Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was in a Youtube Chat with some hackers, then some strange things happened


  • Please log in to reply
34 replies to this topic

#1 throwaway1333

throwaway1333

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 June 2017 - 10:58 PM

So i was watching a live google hangout on Youtube and there was a couple of guys threatening to dox someone in the chat, saying they had his ip and how they're programmers and were going to mess this guys life up. I stupidly opened my mouth and told them to chill and leave the guy alone.They told me they were going to get me next, i got kind of nervous so I just got out of there.

 

Didn't think much of it until about an hour later i lost internet and when I tried to open a page it said "Err_Network_Changed" which I'd never seen before.

I restarted my router and computer and my internet came back, but then the same thing happened about 10 minutes later, so I restarted everything and it was working again.

 

Then, a few hours later a bluescreen came up saying something about having to dump memory and restarted my computer. 

 

I ran MSE,MalwareBytes,and SuperAntiSpyware, didn't find anything, but when I ran HitmanPro it found a suspicious driver called MpKslee298fb4.sys and was located in

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates{872D8F88-AD65-452C-8B6C-3CA67A3FF671}

It also says : Scoring (47.0) The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit

 

I used HitmanPro to delete the file, but it's come back twice now. This happened a couple of days ago and since then I've had the bluescreen restart my computer on two seperate occasions..

 

So, could this all just be a series of coincidences, or am I infected? Could they really hack me just from my youtube page? I didn't click any links or anything...

 

Thanks!


Edited by throwaway1333, 14 June 2017 - 11:00 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 14 June 2017 - 11:38 PM

It's likely to be coincidence. It's highly unlikely that they could detect your ip address over an encrypted chat room.

 

Let's run a few scans and see if we can't turn anything up.

 

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware V3

  • The application will open automatically after installation, please be patient
  • If all your affected drives are not connected to the machine please close the application, attach them, then restart the application.
  • Click Scan in the left column
  • Click Custom Scan in the middle of the page
  • then Configure Scan at the bottom of the page

                    2qxvv3l.jpg

  • Check the Scan for Rootkits box
  • Check the checkboxes on all of your drives in the right hand column
  • Click Scan
  • When the scan has completed click Save and save the log to a text file on your desktop
  • Click Quarantine.
  • You will be prompted to restart to remove the threats. When your machine is back up please open the log you saved.
  • Copy and paste the results into your reply

 

 

51a5f31352b88-icon_MBAR.png  Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

acucz8_th.jpgPlease download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

aak3k9.jpg

Click Go and note the saved Result.txt on your desktop, to copy into your reply

 

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

 

 

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

 

 

Please copy and paste the logs into your reply.

 

TsVk!


Edited by TsVk!, 14 June 2017 - 11:40 PM.


#3 throwaway1333

throwaway1333
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 15 June 2017 - 07:10 PM

Thanks for the quick reply!

 

These are the results:

 

Malware Bytes Custom Scan:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/14/17
Scan Time: 10:53 PM
Logfile: mbytes.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2155
License: Premium
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ht-HP\Ht
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 279922
Time Elapsed: 7 hr, 5 min, 57 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
---------
 
 
MalwareBytes AntiRoot(MBAR):
 
I couldn't find the log for this, but the scan didn't turn up anything suspicious that I saw.
-------------
 
MiniToolBox:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ht (administrator) on 15-06-2017 at 15:01:11
Running from "C:\Users\Ht\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP G62 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1                   keystone.mwbsys.com
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
-----
 
SecurityCheck:
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 26.0.0.126  
 Google Chrome (58.0.3029.110) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
-------
 
FarBar(FSS):
 

 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
Cheers!


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 15 June 2017 - 08:07 PM

Looking at this line from your hosts.

 

127.0.0.1                   keystone.mwbsys.com

 

This is commonly associated with a crack or P2P version of Malwarebytes. If this is the case in your situation please remove this and any other cracked software before continuing.

 

Next...

 

2hrmr9e.jpg  Please download rKill to your desktop.

  • Right click the file Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • Please copy and paste the log that appears in your reply

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

 

 

iokzrb.jpg  Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

 

 

acucz8_th.jpgPlease run MiniToolBox again.

Checkmark the following checkboxes:

  • List Winsock
  • List last 10 events
  • List installed programs

Click Go and note the saved Result.txt on your desktop, to copy into your reply

 

 

Please include the logs in your reply

 

John


Edited by TsVk!, 15 June 2017 - 09:08 PM.


#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 16 June 2017 - 12:09 AM

So the OP has posted this same issue on multiple sites...

 

It is common courtesy (and in many sites, forum rules) that cross-posting is not allowed.

 

At the very least, each site should be informed what other sites have been posted to.

 

Keeps everyone from wasting their time.

 

Mod Edit:  Same topic posted at Malwarebytes.com and Techspot.com websites - Hamluis.


Edited by hamluis, 16 June 2017 - 03:41 AM.


#6 throwaway1333

throwaway1333
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 June 2017 - 07:23 AM

crap didnt know that was against the rules... so I'm not allowed to ask any more questions then?



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 16 June 2017 - 07:26 AM

Work with me mate. We'll either sort your problem or escalate it for deeper analysis.



