\Backup files 23.zip Win32/Spigot.A potentially unwanted application deleted
D:\COMPUTER\Backup Set 2015-01-11 211619\Backup Files 2015-02-01 190004\Backup files 22.zip Win32/Spigot.A potentially unwanted application deleted
D:\COMPUTER\Backup Set 2015-03-01 190004\Backup Files 2015-03-01 190004\Backup files 22.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\COMPUTER\Backup Set 2015-03-01 190004\Backup Files 2015-03-08 190004\Backup files 23.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\old files\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome\bittorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application deleted
D:\old files\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application deleted
D:\old files\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
D:\old files\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip multiple threats deleted
D:\old files\Documents and Settings\Administrator\Local Settings\TempImages\PazeraToolbar.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application deleted
D:\old files\Documents and Settings\All Users\Documents\Downloaded Installers\{52F691D0-0A1F-4FCB-8B2E-F1510531FB31}\setup.msi a variant of Win32/Adware.ErrorRepair.A application deleted
D:\old files\hidden\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}\chrome\bittorrentbar2.jar Win32/Toolbar.Conduit potentially unwanted application deleted
D:\old files\hidden\extensions\{b54561db-0bbb-41b4-a814-df8301fe0a8e}\chrome\utorrentbar2.jar Win32/Toolbar.Conduit potentially unwanted application deleted
 

 

 


Eddee

#15 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:47 PM

Posted 27 April 2016 - 06:14 AM

  • Tonight Internet Explorer again started to stop working did it 3 times while opening a video in Facebook.

Eddee




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users