Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP showing up often


  • Please log in to reply
29 replies to this topic

#1 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 12 May 2017 - 02:37 PM

I have a PUP opening at random times but at least a few times a day.

The PUP has different links.

The PUP showed up in a new window(before any attempt to fix).

It shows in Chrome and I have not tried using other browsers.

 

At first when I noticed it I used the following software:

-

Malwarebytes AdwCleaner

Malwarebytes Anti-Malware

Malwarebytes Junkware removal tool

Emsisoft Anti-Malware

Avast(boot-time scan)

-

Before all scans I used RKill.

I can't supply any scan results but I remember a dozen detected files and registry keys that were apparently fixed.

I tried resetting Chrome's settings.

 

After all this it still shows up a few times a day but in a new tab(not new window like at first).

 

 

Untitled.png

 

Untitled2.png

 

Device/System info

 

Untitled3.png

 

I'll try to provide further info if needed



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 AM

Posted 12 May 2017 - 09:03 PM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#3 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 05:10 AM

Farbar MiniToolBox:

MiniToolBox by Farbar  Version: 17-06-2016

Ran by User (administrator) on 13-05-2017 at 05:37:40
Running from "C:\Users\User\Downloads\Programs"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: HP EliteBook 2560p Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Broadcom 43224AGN 802.11a/b/g/n 2x2 Wi-Fi Adapter = Wireless Network Connection (Connected)
WeOnlyDo Network Adapter 2.5 = WeOnlyDo (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)
Windscribe VPN = Local Area Connection 3 (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="WeOnlyDo" forwarding=disabled advertise=disabled mtu=1200 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Windscribe VPN
   Physical Address. . . . . . . . . : 00-FF-9E-5B-79-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-D8-EC-FA-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 #2
   Physical Address. . . . . . . . . : 00-FF-9A-2B-0B-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-29-F1-4B-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AC-81-12-A8-67-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 43224AGN 802.11a/b/g/n 2x2 Wi-Fi Adapter
   Physical Address. . . . . . . . . : AC-81-12-A8-67-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd88:e3ab:f860:9400:3925:db2d:adb1:c23a(Preferred) 
   Temporary IPv6 Address. . . . . . : fd88:e3ab:f860:9400:dd02:25f8:b152:cd0c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3925:db2d:adb1:c23a%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 13, 2017 5:28:18 AM
   Lease Expires . . . . . . . . . . : Sunday, May 14, 2017 5:28:18 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 5.199.142.178
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : A0-B3-CC-25-1F-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 40-2C-F4-EE-07-C3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{D8ECFA39-C656-47A6-A63C-01976C71D62E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Reusable ISATAP Interface {D9F662FA-7576-4FA0-A4D5-92C45AF047E3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{B87CC82A-C933-4433-AEB5-303319E05B4D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{29F14BCD-4ECA-487F-9A78-2905A8CF9806}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{210D8BBC-BF81-4F2E-9C38-BAA91043E333}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{F4E0E09E-4C33-4727-9779-207B7B8461B7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #11
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9E5B7933-E23A-4A16-A09A-B548B36E6D5B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #12
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9A2B0B14-585D-4DCF-BBFE-887496B09E0F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #13
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  5.199.142.178
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging google.com [213.158.189.216] with 32 bytes of data:
Reply from 213.158.189.216: bytes=32 time=20ms TTL=60
Reply from 213.158.189.216: bytes=32 time=19ms TTL=60
 
