Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advertise/bdt.femurssculler.com Malware


  • Please log in to reply
10 replies to this topic

#1 Iorek13

Iorek13

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 08:47 AM

I seem to have some sort of malware that I just cannot get rid of. It only seems to be affecting Chrome as best I can tell. I am running Windows 7.

 

 

 I am getting ad links on random phrases, ad pop ups, and ads opening in new tabs.

 

Essentially having the exactly same problem as this post:  http://www.bleepingcomputer.com/forums/t/606843/ads-by-advertisebdtfemursscullercom/

 

Every program I've tried to remove it stops ads from popping up briefly but doesn't completely eliminate the problem.

 

SOS

 

-  Iorek13



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 04 May 2016 - 09:00 AM

Hello , Have you run those tools? If so, post the logs please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 09:14 AM

The MiniToolBox?

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Zac4 (administrator) on 04-05-2016 at 08:51:07
Running from "C:\Users\Zac4\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: GBTUACPI Manufacturer: GBT___
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Zac-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-24-1D-D9-23-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b818:bd2d:fc35:f224%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 04, 2016 7:43:18 AM
   Lease Expires . . . . . . . . . . : Thursday, May 05, 2016 7:43:18 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234890269
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F5-CE-B8-00-24-1D-D9-23-49
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.attlocal.net:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.64%35(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:c03::65
 64.233.177.101
 64.233.177.138
 64.233.177.102
 64.233.177.139
 64.233.177.100
 64.233.177.113
 
 
Pinging google.com [173.194.219.138] with 32 bytes of data:
Reply from 173.194.219.138: bytes=32 time=114ms TTL=43
Reply from 173.194.219.138: bytes=32 time=43ms TTL=43
 
Ping statistics for 173.194.219.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 114ms, Average = 78ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=70ms TTL=49
Reply from 206.190.36.45: bytes=32 time=75ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 75ms, Average = 72ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 24 1d d9 23 49 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 36...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    266
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 35    266 fe80::5efe:192.168.1.64/128
                                    On-link
 10    266 fe80::b818:bd2d:fc35:f224/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/04/2016 01:26:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050
 
Error: (05/04/2016 01:26:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050
 
Error: (05/04/2016 01:26:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/04/2016 01:26:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052
 
Error: (05/04/2016 01:26:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052
 
Error: (05/04/2016 01:26:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/04/2016 01:26:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6053
 
Error: (05/04/2016 01:26:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6053
 
Error: (05/04/2016 01:26:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/04/2016 01:26:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5055
 
 
System errors:
=============
Error: (05/04/2016 01:26:17 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (05/03/2016 06:02:38 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (05/03/2016 06:02:18 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: 
%%1056
 
Error: (05/03/2016 06:02:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/03/2016 06:02:11 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2016 06:02:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/03/2016 06:02:10 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2016 06:02:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/03/2016 06:02:08 PM) (Source: Service Control Manager) (User: )
Description: The CLCV0 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2016 06:02:08 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (08/01/2015 08:32:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6723.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 172002 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2015 11:19:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 265978 seconds with 4320 seconds of active time.  This session ended with a crash.
 
Error: (05/09/2015 09:00:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 416671 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error: (02/06/2015 04:47:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24629 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (12/02/2014 10:31:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 154790 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2014 07:48:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41369 seconds with 3600 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-05-04 08:32:07.390
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.385
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.371
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.324
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.314
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.310
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.256
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.251
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.241
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2016-05-04 08:32:07.196
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (HKLM\...\{270D4D2B-CEB9-C46B-4F17-B1390D450AB1}) (Version: 10.10.0.41006 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (HKLM-x32\...\{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}) (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (HKLM\...\{6EC70FBF-7390-74A2-E0A8-8D414F89FE6C}) (Version: 3.0.745.0 - ATI Technologies) Hidden
AutoHotkey 1.0.92.02 (HKLM-x32\...\AutoHotkey) (Version: 1.0.92.02 - AutoHotkey Community)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.42.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-820 Series Printer Uninstall (HKLM\...\EPSON XP-820 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-820 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-820 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
FFXIV Log Parser version 2.1 (HKLM-x32\...\{71D4F12A-0EEE-4C85-9DB8-62A909286F4A}_is1) (Version: 2.1 - FFXIV Battle)
FINAL FANTASY XIV - A Realm Reborn (Alpha Version) (HKLM-x32\...\{0F27B737-D803-45BE-90B4-90C8988452AE}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (Beta Version) (HKLM-x32\...\{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV (HKLM-x32\...\{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Juniper Citrix Services Client (HKCU\...\Juniper_Citrix_Services) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (HKLM-x32\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Linksys Wireless-G USB Network Adapter (HKLM-x32\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version:  - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Logitech GamePanel Software 3.01 (HKLM\...\{15D97451-1520-4551-BE2D-BCDE2DF22EA7}) (Version: 3.01.180 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 8.1.8-1.0.3110.145 - raidcall.com.ru)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.4.1 - Razer Inc.)
Razer DeathAdder Black Edition Mouse (HKLM-x32\...\{DDF83FDD-89DB-47A4-A541-DD88C52F625A}) (Version: 1.02 - Razer USA Ltd.)
Razer DeathAdder™ Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.03 - Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5924 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Slingplayer Desktop (HKLM-x32\...\{296AC622-7E42-4B2C-B9B3-A3141C2D5BD3}) (Version: 5.0.0.83 - Sling Media) Hidden
Slingplayer for Chrome Installer (HKLM-x32\...\{20E18E93-187A-4572-B8C2-3A4AC9A48A3C}) (Version: 0.0.0.74 - Sling Media) Hidden
Slingplayer-Desktop (HKLM-x32\...\{176cb1f2-7151-4061-9811-46494cdc407d}) (Version: 5.0.0.83 - Sling Media)
SlingplayerForChrome (HKLM-x32\...\{bb0c4701-6cb0-48ad-bca2-413e8f92b9cd}) (Version: 0.0.0.74 - Sling Media)
Spotify (HKCU\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{530992D4-DDBA-4F68-8B0D-FF50AC57531B}) (Version: 11.0.5002.333 - Symantec Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Lord of the Rings FREE Trial  (HKLM-x32\...\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games, Inc.)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VH Toolkit 1.0.44.0 (HKLM-x32\...\VH Toolkit_is1) (Version:  - Hmelyoff Labs)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.00 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.1 - win.rar GmbH)
XFINITY On Demand Player (HKLM-x32\...\{FE19A435-BD3B-42F5-B432-383F9573310B}) (Version: 15.2.1 - Comcast Corporation)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 8187.45 MB
Available physical RAM: 4597.48 MB
Total Virtual: 16373.09 MB
Available Virtual: 11764.33 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:465.66 GB) (Free:148.49 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ZAC-PC
 
