Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I might have downloaded an infected .rar file.


  • Please log in to reply
14 replies to this topic

#1 MrSeeker

MrSeeker

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 August 2016 - 10:50 PM

Hello. I have a Windows 7 64bit laptop.

 

I have a strong suspicion that my laptop may be infected with something. All of a sudden it became really slow doing things and it will just completely freeze up. Like for example , trying to search through my files using Windows Explorer or anytime I try using any of my browsers, especially Firefox. Firefox is super slow even when I open it in safe mode. Then my laptop will freeze up to the point where I end up having to just unplug it to shut it off. It also freezes up even when I don't open a browser.

 

This all started 5 or 6 days ago. Unfortunately I think I may have downloaded an infected .rar or .zip file. It was a folder of images (or at least that's what it was supposed to be). The reason I think it was suspicious is because it never did finish downloading.Then, the next day after that, I downloaded and installed a definition update for Windows Defender and then immediately after that is when I first started noticing problems with my Firefox and then all the other problems.

 

I was going to restore my system back to the point before I installed the definition update but then I noticed that my laptop was not saving any restore points. So I tried to fix my pagefile by defragmenting my hard drive.

 

I ran a boot time scan with Avast but I'm still having the same problems. Here are the results of that scan:
 
 
 
----------------------------------------
08/20/2016 00:39
Scan of all local drives
 
File C:\Users\Jeff\AppData\Local\Bundled software uninstaller\bi_client.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3278AOWM\OCSetupHlp[1].dll is infected by Win32:OpenCandy-D [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRB4OI56\BiTool[2].dll is infected by Win32:Somoto-AD [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVJPKK9F\bi_downloader[1].exe|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJJNB7C5\bi_downloader[1].exe|>$PLUGINSDIR\bi_client.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJJNB7C5\bi_downloader[1].exe is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\+Nu1r5Si.exe.part is infected by Win32:InstalleRex-HT [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\+wCTaVQ9.exe.part is infected by Win32:Adware-BEK [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nskA49B.tmp|>$PLUGINSDIR\bi_client.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nskA49B.tmp is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsm125E.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsmDA79.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsnC7A9.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nso19CF.tmp|>$PLUGINSDIR\bi_client.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nso19CF.tmp is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nspB65B.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsq3B04.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\eKdRSyrr.exe.part is infected by Win32:Adware-BEK [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\ocpBF8.tmp\ocpBF9.tmp is infected by Win32:OpenCandy-D [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\bitool.dll is infected by Win32:Somoto-AD [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\bKkJ4b+y.exe.part is infected by Win32:Installer-K [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsqAA94.tmp|>$PLUGINSDIR\bi_client.exe is infected by Win32:Somoto-F [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsqAA94.tmp is infected by Win32:Somoto-J [PUP], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\is1598539481\zgInstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\FastFreeConverter_Somoto2.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Jeff\AppData\Local\Temp\nsaE88.tmp|>$TEMP\BetterInstaller.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_002bc2|>default.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_002c2b|>zh-TW.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_002cd8|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_002cd9|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_0014cf|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_00203b|>default.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_0026b0|>default.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Google\GoogleEarth\webdata\f_002ad0|>default.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\49ac4b0-77960858|>testesta.class is infected by Java:CVE-2012-5076-B [Expl], Moved to chest
File C:\Users\Jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\49ac4b0-77960858|>testestb.class is infected by Java:Agent-CDQ [Expl], Moved to chest
File C:\Users\Jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\54e7b334-488410c6|>testesta.class is infected by Java:CVE-2012-5076-B [Expl], Moved to chest
File C:\Users\Jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\54e7b334-488410c6|>testestb.class is infected by Java:Agent-CDQ [Expl], Moved to chest
File C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\4eytaqzv.default\adblockplus\patterns-backup1.ini Error 0xC000003E {Data Error}
File C:\Users\Jeff\Downloads\ac3filter_2_6_0b.exe|>{tmp}\OCSetupHlp.dll is infected by Win32:OpenCandy-D [PUP], Moved to chest
 
Number of searched folders: 50499
Number of tested files: 1864368
Number of infected files: 32
 
 
 


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 23 August 2016 - 02:33 PM

Hello. Uninstall Google Earth, it's been corrupted. You can reinstall later. Reboot machine.

