Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[W7] Suspition of malwares/infection


  • Please log in to reply
8 replies to this topic

#1 Natalshadow

Natalshadow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 08 May 2016 - 03:59 PM

Hello guys !

 

I have no firm clue that my system is effectively infected but it has some behaviors I find suspicious.

 

First, my internet connection has been stable for a bunch of years since I am with that provider, only recently have I noticed significant jitter. I contacted my provider which insists nothing is wrong on its side.

Thing is, my connection can get as low as 20ko/s, when it should be around 1.4mb/s average.

 

Second, I installed malware bytes to scan my system as advised by the internet provider, and it found a bunch of craps from Pro PC Cleaner in the registry and various folders. I have never purposely installed this, and never heard about this soft, so I might have been tricked by a pre-ticked box during the installation of another software.

 

 

Then, I have installed peerblock because while looking on the internet for clues on how to diagnose my problem, I found people used peerblock to detect what was entering the network. And it's blocking a Looot of stuff.

It keeps blocking a few redundant IPs, "Botnet on smart broadband", "Uk government Dept for Work and Pensions" or "IPP international" to name a few. This worries me a lot, considering the names.
 
Finally, Malwarebytes keeps popping messages with "Outbound" threats, followed by various IPs.
But lastly, I had to clear-install windows a few months ago because of a violent infection that had led my computer to loop-restart. Recently, someone told me that even after a complete clear install and a hard disk wipe, viruses and infections could still be there and have persisted on my hardware.
 
Every file that enters my computer is scanned before I open it so I guess I made a mistake and let something in.
My system is protected by Avira, database up to date.
 
So, my question is : are the "outbound" popups from Malwarebytes linked to the redundant IPs blocked by peerblock ?
And, how can I make sure my own system is not creating the huge drops in my internet broadband ?
 
Hope someone can help, thank you.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 08 May 2016 - 06:32 PM

Lets have a look at some logs. :)

 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 Natalshadow

Natalshadow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 09 May 2016 - 08:48 AM

Hello, I proceeded with the scans, Adware Removal Tool found nothing and generated no log.

 

Adware Cleaner Scan log :

 

# AdwCleaner v5.116 - Logfile created 09/05/2016 at 14:48:40
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Natalshadow - NATALSHADOW-PC
# Running from : C:\Users\Natalshadow\Downloads\adwcleaner_5.116.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : Updater

***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found : C:\Users\Natalshadow\AppData\Roaming\PPC-software

***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={07E776F8-5DB9-4A77-AE74-D95FA261DD3F}&mid=b2ece420c4bb47cc91e3057438cf392e-5a7959d442f9e32bca9e23fc51860fabd89698f4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116piz&pr=fr&d=2016-02-14 10:46:45&v=4.2.5.441&pid=wtu&sg=&sap=hp
Data Found : HKU\S-1-5-21-3077622733-3005651299-2258842481-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={07E776F8-5DB9-4A77-AE74-D95FA261DD3F}&mid=b2ece420c4bb47cc91e3057438cf392e-5a7959d442f9e32bca9e23fc51860fabd89698f4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116piz&pr=fr&d=2016-02-14 10:46:45&v=4.2.5.441&pid=wtu&sg=&sap=hp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-3077622733-3005651299-2258842481-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found : HKU\S-1-5-21-3077622733-3005651299-2258842481-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[C:\Users\Natalshadow\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Natalshadow\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2789 bytes] - [09/05/2016 14:48:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2862 bytes] ##########

 

 

 

 

 

 

 

____________

 

JRT Scan log :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Natalshadow (Administrator) on 09-May-16 at 14:56:58.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\Natalshadow\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RTFOJO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCWITZA9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Natalshadow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1SY1NIY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RTFOJO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCWITZA9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1SY1NIY (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-May-16 at 14:58:39.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

____________

 

ZHP Log:

 

 

 

