Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

abc processes constantly running in background


  • Please log in to reply
10 replies to this topic

#1 Legend Dan

Legend Dan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 26 December 2016 - 10:25 PM

I was trying to download the latest Doctor Who episode and I found a file that was obviously malicious.  Then my 2 year old came in the room, talked to me, and when she left I turned back to the computer, forgot what I was doing and downloaded it the hell anyway.

I've uninstalled about a million programs and now my computer is back to the point where it's usable.  One recurring problem, though, is I have a background process called "abc" that runs, and when I close it another one pops up.  It usually plays some audio ad or another, and frequently Microsoft Edge opens up trying to go to some website or another. Occasionally it'll keep opening and there'll be five or six abc processes running simultaneously. 

I'm running Windows 10.  Outside of uninstalling as much of the crapware as I could, I haven't gone through any other steps to fix it.  I googled the problem and this forum came up.

Please help (and thank you very much).

 

<edit>  I now find my browser (Firefox) occasionally being redirected to PC Keeper and various other ads.


Edited by Orange Blossom, 27 December 2016 - 01:17 AM.
Moved from Windows 10 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 MDD1963

MDD1963

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 December 2016 - 01:37 AM

I'd try freefixer.com

 

The scan it runswhitelists many well-known process/programs, etc., but, pretty much every last process/program running or scheduled for execution you will be given a choice to delete. (Choose carefully, if you choose something that should not be deleted.....you did it)

 

If that doesn't work, MS has 'processexplorer' that can be downloaded, and, allow you to easily identify where this 'abc' process is springing to life from.

 

Of course, Malwarebytes AM and JRT will find most known hostile programs, give them a crack too!


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 27 December 2016 - 02:49 AM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Security Check Scan.



  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.



#4 Legend Dan

Legend Dan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 27 December 2016 - 12:09 PM

Again, thank you very much.

Zemana AntiMalware 2.70.2.244 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/27
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™2 Quad CPU  Q9500 @ 2.83GHz
BIOS Mode              : Legacy
CUID                   : 1267ACD593FDD3EEC8F611
Scan Type              : Custom Scan
Duration               : 47m 36s
Scanned Objects        : 187843
Detected Objects       : 32
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\f4kquejxxa\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\htmb8uaeef\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\orc61s404u\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\x6z63q2f1m\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

anonymizergadget
Status             : Scanned
Object             : NE->c:\program files (x86)\anonymizergadget
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Anonymizer.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

bestcleaner
Status             : Scanned
Object             : NE->c:\program files (x86)\bestcleaner
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/BestCleaner.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

iexplore.bat
Status             : Scanned
Object             : NE->c:\program files (x86)\internet explorer\iexplore.bat
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Gen.bat.AI!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

firefox.bat
Status             : Scanned
Object             : NE->c:\program files (x86)\mozilla firefox\firefox.bat
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Gen.bat.AF!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

interstatnogui_357
Status             : Scanned
Object             : NE->c:\users\dan\appdata\local\crashrpt\unsentcrashreports\interstatnogui_357
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/InterStat.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

logs
Status             : Scanned
Object             : NE->c:\users\dan\appdata\local\crashrpt\unsentcrashreports\interstatnogui_357\logs
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/InterStat.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

vlngpminer.exe
Status             : Scanned
Object             : NE->c:\users\dan\appdata\local\temp\io5v0dk07\vlngpminer.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Trojan:Win32/CPUMiner.Generic.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstallro.exe
Status             : Scanned
Object             : NE->c:\users\dan\appdata\local\uninstallro.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/REOptimizer.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

agdata
Status             : Scanned
Object             : NE->c:\users\dan\appdata\roaming\agdata
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Anonymizer.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

tmplog.log
Status             : Scanned
Object             : NE->c:\windows\system32\tmplog.log
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/HDWallPaper.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