Ping statistics for 213.158.189.216:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 20ms, Average = 19ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  5.199.142.178
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=180ms TTL=50
Reply from 98.138.253.109: bytes=32 time=180ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 180ms, Maximum = 180ms, Average = 180ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 25...00 ff 9e 5b 79 33 ......Windscribe VPN
 22...00 ff d8 ec fa 39 ......TeamViewer VPN Adapter
 21...00 ff 9a 2b 0b 14 ......TAP-Windows Adapter V9 #2
 18...00 ff 29 f1 4b cd ......Anchorfree HSS VPN Adapter
 16...ac 81 12 a8 67 13 ......Microsoft Virtual WiFi Miniport Adapter
 14...ac 81 12 a8 67 13 ......Broadcom 43224AGN 802.11a/b/g/n 2x2 Wi-Fi Adapter
 13...a0 b3 cc 25 1f a9 ......Intel® 82579LM Gigabit Network Connection
 12...40 2c f4 ee 07 c3 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 72...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
 73...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #12
 79...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    286
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14     38 fd88:e3ab:f860:9400::/64 On-link
 14    286 fd88:e3ab:f860:9400:3925:db2d:adb1:c23a/128
                                    On-link
 14    286 fd88:e3ab:f860:9400:dd02:25f8:b152:cd0c/128
                                    On-link
 14    286 fe80::/64                On-link
 14    286 fe80::3925:db2d:adb1:c23a/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/12/2017 05:34:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2017 02:27:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2017 12:09:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2017 01:56:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2017 10:45:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2017 08:17:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/11/2017 08:17:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/11/2017 07:36:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2017 07:02:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2017 05:04:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/13/2017 05:28:04 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/13/2017 05:27:25 AM) (Source: SCardSvr) (User: )
Description: The I/O operation has been aborted because of either a thread exit or an application request.Generic EMV Smartcard Reader 0GET_STATEXX XX XX XX
 
Error: (05/12/2017 10:55:46 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/12/2017 10:53:14 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/12/2017 10:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/12/2017 10:52:50 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/12/2017 10:41:50 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}User-PCGuestS-1-5-21-126985369-209226206-3696806243-501LocalHost (Using LRPC)
 
Error: (05/12/2017 10:40:50 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}User-PCGuestS-1-5-21-126985369-209226206-3696806243-501LocalHost (Using LRPC)
 
Error: (05/12/2017 10:40:50 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}User-PCGuestS-1-5-21-126985369-209226206-3696806243-501LocalHost (Using LRPC)
 
Error: (05/12/2017 10:40:50 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}User-PCGuestS-1-5-21-126985369-209226206-3696806243-501LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2017-05-12 21:54:01.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 21:40:27.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 21:36:14.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 21:31:45.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 21:26:17.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 21:21:21.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 19:42:18.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 19:42:07.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 19:37:19.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-12 19:31:39.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden
ACDSee 9 Photo Manager (HKLM-x32\...\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}) (Version: 9.0.108 - ACD Systems Ltd.)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
AkelPad 4.9.8 (HKLM-x32\...\AkelPad) (Version: 4.9.8 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2260 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.1.1192 - Bandicam.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.12 - BleachBit)
Concise Oxford English Dictionary (Eleventh Edition) (HKLM-x32\...\Concise Oxford English Dictionary (Eleventh Edition)) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
doPDF 6.1  printer (HKLM\...\doPDF 6  printer_is1) (Version:  - Softland)
f.lux (HKCU\...\Flux) (Version:  - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 1.0.1 (HKLM-x32\...\HandBrake) (Version: 1.0.1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
Hotspot Shield 4.18.3 (HKLM-x32\...\HotspotShield) (Version: 4.18.3 - AnchorFree Inc.)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.2 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Mega Codec Pack 11.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LIMBO (gog-1) (HKLM-x32\...\1724299977_is1) (Version: 0.1.0.236 - GOG.com)
Longman Dictionary of Contemporary English 5th Edition (HKLM-x32\...\NSIS_ldoce5) (Version:  - )
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.2 (x64 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Nero 8 (HKLM-x32\...\{BE282C23-5484-47FF-B2C1-EBEA5C893711}) (Version: 8.3.31 - Nero AG)
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKCU\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (64-bit) (HKLM\...\{2364A926-B4AC-4EA5-9838-BE88C2930E38}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit debug) (HKLM\...\{98C60219-4FCA-400C-B400-C53DB3F194D1}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit symbols) (HKLM\...\{67BF2471-0F83-41E4-ACA1-0797DC48294C}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit debug) (HKLM\...\{1FF93F16-1CEE-4802-8A1E-28493F99FFCC}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit debug) (HKLM\...\{EE8FBACF-942B-4F41-81C0-9D5195351E66}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit symbols) (HKLM\...\{F934477A-37FA-411C-8C71-2582AF3E81DF}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit debug) (HKLM\...\{9FCA3460-7CD9-423B-8BF2-6A351C7BFA52}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit symbols) (HKLM\...\{DE36E963-77E3-437D-9095-6054E899D6DB}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit debug) (HKLM\...\{8D469172-588F-42A6-B2F9-22F5830827F4}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit symbols) (HKLM\...\{ACDC8E49-1E4B-4157-8787-7870F90F1BD9}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit debug) (HKLM\...\{80129D3E-D986-4C7C-A535-EDE8FDA3D5E6}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit symbols) (HKLM\...\{B819E2C2-30FE-4899-9084-EFD7563D719E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version:  - IDM)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{12FA7D28-CF8C-498B-BC4A-E654B44546EF}) (Version: 18.0.0.113 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{9F3B20DF-76F2-47F4-9372-F0F56485A58D}) (Version: 18.0.0.121 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e1f55556-ee3b-4059-961f-390ab7191c03}) (Version: 18.0.0.113 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.0 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reservoir Dogs (HKLM-x32\...\{8D2AC4F2-0BBA-4A94-A866-8B54263FAE87}) (Version: 1.00.0000 - Eidos)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.98 (HKLM-x32\...\SafeZone 1.48.2066.98) (Version: 1.48.2066.98 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Subtitle Edit 3.5.2 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.5.2.0 - Nikse)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.18a - IDRIX)
Video Downloader (HKLM-x32\...\{E60AFF01-6087-47BD-8272-61FA3CFC309D}) (Version: 1.0.0 - RealNetworks) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
War Thunder Launcher 1.0.3.13 (HKCU\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windscribe version 1.70 build 4 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZenVPN (HKLM-x32\...\ZenVPN) (Version:  - )
 