~ ZHPCleaner v2016.5.9.64 by Nicolas Coolman (2016/05/09)
~ Run by Natalshadow (Administrator)  (09/05/2016 15:16:31)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Natalshadow\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Natalshadow\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (15)
MOVED file: C:\Users\Natalshadow\AppData\Roaming\Mozilla\Firefox\Profiles\2v04wfhd.default-1462648048132\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi    =>Adware.Sambreel
MOVED folder: C:\Windows\Installer\MSI612C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6E39.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6F19.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6FC5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7014.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI736F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI762E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI79F6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7AD2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8CE3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8E8A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8F46.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9002.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI90FE.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (2)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{473949F1-7EC2-11D6-89A5-00B0D0777F8B} [TRADOS Settings Manager 1.2]  =>PUP.Optional.SettingsManager
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{473949F1-7EC2-11D6-89A5-00B0D0777F8B} [TRADOS Settings Manager 1.2]  =>PUP.Optional.SettingsManager


---\\  Summary of the elements found (2)




---\\  Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 768
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 17


~ End of clean in 00h00mn09s
~====================
ZHPCleaner-[R]-09052016-15_16_40.txt
ZHPCleaner-[S]-09052016-15_15_51.txt
 

 

 

 

 

 

 

_______________________________________

Zemana Log:

Zemana AntiMalware 2.20.2.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016-5-9
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5-3570K CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 006051C5CBC79B488FF577
Scan Type              : Deep Scan
Duration               : 20m 8s
Scanned Objects        : 370187
Detected Objects       : 9
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

USB\VID_054C&PID_0268 (libwdi autogenerated)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B50A585D9A4CC44298155C7B66F8E0AA0DB49E0D\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B50A585D9A4CC44298155C7B66F8E0AA0DB49E0D\Blob = 19000000010000001000000079AF1F5A6458B23972853D0E7742EB700F0000000100000014000000D96C090CEE106E172D0661D32DFB34FD924756AE030000000100000014000000B50A585D9A4CC44298155C7B66F8E0AA0DB49E0D0B000000010000000E0000006C00690062007700640069000000140000000100000014000000AA7A2E32D54AB0B8B1C6E5B9CAD95940D6C34AF32000000001000000CC020000308202C830820231A003020102021013289B920E05968F47462C120B9EC2FD300D06092A864886F70D010105050030633161305F06035504031E58005500530042005C005600490044005F00300035003400430026005000490044005F003000320036003800200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3136303431303039313735315A170D3239303130313030303030305A30633161305F06035504031E58005500530042005C005600490044005F00300035003400430026005000490044005F003000320036003800200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930819F300D06092A864886F70D010101050003818D0030818902818100D4D6BE68EDB4278A4535A6D5F21171D3187CD191DD26AEF3F87BDF06B810FD91318B0460633C8D7035753E22E08AFBDA59F7510445306E2C3E778958500EDE2BC4B709F90739F6B0171EC310BBE2154093C9F9578281BB2CE2F76D4F79005C7227CBC4DA6A2F7C7409FA7F26DED8BF395A230921627ABA62AA96AB4F815E2B370203010001A37D307B30160603551D250101FF040C300A06082B0601050507030330200603551D07041930178615687474703A2F2F6C69627764692E616B656F2E6965303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D010105050003818100BE2BFA3D95934EEE06A34C736AADB31DB9A933B2907BA3DD2C8CB9B1CAD772028F0591C3944BAAD6D90A5DCDCABAC3C02205A0E2F2718A56ABF960176CEBA61759028D24EC435C1396AD722A76D442F0EDF4FEFBEA9463C01430B61EF142799F19B54739D46974547AB527D27AD8CF56FD34DECA170653DC1413FB5EF4786901

formatfactory_3-8-0-0_fr_223920.exe
Status             : Scanned
Object             : %userprofile%\downloads\formatfactory_3-8-0-0_fr_223920.exe
MD5                : E791775BE2B5811D4D25CB39BC61134A
Publisher          : chen jun hao
Size               : 162304
Version            : 3.8.0.0
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\formatfactory_3-8-0-0_fr_223920.exe

FormatFactory.exe
Status             : Scanned
Object             : %programfiles%\formatfactory\formatfactory.exe
MD5                : 3440B75B8BE1D48DE8B9E422301A229A
Publisher          : chen jun hao
Size               : 6225736
Version            : 3.8.0.0
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\formatfactory\formatfactory.exe
                Reference - C:\Users\Natalshadow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk
                Reference - C:\Users\Natalshadow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk
                Reference - C:\Users\Natalshadow\AppData\Roaming\Microsoft\Windows\SendTo\Format Factory.lnk