0326b3f94a66442d4aee9ab8daecb5f8.exe
Status             : Scanned
Object             : %systemroot%\0326b3f94a66442d4aee9ab8daecb5f8.exe
MD5                : DDB23882121712D9FD83EA982DE0024F
Publisher          : -
Size               : 1718968
Version            : -
Detection          : Adware:Win32/Tamaca!Mter
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\0326b3f94a66442d4aee9ab8daecb5f8.exe

AGLoader.dll
Status             : Scanned
Object             : %appdata%\agdata\bin\agloader.dll
MD5                : 9B7AC58152CB305B4CE5D9D8E3FA115D
Publisher          : Investservis JSC
Size               : 867336
Version            : 1.0.0.1
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\agdata\bin\agloader.dll

TurmeYaeef.dll
Status             : Scanned
Object             : %temp%\nsad510.tmp\turmeyaeef.dll
MD5                : FD5A25DF62254752408CEC3897AE1934
Publisher          : -
Size               : 86528
Version            : 1.0.0.3
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsad510.tmp\turmeyaeef.dll

RieatBisx.dll
Status             : Scanned
Object             : %temp%\nsad510.tmp\rieatbisx.dll
MD5                : 5016B35E2DD0324EFA89C58ABADB6CC3
Publisher          : -
Size               : 146432
Version            : 1.0.0.3
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsad510.tmp\rieatbisx.dll

Nryfl.Ebi
Status             : Scanned
Object             : %temp%\nsad510.tmp\nryfl.ebi
MD5                : 0457F864F92B302F7EA2CE6F46AB3DB9
Publisher          : -
Size               : 615424
Version            : 1.0.0.3
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsad510.tmp\nryfl.ebi

GeekBuddy8098.exe
Status             : Scanned
Object             : %temp%\sn2ap54pu\geekbuddy8098.exe
MD5                : 07875DB42A4787F59900C9B6CD215DBD
Publisher          : -
Size               : 105089
Version            : -
Detection          : Malware:Win32/Multi.Generic!Mrar
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\sn2ap54pu\geekbuddy8098.exe

NSISdl.dll
Status             : Scanned
Object             : %temp%\nsp58d4.tmp\nsisdl.dll
MD5                : E0A198A9601806B4E1BD9B9767494FFD
Publisher          : Investservis JSC
Size               : 23560
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsp58d4.tmp\nsisdl.dll

nsExec.dll
Status             : Scanned
Object             : %temp%\nsp58d4.tmp\nsexec.dll
MD5                : 1EDE21252B019B147E834A9ED86B2716
Publisher          : Investservis JSC
Size               : 13832
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsp58d4.tmp\nsexec.dll

nsisunz.dll
Status             : Scanned
Object             : %temp%\nsp58d4.tmp\nsisunz.dll
MD5                : 9F4674940E752F31D4619DBEF6D4EB84
Publisher          : Investservis JSC
Size               : 97800
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsp58d4.tmp\nsisunz.dll

CheckUser.dll
Status             : Scanned
Object             : %temp%\is-4lgbn.tmp\checkuser.dll
MD5                : 656828F89C237CC127980B0A0BDCFBC3
Publisher          : GOLD CLICK LIMITED
Size               : 232544
Version            : 1.0.0.0
Detection          : Adware:Win32/BulkHeur.dfe8f4!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\is-4lgbn.tmp\checkuser.dll

brh.dll
Status             : Scanned
Object             : %temp%\nsa9631.tmp\brh.dll
MD5                : FB4FD83B386BF4712FA24F1594046D48
Publisher          : -
Size               : 793600
Version            : -
Detection          : Adware:Win32/Kloom.A!Rare
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsa9631.tmp\brh.dll

Itibiti_Knctr_C.exe
Status             : Scanned
Object             : %temp%\6lskj9j98\itibiti_knctr_c.exe
MD5                : 71508F595FED63C65FFEE3589E22AC1B
Publisher          : -
Size               : 64887
Version            : 1.0.0.0
Detection          : Adware:Win32/Goorka.A!Titk
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\6lskj9j98\itibiti_knctr_c.exe