========================= Devices: ================================
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&01AC\8&73BB0BB&0&2C5A055F95E3_C00000001
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00010046_PID&0802\8&73BB0BB&0&14D11FDC32F9_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&2DA6F446&0&0301
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&01AC\8&73BB0BB&0&2C5A055F95E3_C00000001
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{0000110F-0000-1000-8000-00805F9B34FB}_VID&00010046_PID&0802\8&73BB0BB&0&14D11FDC32F9_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Device ID: ROOT\IMAGE\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Device ID: ROOT\NET\0001
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010046_PID&0802\8&73BB0BB&0&14D11FDC32F9_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 50%
Total physical RAM: 4006.36 MB
Available physical RAM: 1982.07 MB
Total Virtual: 8010.91 MB
Available Virtual: 5595.34 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:82.3 GB) (Free:10.07 GB) NTFS
2 Drive d: () (Fixed) (Total:150.49 GB) (Free:5.44 GB) NTFS
5 Drive o: () (Fixed) (Total:139.99 GB) (Free:22.36 GB) exFAT
 
========================= Users: ========================================
 
User accounts for \\USER-PC
 
Administrator            Guest                    User                     
 
========================= Restore Points ==================================
 
12-05-2017 21:12:47 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
 
**** End of log ****
 


#4 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 05:11 AM

SecurityCheck:

 Results of screen317's Security Check version 1.014 --- 12/23/15  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.185  
 Adobe Reader XI  
 Mozilla Firefox (49.0.1) 
 Google Chrome (58.0.3029.96) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 
 


#5 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 05:13 AM

MalwareBytes Anti-Malware:

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 5/13/17
Scan Time: 5:52 AM
Log File: MB3.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1928
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376703
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 20 min, 58 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 6
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, Quarantined, [2579], [359410],1.0.1928
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, Quarantined, [2579], [359410],1.0.1928
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_ar.newtabtv.com_0.localstorage, Quarantined, [2579], [359416],1.0.1928
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_ar.newtabtv.com_0.localstorage-journal, Quarantined, [2579], [359416],1.0.1928
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, Quarantined, [2579], [359416],1.0.1928
PUP.Optional.NewTabTV, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage-journal, Quarantined, [2579], [359416],1.0.1928
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 05:15 AM

ESET Online Scanner:

C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/FusionCore.I potentially unwanted application

 


#7 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 05:16 AM

Rkill:

Rkill 2.8.4 by Lawrence Abrams (Grinler)

Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/13/2017 08:00:10 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\IoctlSvc.exe (PID: 2584) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/13/2017 08:00:54 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)
 


#8 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 AM

Posted 13 May 2017 - 08:53 AM

Looking at the MiniToolBox log I noticed that µTorrent and Freemake Video Converter/downloader were installed. 

Please do not use µTorrent while we are scanning your computer, as it may be the cause of this infection and possibly more infections.