DiscordOverlay.x86.exe
Status             : Scanned
Object             : %localappdata%\discord\app-0.0.290\overlay\discordoverlay.x86.exe
MD5                : 5608876D8686966CF11235348DC814A4
Publisher          : Hammer & Chisel Inc.
Size               : 1701560
Version            : -
Detection          : Malware:Win32/Quarand!Eeac
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\discord\app-0.0.290\overlay\discordoverlay.x86.exe

inject.x86.exe
Status             : Scanned
Object             : %localappdata%\discord\app-0.0.290\overlay\inject.x86.exe
MD5                : 7BFEDD45DC06F9AE382BE520F164A8F8
Publisher          : Hammer & Chisel Inc.
Size               : 1142968
Version            : -
Detection          : Malware:Win32/Quarand!Eeac
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\discord\app-0.0.290\overlay\inject.x86.exe

EBookCodec.exe
Status             : Scanned
Object             : %programfiles%\formatfactory\ffmodules\encoder\doc\ebookcodec.exe
MD5                : 86FDDA3AD65831C9E1E4744CA43DE70D
Publisher          : chen jun hao
Size               : 1975624
Version            : 1.0.0.1
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\formatfactory\ffmodules\encoder\doc\ebookcodec.exe

ffmpeg.exe
Status             : Scanned
Object             : %programfiles%\formatfactory\ffmodules\encoder\ffmpeg.exe
MD5                : 205B120F579E82B5CB19D20C954E1B49
Publisher          : chen jun hao
Size               : 16844800
Version            : -
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\formatfactory\ffmodules\encoder\ffmpeg.exe

FFInst.exe
Status             : Scanned
Object             : %programfiles%\formatfactory\ffinst.exe
MD5                : 2096CBEA7CD3DB840752967E8D62F089
Publisher          : chen jun hao
Size               : 105288
Version            : 1.2.0.0
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\formatfactory\ffinst.exe

RMEncoder.exe
Status             : Scanned
Object             : %programfiles%\formatfactory\ffmodules\rmencoder.exe
MD5                : C880C534BE8D99F920BD5BAC5586EF2E
Publisher          : chen jun hao
Size               : 208224
Version            : 2.0.0.0
Detection          : PUA:Win32/FormatFactory!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\formatfactory\ffmodules\rmencoder.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0

 

 

 

 

 

 

 

 

Thank you for your time and help !
 


Edited by Natalshadow, 09 May 2016 - 08:49 AM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 09 May 2016 - 09:45 PM

How are things running now?

 

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 Natalshadow

Natalshadow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 11 May 2016 - 02:02 PM

I contacted again the Internet provider, which made tests and aknowledged there was something wrong but has been completely unable to diagnose the problem.

I do have a feeling the computer runs better overall, but it might just be me. Still, I thank you very much for the cleaning you allowed me to perform.

 

Okay, here are the reports asked above :

What tales do they tell about my computer ? Some lines seemed bad by the look of it.

Again, thank you for your time.

 

Malwarebytes Scan.

 

Objects Scanned: 305092
Time Elapsed: 11 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PPC-software_Popup, Delete-on-Reboot, [ac64ba190495cc6aa1713a8fec179967],
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PPC-software_Start, Delete-on-Reboot, [16fabe15a7f2b086b9598247d82bea16],
PUP.Optional.InstallCore, HKU\S-1-5-21-3077622733-3005651299-2258842481-1000\SOFTWARE\csastats, Quarantined, [eb2520b3a4f56cca9138418993702fd1],
PUP.Optional.PCSpeedupPro, HKU\S-1-5-21-3077622733-3005651299-2258842481-1000\SOFTWARE\PPC-softwareLanguage, Quarantined, [0a068053bbde0d294e83fbcf3cc7a759],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ProCleaningSoftware, C:\Users\Natalshadow\Documents\PPC-software, Quarantined, [a9673a99c1d839fd938930978c77956b],
PUP.Optional.PCSpeedupPro, C:\Users\Natalshadow\AppData\Local\PPC-software, Quarantined, [a26e8053069354e209680892c83af20e],
PUP.Optional.PCSpeedupPro, C:\Users\Natalshadow\AppData\Local\PPC-software\PPC-software.exe_Url_1xuetxnfnbprkyvp4f3fgknib3pg5muj, Quarantined, [a26e8053069354e209680892c83af20e],
PUP.Optional.PCSpeedupPro, C:\Users\Natalshadow\AppData\Local\PPC-software\PPC-software.exe_Url_1xuetxnfnbprkyvp4f3fgknib3pg5muj\3.1.4.0, Quarantined, [a26e8053069354e209680892c83af20e],