Next

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 23 August 2016 - 04:49 PM

Hi boopme. Thank you for your response. I will get started right away.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 24 August 2016 - 10:06 AM

OK
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 24 August 2016 - 04:10 PM

Hi boopme. Well unfortunately I have been having trouble with this. First, I uninstalled Google Earth but after I rebooted my laptop was not able to connect to the internet for some reason. But after a couple of hours I was finally able to fix that.

 

I then ran the first 3 scanners you directed me to and everything went fine with that except I forgot to reboot after I ran each one and I also forgot to turn off Windows Defender. So I'm not sure if that might have messed everything up or what.

 

Also, when I ran the ESET scanner last, it was never able to finish scanning because my laptop would just totally freeze up. It ran for about 4 hours and was about 50% done when my laptop just froze up for good. And it did find some infected files.

 

Should I redo those first 3 scanners again but this time making sure to reboot after each one and making sure to turn off Windows Defender or would that not even really make a difference?

 

Well anyhow, here are the results of the first 3 tests and also the results of the unfinished ESET scan:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Jeff (administrator) on 23-08-2016 at 22:52:35
Running from "C:\Users\Jeff\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: A15 Manufacturer: PEGATRON CORPORATION
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR9002WB-1NG Wireless Network Adapter #1 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : JComp2
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cfl.rr.com
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : F2-91-53-53-45-A1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter #1
   Physical Address. . . . . . . . . : E0-91-53-53-45-A1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : E0-69-95-CC-4C-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f86b:a7d0:9537:92bf%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.145(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 23, 2016 10:33:11 PM
   Lease Expires . . . . . . . . . . : Wednesday, August 24, 2016 10:33:10 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 266365333
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-CA-15-6C-E0-69-95-CC-4C-CE
   DNS Servers . . . . . . . . . . . : 75.114.81.1
                                       75.114.81.2
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{F513D95E-3491-4B0C-97CC-389DFC9CCA90}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{31E48EBF-C347-496E-B4E1-D918274CE3D9}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.cfl.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  75-114-81-1.net.bhntampa.com
Address:  75.114.81.1
 
Name:    google.com
Addresses:  2607:f8b0:4002:c08::64
 74.125.196.100
 74.125.196.102
 74.125.196.139
 74.125.196.138
 74.125.196.101
 74.125.196.113
 
 
Pinging google.com [173.194.219.101] with 32 bytes of data:
Reply from 173.194.219.101: bytes=32 time=21ms TTL=44
Reply from 173.194.219.101: bytes=32 time=23ms TTL=44
 
Ping statistics for 173.194.219.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 23ms, Average = 22ms
Server:  75-114-81-1.net.bhntampa.com
Address:  75.114.81.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=54ms TTL=47
Reply from 98.138.253.109: bytes=32 time=55ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 55ms, Average = 54ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...f2 91 53 53 45 a1 ......Microsoft Virtual WiFi Miniport Adapter
 15...e0 91 53 53 45 a1 ......Atheros AR9002WB-1NG Wireless Network Adapter #1
 12...e0 69 95 cc 4c ce ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.145     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.145    276
    192.168.1.145  255.255.255.255         On-link     192.168.1.145    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.145    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.145    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.145    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::f86b:a7d0:9537:92bf/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/23/2016 10:34:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 10:24:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 09:09:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 09:05:21 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (08/23/2016 08:54:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:49:12 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1192) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/23/2016 08:41:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:32:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:13:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 07:24:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/23/2016 10:36:23 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.
 