ASIns.exe
Status             : Scanned
Object             : %temp%\562039f4-6545-4565-ac52-298dbd7ca114\asins.exe
MD5                : 5464883877544BE02ECF856040F31EAF
Publisher          : -
Size               : 259478
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\562039f4-6545-4565-ac52-298dbd7ca114\asins.exe

polos.exe
Status             : Scanned
Object             : %programfiles%\screechy\polos.exe
MD5                : D85C46C84CC527560B89F45505F9686C
Publisher          : -
Size               : 75140
Version            : -
Detection          : Adware:Win32/Blackoat.A!Kkre
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\screechy\polos.exe

uninstaller.exe
Status             : Scanned
Object             : %programfiles%\anonymizergadget\uninstaller.exe
MD5                : 37A07FCE59DF360961A3B60085CF71A9
Publisher          : Investservis JSC
Size               : 127816
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\anonymizergadget\uninstaller.exe

AnonymizerLauncher.exe
Status             : Scanned
Object             : %programfiles%\anonymizergadget\anonymizerlauncher.exe
MD5                : EB67273C54E78DB4FAFFAB9001148753
Publisher          : Investservis JSC
Size               : 295944
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\anonymizergadget\anonymizerlauncher.exe

AGUtils.dll
Status             : Scanned
Object             : %programfiles%\anonymizergadget\agutils.dll
MD5                : 36A70D169326B9F4D2643A54FBFA38FA
Publisher          : Investservis JSC
Size               : 310792
Version            : 1.968.0.0
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\anonymizergadget\agutils.dll

AGService.exe
Status             : Scanned
Object             : %programfiles%\anonymizergadget\agservice.exe
MD5                : E83798FC59168E5378E54557E7593E1A
Publisher          : Investservis JSC
Size               : 179720
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\anonymizergadget\agservice.exe


SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 27.12.2016 09:58:44
Path starting: C:\Users\Dan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Dan
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Professional Lang: English(0409)
Installation date OS: 23.09.2016 08:17:13
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [30.9 Gb] Free: [434.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.244
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.50.1.0.6186
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Itibiti RTC v.0.0.1 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Dan (administrator) on 27-12-2016 at 10:37:19
Running from "C:\Users\Dan\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: HP Compaq 6000 Pro MT PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=disabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dan-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
   Physical Address. . . . . . . . . : 1C-C1-DE-55-9E-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
   Physical Address. . . . . . . . . : 00-16-B6-58-26-C6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::990:d323:63f6:e76d%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.153(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 26, 2016 11:47:04 PM
   Lease Expires . . . . . . . . . . : Wednesday, December 28, 2016 9:30:58 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318772918
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-1F-A5-75-1C-C1-DE-55-9E-13
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.fios-router.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:806::200e
      172.217.6.238


Pinging google.cOm [172.217.6.238] with 32 bytes of data:
Reply from 172.217.6.238: bytes=32 time=12ms TTL=58
Reply from 172.217.6.238: bytes=32 time=16ms TTL=58

Ping statistics for 172.217.6.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 16ms, Average = 14ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.cOm [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=93ms TTL=54
Reply from 206.190.36.45: bytes=32 time=91ms TTL=54

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 93ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  4...1c c1 de 55 9e 13 ......Intel® 82567LM-3 Gigabit Network Connection
  2...00 16 b6 58 26 c6 ......Broadcom 802.11g Network Adapter
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.153     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.153    311
    192.168.1.153  255.255.255.255         On-link     192.168.1.153    311
    192.168.1.255  255.255.255.255         On-link     192.168.1.153    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.153    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.153    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  2    311 fe80::/64                On-link
  2    311 fe80::990:d323:63f6:e76d/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2016 09:41:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.576, time stamp: 0x584a7815
Faulting module name: eModel.dll, version: 11.0.14393.576, time stamp: 0x584a799a
Exception code: 0xc0000409
Fault offset: 0x00000000000d4b00
Faulting process id: 0x41a4
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (12/27/2016 04:56:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
Exception code: 0xc0000005
Fault offset: 0x000000000002431e
Faulting process id: 0x3630
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (12/26/2016 11:22:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAN-PC)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{a94d65c8-e7d6-4028-8093-3e8a49801a77} was terminated because it took too long to suspend.