Files: 5
PUP.Optional.ProCleaningSoftware, C:\Users\Natalshadow\Documents\PPC-software\logerror.txt, Quarantined, [a9673a99c1d839fd938930978c77956b],
PUP.Optional.ProCleaningSoftware, C:\Users\Natalshadow\Documents\PPC-software\log.txt, Quarantined, [a9673a99c1d839fd938930978c77956b],
PUP.Optional.ProCleaningSoftware, C:\Windows\System32\Tasks\PPC-software_Popup, Quarantined, [35db7063d8c137ff37d9c801f40f59a7],
PUP.Optional.ProCleaningSoftware, C:\Windows\System32\Tasks\PPC-software_Start, Quarantined, [7898cd06b5e4fc3a23ede5e4d231c040],
PUP.Optional.PCSpeedupPro, C:\Users\Natalshadow\AppData\Local\PPC-software\PPC-software.exe_Url_1xuetxnfnbprkyvp4f3fgknib3pg5muj\3.1.4.0\user.config, Quarantined, [a26e8053069354e209680892c83af20e],

Physical Sectors: 0
(No malicious items detected)


(end)

 

I made a second scan, to double check just in case and found nothing else.

 

ESET SCAN

 

No threats detected

 

 

 

Minitool Box

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Natalshadow (administrator) on 11-05-2016 at 19:36:01
Running from "C:\Users\Natalshadow\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: MS-7752 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Connexion au réseau local (Connected)
TAP-Windows Adapter V9 = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Natalshadow-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-BB-07-A5-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Connexion au r‚seau local:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-2B-D0-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2a01:e35:8a9b:7750:98a7:a66e:e680:8a74(Preferred)
   Temporary IPv6 Address. . . . . . : 2a01:e35:8a9b:7750:d123:f5:e25a:d3f0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::98a7:a66e:e680:8a74%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 11, 2016 5:56:45 PM
   Lease Expires . . . . . . . . . . : Saturday, May 21, 2016 5:56:44 PM
   Default Gateway . . . . . . . . . : fe80::224:d4ff:fec0:bd8c%11
                                       192.168.0.254
   DHCP Server . . . . . . . . . . . : 192.168.0.254
   DNS Servers . . . . . . . . . . . : 212.27.40.240
                                       212.27.40.241
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{131E341F-EF2C-4A7E-9C65-8096FBA78270}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Carte Microsoft ISATAP
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BB07A5CD-0925-4D7C-87F9-7E50054D62EB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns1.proxad.net
Address:  212.27.40.240

Name:    google.com
Addresses:  2a00:1450:4007:80e::200e
      64.15.116.89
      64.15.116.90
      64.15.116.85
      64.15.116.84
      64.15.116.91
      64.15.116.88
      64.15.116.87
      64.15.116.86


Pinging google.com [2a00:1450:4007:80e::200e] with 32 bytes of data:
Request timed out.
Reply from 2a00:1450:4007:80e::200e: time=37ms

Ping statistics for 2a00:1450:4007:80e::200e:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 37ms, Average = 37ms
Server:  dns1.proxad.net
Address:  212.27.40.240

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:58:c02::a9: time=143ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 143ms, Maximum = 143ms, Average = 143ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 ff bb 07 a5 cd ......TAP-Windows Adapter V9
 11...d4 3d 7e 2b d0 dd ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254     192.168.0.12     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    276
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::224:d4ff:fec0:bd8c
  1    306 ::1/128                  On-link
 11     28 2a01:e35:8a9b:7750::/64  On-link
 11    276 2a01:e35:8a9b:7750:98a7:a66e:e680:8a74/128
                                    On-link
 11    276 2a01:e35:8a9b:7750:d123:f5:e25a:d3f0/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::98a7:a66e:e680:8a74/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/11/2016 06:26:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/11/2016 06:26:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/11/2016 05:57:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Exception code: 0xc0000005
Fault offset: 0x0000ea8b
Faulting process id: 0x94c
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3

Error: (05/11/2016 05:57:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 05:57:02 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2016 12:40:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Exception code: 0xc0000005
Fault offset: 0x0000ea8b
Faulting process id: 0xaa0
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3