 
Error: (08/23/2016 10:36:23 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330 = Logon failure: the specified account password has expired.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/23/2016 10:36:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/23/2016 10:34:18 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (08/23/2016 10:34:18 PM) (Source: Service Control Manager) (User: )
Description: The Application Virtualization Client service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (08/23/2016 10:34:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
 
Error: (08/23/2016 10:27:35 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.
 
 
Error: (08/23/2016 10:27:35 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330 = Logon failure: the specified account password has expired.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/23/2016 10:26:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/23/2016 10:20:00 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
 
Microsoft Office Sessions:
=========================
Error: (08/23/2016 10:34:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 10:24:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 09:09:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 09:05:21 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (08/23/2016 08:54:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:49:12 PM) (Source: ESENT)(User: )
Description: wuaueng.dll1192SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (08/23/2016 08:41:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:32:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 08:13:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2016 07:24:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\{4016464A-0C3E-4070-8293-5D7F0D8EAE3A}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}) (Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AveoCap (HKLM-x32\...\{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}) (Version: 1.00.0011 - AVEO)
Beneath a Steel Sky (HKLM-x32\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - )
Canon CanoScan LiDE 110 User Registration (HKLM-x32\...\Canon CanoScan LiDE 110 User Registration) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
CoffeeCup Direct FTP (HKLM-x32\...\{88741A14-4C9D-469F-BA36-8FDF6037BB68}) (Version: 3.9.2015 - CoffeeCup Software Inc.)
CoffeeCup HTML Editor (HKCU\...\CoffeeCup HTML Editor) (Version:  - )
CoffeeCup Website Color Schemer (HKLM-x32\...\CoffeeCup Website Color Schemer) (Version:  - CoffeeCup Software)
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.5.64714.1383 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.2.51 - Conexant)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Eidos)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.68 - DivX, LLC)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.0.5 - Sentelic)
Free Alarm Clock 2.7.1 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
FUJIFILM MyFinePix Studio 4.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)
GOG.com Downloader version 3.5.6 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.5.6 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
LibreOffice 4.4.6.3 (HKLM-x32\...\{1013DB12-EC2E-455E-B5ED-BFD056DC1A99}) (Version: 4.4.6.3 - The Document Foundation)
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1.6073 - Mozilla)
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0032 - Pegatron Corporation)
PRE12 STI 64Installer (HKLM-x32\...\{06934A7E-D27F-4C5C-9D93-9715E274D736}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory) Hidden
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RPGXP (HKLM-x32\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
SafeZone Stable 1.48.2066.101 (HKLM-x32\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis)
Space Rangers 2 - Reboot (HKLM-x32\...\Space Rangers 2 - Reboot_is1) (Version:  - GOG.com)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\The Witcher Enhanced Edition Director's Cut_is1) (Version:  - GOG.com)
UserTesting (HKCU\...\UserTestingPlugin) (Version:  - UserTesting.com)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhatUsersDo-Screen-Recorder version 1.0 (HKLM-x32\...\{E13A55D7-EC52-44B7-A55A-5D24AA8101E3}_is1) (Version: 1.0 - WhatUsersDo Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{B39AA98E-C966-46C9-ACA2-D2586E300988}) (Version: 2.29.0.1 - PEGATRON)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 50%
Total physical RAM: 4007.05 MB
Available physical RAM: 1968.16 MB
Total Virtual: 8012.29 MB
Available Virtual: 5013.94 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:43.97 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JCOMP2
 
Administrator            Guest                    Jeff                     
UpdatusUser              
 
 
**** End of log ****
 
 
# AdwCleaner v6.000 - Logfile created 23/08/2016 at 23:18:12
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jeff - JCOMP2
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Jeff\AppData\Local\Bundled software uninstaller
 