Error: (12/26/2016 11:21:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: SkypeHost.exe, version: 11.10.145.0, time stamp: 0x584b04ab
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000008
Fault offset: 0x00000000000a9d2a
Faulting process id: 0x12c4
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (12/26/2016 11:21:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: SkypeHost.exe, version: 11.10.145.0, time stamp: 0x584b04ab
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000008
Fault offset: 0x00000000000a9d2a
Faulting process id: 0x1938
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (12/26/2016 11:21:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: SkypeHost.exe, version: 11.10.145.0, time stamp: 0x584b04ab
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000008
Fault offset: 0x00000000000a9d2a
Faulting process id: 0xeb0
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service isesrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary isedrv.

System Error:
The system cannot find the file specified.
.

Error: (12/26/2016 10:36:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAN-PC)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{6c8bea52-279b-4ce3-a3a9-deffcce9eb5f} was terminated because it took too long to suspend.


System errors:
=============
Error: (12/27/2016 09:41:00 AM) (Source: DCOM) (User: DAN-PC)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}Dan-PCDanS-1-5-21-759815106-3257416256-1666093895-1000LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

Error: (12/27/2016 03:34:50 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:29:40 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:24:30 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:19:20 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:14:09 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:08:59 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 03:03:49 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 02:58:39 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.

Error: (12/27/2016 02:53:29 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.153.
The computer with the IP address 192.168.1.166 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (12/27/2016 09:41:05 AM) (Source: Application Error)(User: )
Description: MicrosoftEdge.exe11.0.14393.576584a7815eModel.dll11.0.14393.576584a799ac000040900000000000d4b0041a401d2604f38e9fed0C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll2e7021f4-cb75-407a-a260-cafa46e0f6e3Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweMicrosoftEdge

Error: (12/27/2016 04:56:50 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.14913.100257d1070ddevinv.dll10.0.14913.100257d10950c0000005000000000002431e363001d26023cd100ea9C:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\system32\devinv.dllf5d47dad-f670-4692-960c-1247514c9aa0

Error: (12/26/2016 11:22:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAN-PC)
Description: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{a94d65c8-e7d6-4028-8093-3e8a49801a77}

Error: (12/26/2016 11:21:08 PM) (Source: Application Error)(User: )
Description: SkypeHost.exe11.10.145.0584b04abntdll.dll10.0.14393.4795825887fc000000800000000000a9d2a12c401d25ff8a59e8bd2C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exeC:\WINDOWS\SYSTEM32\ntdll.dllc11f1cdf-9749-4f06-bd59-cee33e587742Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5cppleae38af2e007f4358a809ac99a64a67c1

Error: (12/26/2016 11:21:07 PM) (Source: Application Error)(User: )
Description: SkypeHost.exe11.10.145.0584b04abntdll.dll10.0.14393.4795825887fc000000800000000000a9d2a193801d25ff8a51d34a9C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2b2e1b15-9d5f-4ae3-ae82-f94747b4d2eeMicrosoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5cppleae38af2e007f4358a809ac99a64a67c1

Error: (12/26/2016 11:21:06 PM) (Source: Application Error)(User: )
Description: SkypeHost.exe11.10.145.0584b04abntdll.dll10.0.14393.4795825887fc000000800000000000a9d2aeb001d25ff876dd8fadC:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll38a25916-6ffa-4725-b922-974324cd79ccMicrosoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5cppleae38af2e007f4358a809ac99a64a67c1

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service isesrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/26/2016 11:16:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary isedrv.

System Error:
The system cannot find the file specified.