Admin                    Administrator            Guest                    
Zac2                     Zac4                     
 
 
**** End of log ****


#4 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 09:33 AM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64 
Ran by Zac4 (Administrator) on Wed 05/04/2016 at  9:28:20.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9259MSLZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITTGBTA6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M93LA1W5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZEUSCVU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9259MSLZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITTGBTA6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M93LA1W5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZEUSCVU (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/04/2016 at  9:32:19.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 09:47 AM

ADW

 

# AdwCleaner v5.025 - Logfile created 20/12/2015 at 10:51:23
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Zac4 - ZAC-PC
# Running from : C:\Users\Zac4\Downloads\adwcleaner_5.025.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pacgpkgadgmibnhpdidcnfafllnmeomc
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1573 bytes] ##########
# AdwCleaner v5.115 - Logfile created 04/05/2016 at 09:38:51
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Zac4 - ZAC-PC
# Running from : C:\Users\Zac4\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKU\S-1-5-21-3931545373-1394790331-2704496205-1000.bak\Software\YahooPartnerToolbar
[-] Key Deleted : HKU\S-1-5-21-3931545373-1394790331-2704496205-1004.bak\Software\YahooPartnerToolbar
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2763 bytes] - [03/05/2016 18:02:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [3244 bytes] - [20/12/2015 11:51:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [18882 bytes] - [14/07/2015 07:36:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [18967 bytes] - [14/07/2015 07:38:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2529 bytes] - [03/05/2016 18:00:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [3431 bytes] - [20/12/2015 11:48:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3611 bytes] ##########


#6 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 11:10 AM

Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/4/2016
Scan Time: 9:52 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.04.04
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zac4
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 578626
Time Elapsed: 1 hr, 16 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Delete-on-Reboot, [cd17359cb5e44beb76eb555b48bca858], 
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Delete-on-Reboot, [d50f01d00b8e3006fc65456ba46059a7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by Iorek13, 04 May 2016 - 11:11 AM.


#7 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 11:12 AM

Thank you for your help and please let me know the next step.

 

I've used these programs many times in the past and have never had success eliminating the problem.

 

-  Iorek



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 04 May 2016 - 01:22 PM

Malwarebytes needs a reboot to finish cleaning.

Disable any unknown plugins in Chrome

How To Disable Individual Plug-ins in Google Chrome

How is it?

Edited by boopme, 04 May 2016 - 01:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 May 2016 - 02:09 PM

Hello.

 

I rebooted after Malware was finished.

 

Disabled all plugins except for flash and rebooted again.

 

Still received the same alert.

 

 

Domain:  bdt.femurssculler.com

IP:  8.34.112.228

Port:  49301

Type:  Outbound

Process:   C:\Programfiles (x86)\Google\Chrome\Application.exe


Edited by Iorek13, 04 May 2016 - 03:08 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 05 May 2016 - 11:07 AM

Hello again, as these did not solve it we need a deeper look to find the culprit. Start at step 6...

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 05 May 2016 - 11:11 AM

Thank you for getting back to me so promptly.  I will follow your instructions as soon as I get home from work today.  Have a great day.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users