 
***** [ Files ] *****
 
File Found:  C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\BI
Key Found:  HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\Conduit
Key Found:  HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\YahooPartnerToolbar
Key Found:  HKCU\Software\BI
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\YahooPartnerToolbar
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1436 Bytes] - [23/08/2016 23:18:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1509 Bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Jeff (Administrator) on Tue 08/23/2016 at 23:35:25.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 68 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\Users\Jeff\AppData\Local\bundled software uninstaller (Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3278AOWM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8830AMGV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRB4OI56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS91A6SA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVJPKK9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJJNB7C5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEW2GTF7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5GKLNSC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3278AOWM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8830AMGV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRB4OI56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS91A6SA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVJPKK9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJJNB7C5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEW2GTF7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5GKLNSC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\sho162E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho2203.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho329E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho4831.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho4A1A.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho4DFB.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho5117.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho5412.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho5576.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho6053.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho62A3.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho654E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho6A2E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho6B0.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho72AA.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho779A.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho79C9.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho7F24.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho865D.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho885A.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho8B0.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\sho9C54.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoAB83.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoB78D.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoBB08.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoBCCB.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoC2ED.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoC451.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoC939.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoCA61.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoCA74.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoCC44.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoD35E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoD5D6.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoD61F.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoDA9C.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoE16F.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoEA48.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoEAA.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoEEB.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoF7A9.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoFC8.tmp (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/23/2016 at 23:54:43.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 24 August 2016 - 04:14 PM

Unfinished ESET scan:
 
C:\Users\Jeff\AppData\Local\Temp\helper.exe MSIL/FileTypeHelper.A potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\nsd1B80.tmp Win32/Somoto.M potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\nse6AAA.tmp Win32/Somoto.M potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\nsg1182.tmp Win32/Somoto.M potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\nsmC6AE.tmp Win32/Somoto.M potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\nsp1529.tmp Win32/Somoto.G potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\ct3288691\ism.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\dlmF9B9.tmp\extractnow.exe Win32/WebDevAZ.C potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\ICReinstall\cnet_setup_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Jeff\AppData\Local\Temp\ICReinstall\cnet_spywareblastersetup44_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Jeff\Downloads\extractnow.exe Win32/WebDevAZ.C potentially unwanted application


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 25 August 2016 - 10:04 AM

OK.. now these and we'll see how it is.

remove what ADWCleaner found.

Please download AdwCleaner by Xplode and save to your Desktop.51a46ae42d560-malwarebytes_anti_malware.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • Malwarebytes Anti-Malware
    • Download MalwareBytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
    • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
    • Click the Scan Now button, a threat scan will start automatically.
    • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
    • Your computer is now being scanned, please do not use your computer during the scan.
      • If no threats were found, click View detailed log.
        • Click Export and save the log as a .txt file on your Desktop or another location.
      • If the scan detected any threats, click Apply Actions.
        • To complete any actions taken you will be prompted to restart your computer...click on Yes.
        • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
        • Check the box next to Scan Log. Choose the most current scan and click View.
        • Click Export and save the log as a .txt file on your Desktop or another location.
    • Providing the MalwareBytes' Anti-Malware log file
      • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 25 August 2016 - 02:07 PM

Should I reboot after running  AdwCleaner?



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 25 August 2016 - 02:14 PM

Yes
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 25 August 2016 - 03:07 PM

Before I continue, I have a question:

Shouldn't I also rerun MiniToolBox and Junkware Removal Tool and reboot after each one since I didn't do that the first time?

And if I should, then in what order should I run all of these scans?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 25 August 2016 - 03:10 PM

JRT will probably reboot itself.
No need after Mini
Just need
ADW and MBAM now.

I'll be back in a bit.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 26 August 2016 - 04:22 AM

Well unfortunately my computer still has the same problems.