Error: (05/11/2016 12:40:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 12:40:24 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/10/2016 01:44:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.26, time stamp: 0x56b403d2
Exception code: 0xc0000005
Fault offset: 0x0000ea8b
Faulting process id: 0x9f4
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3

Error: (05/10/2016 01:44:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/11/2016 06:30:52 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/11/2016 06:30:52 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\NATALS~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/11/2016 06:30:51 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/11/2016 06:30:51 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\NATALS~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/11/2016 06:30:16 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/11/2016 06:30:16 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\NATALS~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/11/2016 06:28:10 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/11/2016 06:28:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\NATALS~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/11/2016 06:28:09 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/11/2016 06:28:09 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\NATALS~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (05/11/2016 06:26:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Natalshadow\Downloads\esetsmartinstaller_enu.exe

Error: (05/11/2016 06:26:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Natalshadow\Downloads\esetsmartinstaller_enu.exe

Error: (05/11/2016 05:57:41 PM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.2656b403d2MSI_LiveUpdate_Service.exe1.0.0.2656b403d2c00000050000ea8b94c01d1ab9dc4e8b71fC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe1702b260-1791-11e6-ac36-d43d7e2bd0dd

Error: (05/11/2016 05:57:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 05:57:02 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2016 12:40:52 PM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.2656b403d2MSI_LiveUpdate_Service.exe1.0.0.2656b403d2c00000050000ea8baa001d1ab7187d56effC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exed483c7e2-1764-11e6-b41d-d43d7e2bd0dd

Error: (05/11/2016 12:40:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 12:40:24 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/10/2016 01:44:49 PM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.2656b403d2MSI_LiveUpdate_Service.exe1.0.0.2656b403d2c00000050000ea8b9f401d1aab13afda98dC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeC:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe996ef345-16a4-11e6-83ea-d43d7e2bd0dd

Error: (05/10/2016 01:44:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2016-02-14 11:58:27.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:58:27.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:58:25.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:58:25.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:55:24.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:55:24.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:55:05.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:55:05.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:54:30.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-14 11:54:30.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
AVG Zen (HKLM\...\{156D704F-96AE-498A-8E1C-2779B474B8DE}) (Version: 1.51.58 - AVG Technologies) Hidden
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{40C98ADC-A44D-401E-BDDD-5094E4CF7D09}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.1.4.16584 - Avira Operations GmbH & Co. KG)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKCU\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
Elite Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVE Online (HKCU\...\{2e58fe5d-e85c-49e0-a850-bcadfc537b41}) (Version: 1.0.0 - CCP)
FMW 1 (HKLM\...\{FAA6526A-BDA0-4D97-B79F-718937AAFACB}) (Version: 1.73.2 - AVG Technologies) Hidden
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreePIE (HKLM-x32\...\{FD5ADEC0-F65D-4F0E-8CD2-D905FA372E61}) (Version: 1.9.629.0 - FreePIE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
IL-2 Sturmovik: Cliffs of Dover (HKLM-x32\...\Steam App 63950) (Version:  - 1C: Maddox Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{6513E16C-7FC9-4DE6-930F-B62E588673C0}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JoystickCurves (HKCU\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Medal of Honor Batailles du Pacifique™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.6.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 46.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 fr)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NaturalPoint USB Drivers x64 (HKLM\...\{533773B8-9AC1-4C0F-A2BF-57466A45C6F5}) (Version: 2.70.0000 - NaturalPoint)
NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.2 - OBS Project)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Planetary Annihilation (HKLM\...\Steam App 233250) (Version:  - Uber Entertainment)
PlanetSide 2 (HKCU\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKCU\...\DGC-PlanetSide 2) (Version: 1.0.3.192 - Daybreak Game Company)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
SDL Trados 2015 - Remove suite of products (HKLM-x32\...\TranslationStudio2015) (Version: 4.0.4809 - SDL)
SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2015  (HKLM-x32\...\{27FA26BF-7D3F-458F-A4FF-3F972177B1DC}) (Version: 4.0.4809 - SDL)
SDL WorldServer Components (HKLM-x32\...\{CF32FB2A-0B13-4D6F-AB9F-9687D855C069}) (Version: 1.0.4809 - SDL)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Star Citizen Launcher (HKCU\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.2252 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TrackIR 5 (HKLM-x32\...\{c1ef3d1e-986d-400c-966a-8bdb6149fe02}) (Version: 5.4.1.0000 - NaturalPoint)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VoiceAttack (HKLM-x32\...\{29C3E11A-FE87-4555-A896-928A73369CD2}) (Version: 1.5.8 - VoiceAttack.com)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
X3: Albion Prelude (HKLM\...\Steam App 201310) (Version:  - Egosoft)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 8142.93 MB
Available physical RAM: 4523.81 MB
Total Virtual: 16284.04 MB
Available Virtual: 11931.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:458.45 GB) (Free:282.26 GB) NTFS
2 Drive d: () (Fixed) (Total:472.53 GB) (Free:344.26 GB) NTFS
3 Drive e: (HDD 3To) (Fixed) (Total:2794.39 GB) (Free:2027.88 GB) NTFS