Error: (12/26/2016 10:36:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAN-PC)
Description: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{6c8bea52-279b-4ce3-a3a9-deffcce9eb5f}


CodeIntegrity Errors:
===================================
  Date: 2016-12-26 22:02:39.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-26 22:00:47.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2016-12-26 21:58:56.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2016-12-26 21:58:56.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.

  Date: 2016-12-26 21:57:12.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-26 21:54:40.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2016-12-26 21:54:40.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.


=========================== Installed Programs ============================

Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Skype Web Plugin (HKLM-x32\...\{70257DA6-C358-4634-B15D-C42C3B564149}) (Version: 7.28.0.46 - Skype Technologies S.A.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.244 - Zemana Ltd.)

========================= Devices: ================================

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F13\4&60DD4BF&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 3991.24 MB
Available physical RAM: 784.87 MB
Total Virtual: 8087.24 MB
Available Virtual: 4656.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.22 GB) (Free:434.31 GB) NTFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

========================= Users: ========================================

User accounts for \\DAN-PC

Administrator            Dan                      DefaultAccount           
Guest                    


**** End of log ****


Again, you're awesome.  Thank you for helping.



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 27 December 2016 - 03:15 PM

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



#6 Legend Dan

Legend Dan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 27 December 2016 - 05:59 PM

I downloaded and installed 9-lab, but I can't find where the option to update it is.  Without updating, it tells me there's no database.  How do I update 9-lab?



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 27 December 2016 - 08:11 PM

Download it install it reboot then click on the pic below.

 

 

 

YfdaAxI.png



#8 Legend Dan

Legend Dan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 27 December 2016 - 11:33 PM

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 151.45748

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.14393.0
Dan :: DAN-PC

12/27/2016 10:58:28 PM
9lab-log-2016-12-27 (22-58-28).txt

Scan type: Full
Objects scanned: 38909
Time Elapsed: 11 m 34 s

Registry Keys detected: 2
Adware.RPL.Downloader.dd [HKEY_CLASSES_ROOT\Installer\Features\4E30E037E0535E84D9E3349209D354D4]
Adware.RPL.DNSKeep.vl [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]


Files detected: 5
[03F6BEBC28F04BEBAFC90435F796E27D] Malware.MPL.Heur.se [c:\users\dan\appdata\local\cautions.exe]
[2238415466EA09ADC11052B8A6A08CE0] Trojan.Win32.Gen.vb [C:\Users\Dan\AppData\Local\Temp\EB44ZLH4XP\asasa.exe]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Dan\AppData\Local\Temp\nsl8D71.tmp]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Dan\AppData\Local\Temp\nsn1D66.tmp]
[34456A183A789932EDC25EC35E816E40] Adware.Win32.InstallCore.vl!n [C:\Users\Dan\AppData\Local\Temp\X71GQ7IHT\X71GQ7IHT.exe]

 

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\IM
 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 27 December 2016 - 11:43 PM

How is your machine running now?



#10 Legend Dan

Legend Dan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 28 December 2016 - 11:34 AM

Well, I've mostly been asleep since I posted the logs, but this morning I didn't notice any strange advertisements or abc processes running in the background, so I'm gonna call it good.  Thank you!  I'm sorry that one stupid four second download caused hours of work.  You are awesome and appreciated.



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 28 December 2016 - 07:46 PM

Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

Another thing to consider is that you are on windows 8. There is always some sort of inbound or outbound connection going on with all of the Telemetry.

I suggest that you run one of the following tools.

O&O Shut Up.
Destroy Windows Spying.

Both of these tools will add items to your hosts file, which can increase ping so I would suggest you disable the DNS Client Service.
 

  1. Open Control Panel
  2. Double click Administrative Tools
  3. Double click Services
  4. Select the DNS Client Service from the list and right click on it
  5. Select Stop
  6. Right click Properties
  7. In Startup type select Disable
  8. Click OK
  9. Reboot system

 

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt


Edited by InadequateInfirmity, 29 December 2016 - 04:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users