 

Here are the results of the two scans:

 

 

# AdwCleaner v6.010 - Logfile created 26/08/2016 at 00:49:40
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-25.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jeff - JCOMP2
# Running from : C:\Users\Jeff\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\BI
[-] Key deleted: HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1906881716-3229558287-3348084575-1001\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\BI
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "extensions.wrc.SearchRules.ask.com.style" -  ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1616 Bytes] - [26/08/2016 00:49:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [1588 Bytes] - [23/08/2016 23:18:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1956 Bytes] - [26/08/2016 00:44:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1835 Bytes] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/26/2016
Scan Time: 1:25 AM
Logfile: malwarebytes1.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.26.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeff
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355922
Time Elapsed: 46 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3288691, Quarantined, [7f2b400f9a00b0864810cfcc57adef11], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3297861, Quarantined, [a80280cf2872221426329a01c53fe31d], 
 
Files: 12
PUP.Optional.Somoto, C:\Users\Jeff\AppData\Local\Temp\nsg1182.tmp, Quarantined, [6b3f56f95842de58ba89cf3e44c009f7], 
PUP.Optional.Somoto, C:\Users\Jeff\AppData\Local\Temp\nsmC6AE.tmp, Quarantined, [7a30cb84b0ea3df9a2a1f81517ed54ac], 
PUP.Optional.Somoto, C:\Users\Jeff\AppData\Local\Temp\nsp1529.tmp, Quarantined, [f4b67cd37a20270fc2bf009d847da957], 
PUP.Optional.Somoto, C:\Users\Jeff\AppData\Local\Temp\nsd1B80.tmp, Quarantined, [802ad877faa0e650fa497895669ed42c], 
PUP.Optional.Somoto, C:\Users\Jeff\AppData\Local\Temp\nse6AAA.tmp, Quarantined, [cbdf4b04693145f16fd4b05d8c783fc1], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3288691\ism.exe, Quarantined, [2f7b93bc217964d2ec7d7caec43df010], 
PUP.Optional.BundleInstaller, C:\Users\Jeff\AppData\Local\Temp\binsis142.xml, Quarantined, [decca6a94f4bb383b549be3b17ecdf21], 
PUP.Optional.BundleInstaller, C:\Users\Jeff\AppData\Local\Temp\binsischeck654.xml, Quarantined, [a60480cfd6c4c571da2592671de608f8], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3288691\setup.ini.txt, Quarantined, [7f2b400f9a00b0864810cfcc57adef11], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3288691\chromeid.txt, Quarantined, [7f2b400f9a00b0864810cfcc57adef11], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3297861\setup.ini.txt, Quarantined, [a80280cf2872221426329a01c53fe31d], 
PUP.Optional.Conduit, C:\Users\Jeff\AppData\Local\Temp\ct3297861\chromeid.txt, Quarantined, [a80280cf2872221426329a01c53fe31d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Kuszotke

Kuszotke

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 26 August 2016 - 12:43 PM

Correct me if i'm wrong, but isn't it impossible for a malicious program to work without running it? (executable file)

 

I mean, if you just downloaded a malicious .exe file (or any other executable file type) it shouldn't be able to do any harm unless executed.

 

Do not take my reply seriously right now. I may be wrong.

 

 

@down thanks for teaching me something


Edited by Kuszotke, 26 August 2016 - 01:31 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 26 August 2016 - 12:59 PM

It is possible
There are a few cases where simply downloading a file without opening it could lead to execution of attacker controlled code from within the file. It usually involves exploiting a known vulnerability within a program which will handle the file in some way. Here are some examples, but other cases are sure to exist:
•The file targets a vulnerability in your antivirus which triggers when the file is scanned
•The file targets a vulnerability in your file system such as NTFS where the filename or another property could trigger the bug
•The file targets a bug which can be triggered when generating a file preview such as PDF or image thumbnail
•A library file (ex. dll) could get executed when saved to the same directory where an application vulnerable to binary planting is executed from
 
Sorry lost where I copied this from.
 
If you reboot your machine now and it still there then we need a deeper look. Please follow this Preparation Guide, start at sep 6  and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 MrSeeker

MrSeeker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 26 August 2016 - 08:50 PM

Thanks for trying to help me. I'll post a new topic in the other forum.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users