========================= Users: ========================================

User accounts for \\NATALSHADOW-PC

Administrateur           Invit‚                   Natalshadow              


**** End of log ****

 

 

 

 

 

Security Check Scan

 

SecurityCheck by glax24 & Severnyj v.1.4.0.39 [23.04.16]
WebSite: www.safezone.cc
DateLog: 11.05.2016 19:41:20
Path starting: C:\Users\Natalshadow\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Natalshadow
VersionXML: 2.87is-10.05.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 13.02.2016 16:14:43
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [458.4 Gb] Used: [176.1 Gb] Free: [282.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18314 [+]
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-05-11 14:25:50
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (disabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.16.282
ESET Online Scanner v3
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.31 (64-bit) v.5.31.0
VLC media player v.2.2.3
OpenOffice 4.1.2 v.4.12.9782
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.22 v.7.22.109 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
Deluge 1.3.12 Warning! P2P-client.
qBittorrent 3.3.4 v.3.3.4 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 91 v.8.0.910.14 Warning! Download Update
Uninstall old version and install new one.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 21 NPAPI v.21.0.0.213
Adobe Acrobat Reader DC - Français v.15.010.20060 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.50.0.2661.94
Mozilla Firefox 46.0.1 (x86 fr) v.46.0.1
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.46.0.1.5966
C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.16.251
C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.16.251
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.16.282
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.16.262
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
----------------------------- [ End of Log ] ------------------------------
 

 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 11 May 2016 - 04:24 PM

Can you tell me what issues remain. then we can go from there. :) 



#7 Natalshadow

Natalshadow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 12 May 2016 - 05:38 AM

Okay there's one last issue as far as I can tell:

When booted and idle on desktop, my computer used to be at around 20 or 25% memory use, and processor would go idle within about five minutes.

It no longer does, memory use has risen up to 35% for no reason and CPU is all over the place, goes from 0 to 80%, with a lot of jitter, even 20 minutes after boot time.

 

I first thought it was the new softwares I installed to follow your instructions, so I've been on msconfig and disabled not important softwares at startup. Still the memory and CPU are having fun.

According to the windows resources monitor, avguard.exe and svchost.exe are using the Disk at 100%, however avguard.exe did not appear in the Task Manager windows with "Processes from all users" ticked.

So I'm missing something. The power consumption is higher, however the resources monitor and task manager don't say the same thing.

 

This is the last issue I seem to have on my computer.

 

 

 

EDIT 1 :

MalwareBytes has been blocking a few IPs both inbound and outbound from Skype.exe , I didn't have time to write the IPs and only thought of screenshots now. They don't appear on the logs of Malwarebytes.

There are no current activities with Skype, it's running in the background, no window apart from the contact list are loaded.

Would that be MalwareBytes being too sensitive or does that mean Skype represents a vulnerability ? Or anything else ?

Next time the popup appears I will screenshot the IP and try to define what it is.


Edited by Natalshadow, 12 May 2016 - 04:22 PM.


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 12 May 2016 - 05:05 PM

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

Ccleaner To disable Useless Startups.

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform
kwLN4uv.png

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

 

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.

Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

Reboot the machine after.

 

I also highly suggest a check disk be ran on this machine!

 

Run chkdsk /f /r from elevated command prompt.

 

 

 
 
 
 

 

 

 

 

 

Edited by InadequateInfirmity, 12 May 2016 - 05:06 PM.


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 13 May 2016 - 09:34 PM

Also, you should consider removing AVG Zen. You can do this with D Uninstaller.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users