Uninstall Freemake immediately, as it is a known browser hijacker/PUP, which may be causing your problem. Make sure you check the options to uninstall every trace of Freemake.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#9 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 09:55 AM

I have uninstalled Freemake Video Converter with Revo Uninstaller.

Yet I doubt that is the cause, for I had it since a very long time without problems.



#10 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 AM

Posted 13 May 2017 - 09:57 AM

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#11 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 10:37 AM

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64 
Ran by User (Administrator) on Sat 05/13/2017 at 17:28:46.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1J8YN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Y8KB2N2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY0HMJV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW4YC802 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1J8YN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Y8KB2N2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY0HMJV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW4YC802 (Temporary Internet Files Folder) 
 
Deleted the following from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwmq251p.default\prefs.js
user_pref(extensions.clipconverter@clipconverter.cc.sdk.baseURI, resource://clipconverter-at-clipconverter-dot-cc/);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.domain, clipconverter-at-clipconverter-dot-cc);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.load.reason, startup);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.rootURI, jar:file:///C:/Users/User/AppData/Roaming/Mozilla/Firefox/Profiles/dwmq251p.default/extensions/clipconverte
user_pref(extensions.clipconverter@clipconverter.cc.sdk.version, 1.5.2);
user_pref(extensions.xpiState, {\app-profile\:{\clipconverter@clipconverter.cc\:{\d\:\C:\\\\Users\\\\User\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/13/2017 at 17:31:42.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#12 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 10:38 AM

AdwCleaner:(scanning)

# AdwCleaner v6.046 - Logfile created 13/05/2017 at 17:20:29
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_6.046.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4044 Bytes] - [11/05/2017 07:51:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1292 Bytes] - [11/05/2017 22:42:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [3759 Bytes] - [11/05/2017 07:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1303 Bytes] - [11/05/2017 07:58:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [1417 Bytes] - [11/05/2017 22:39:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [1525 Bytes] - [13/05/2017 17:20:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1598 Bytes] ##########

 

 


#13 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 13 May 2017 - 10:39 AM

AdwCleaner:(Cleaning)

# AdwCleaner v6.046 - Logfile created 13/05/2017 at 17:21:56

# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4044 Bytes] - [11/05/2017 07:51:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1292 Bytes] - [11/05/2017 22:42:55]
C:\AdwCleaner\AdwCleaner[C3].txt - [1134 Bytes] - [13/05/2017 17:21:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [3759 Bytes] - [11/05/2017 07:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1303 Bytes] - [11/05/2017 07:58:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [1417 Bytes] - [11/05/2017 22:39:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [1677 Bytes] - [13/05/2017 17:20:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1499 Bytes] ##########
 


#14 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 AM

Posted 13 May 2017 - 11:25 AM

Any improvement?

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the file and click OK to the self-extracting popup prompt.

  2. Click Next, then click Update to upgrade MBAR to the newest version of malware definitions.

  3. Once the update has been completed click Next, then Scan.

  4. If rootkits were detected, click all the check boxes for each item and select Cleanup. Restart the PC

  5. Open the MBAR folder on your desktop and paste both these logs into a post:

    mbar-log-{date} (xx-xx-xx).txt system-log.txt
     

     

 

 

 

 

 

 

Download Temp File Cleaner and save it to your desktop.

 

  1. Double-click on TFC.exe to launch the program.

  2. Click on Scan to start the cleaning process.

  3. TFC may ask you to restart the computer.

 

 

Download Sophos Virus Removal Tool and save it to your desktop.

 

  1. Double-click on the EXE file you downloaded to launch the Installation Wizard.

  2. Follow the Install Wizard prompts to install Sophos.

  3. Once all the virus definitions are done updating, click Start Scanning.

  4. If no threats are found, just close the program. If threats are found, click Details, the View Log File.

  5. Copy and paste the logfile into your reply. Close the threat details screen and then select Start Cleanup.

  6. Click Exit to quit the program.


Edited by iMacg3, 13 May 2017 - 11:25 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#15 DarUrjakar_Jahkrhan

DarUrjakar_Jahkrhan
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 AM

Posted 14 May 2017 - 11:45 PM

Malwarebytes Anti-Rookit:

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2017.05.14.05
  rootkit: v2017.04.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]
 
5/15/2017 4:22:53 AM
mbar-log-2017-05-15 (04-22-53).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 315608
Time elapsed: 26 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users