#8 throwaway1333

throwaway1333
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 June 2017 - 01:59 PM

Sorry for the late reply, TsV

 

Here are the results

 

RKill:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/15/2017 08:45:46 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/15/2017 08:58:56 PM
Execution time: 0 hours(s), 13 minute(s), and 10 seconds(s)
-----------
 
JRT:
 
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Ht (Administrator) on Thu 06/15/2017 at 21:06:47.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\Users\Ht\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NIOKQQD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUM18HLC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4Y5QMJG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9QEBC8B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U1GRZC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC1XKL8H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQGJ5C09 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSNN01GB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NIOKQQD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUM18HLC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4Y5QMJG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9QEBC8B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U1GRZC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC1XKL8H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQGJ5C09 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSNN01GB (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/15/2017 at 21:13:15.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------
 
SOPHOS:
 
No Results Found, no log
 
------
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ht (administrator) on 16-06-2017 at 11:56:32
Running from "C:\Users\Ht\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP G62 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/16/2017 11:50:22 AM) (Source: ESENT) (User: )
Description: taskhost (1772) WebCacheLocal: Database recovery/restore failed with unexpected error -501.
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT) (User: )
Description: taskhost (1772) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT) (User: )
Description: taskhost (1772) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT) (User: )
Description: taskhost (1772) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Database recovery/restore failed with unexpected error -501.
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 46 (0x0000002E). This logfile has been damaged and is unusable.
 
Error: (06/16/2017 10:50:15 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Database recovery/restore failed with unexpected error -551.
 
Error: (06/16/2017 10:50:15 AM) (Source: ESENT) (User: )
Description: DllHost (4064) WebCacheLocal: Database recovery failed with error -551 because it encountered references to a database, 'C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
 
System errors:
=============
Error: (06/15/2017 05:18:02 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 117.2.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/14/2017 04:26:50 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80059cb010, 0xfffff88003d29e94, 0xffffffffc0000001, 0x0000000000000003)C:\Windows\MEMORY.DMP
 
Error: (06/14/2017 04:26:50 PM) (Source: BugCheck) (User: )
Description: 
 
Error: (06/14/2017 04:26:49 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:55:29 PM on ‎6/‎14/‎2017 was unexpected.
 
Error: (06/14/2017 03:40:52 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80026cd4e0, 0xfffff88003d11e94, 0xffffffffc0000001, 0x0000000000000003)C:\Windows\MEMORY.DMP061417-29608-01
 
Error: (06/14/2017 03:40:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:39:31 PM on ‎6/‎14/‎2017 was unexpected.
 
Error: (06/14/2017 09:04:52 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:02:49 AM on ‎6/‎14/‎2017 was unexpected.
 
Error: (06/13/2017 08:09:30 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0 = The operation completed successfully.
.
 
Error: (06/13/2017 08:08:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (06/13/2017 08:08:03 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:06:18 PM on ‎6/‎13/‎2017 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (06/16/2017 11:50:22 AM) (Source: ESENT)(User: )
Description: taskhost1772WebCacheLocal: -501
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT)(User: )
Description: taskhost1772WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT)(User: )
Description: taskhost1772WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 11:50:22 AM) (Source: ESENT)(User: )
Description: taskhost1772WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: -501
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 10:50:16 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\V01.logEND46 (0x0000002E)
 
Error: (06/16/2017 10:50:15 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: -551
 
Error: (06/16/2017 10:50:15 AM) (Source: ESENT)(User: )
Description: DllHost4064WebCacheLocal: -551C:\Users\Ht\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
 
 
=========================== Installed Programs ============================
 
4500_G510gm_Help (HKLM-x32\...\{DF0B357C-5874-47D0-81E7-79AA890B0CE0}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (HKLM-x32\...\{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (HKLM-x32\...\{28379381-B56A-43e1-B505-3098D82B1C30}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (HKLM-x32\...\{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}) (Version: 2010.0617.855.14122 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT087342) (Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Jewel Quest 3 (HKLM-x32\...\WT087373) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
LOOT version 0.10.3 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.10.3 - LOOT Team)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3023 - CyberLink Corp.) Hidden
RogueKiller version 12.11.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.0.0 - Adlice Software)
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT087513) (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden
 
**** End of log ****
 

Edited by throwaway1333, 16 June 2017 - 02:09 PM.


#9 throwaway1333

throwaway1333
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 17 June 2017 - 05:46 PM

bump



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 17 June 2017 - 06:48 PM

Hi,

 

Thanks for your patience. I lead a family and do not always respond quickly on weekends.

 

There's an issue with your webcache.dat. We're better off disabling it, as it completely unneeded, rather than resetting it.

 

Open Task Scheduler from Administrative Tools, navigate to Microsoft > Windows > Wininet. find "CacheTask" This should be the only task listed there.

Stop and disable the task. Reboot your system.

 

Please backup your registry now, we are going to make a system change.

 

Open REGEDIT as admin, search for

{3EB3C877-1F16-487C-9050-104DBCD66683}

The fix we can implement is to delete that key. But by default, it is owned by TrustedInstaller and Administrators has only Read access to it. So right-click on the Guid-named folder, select Permissions. Click on “Advanced”, then the “Change” link on top across from the “Owner” label (see below screenshot, ignore the GUID).

change_security.png

Enter “Administrators” (the group), click “Check Names” and then OK. Now close the permissions property boxes and re-open them by right-clicking again on the Guid-named folder and then Permissions. This time, click on the “Administrators” group entry on the top list, check ON the “Allow” check box against “Full Control” from the permissions in the bottom list. Click OK. Single-click on the Guid-named folder and simply delete it. If you are prompted, answer yes/OK. Reboot your system to ensure the task is gone.

 

We detected a little junkware also, lets see if there's any left

 

iyeji0.jpg  Please download Adware Removal Tool to your desktop

  • Right click and "Run as Administrator".

  • Click Yes at the prompt and then Agree to the terms

  • Click Scan and wait for it to complete

  • Click OK and then Clean

  • Keep clicking OK at the various prompts.

  • When you get to the last screen don't click finish, but rather Save this result

  • Save to a text file, open the file and copy and paste the contents into your reply

  • Click Finish

 

 

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"

  • Click on the Scan button.

  • Once the scan has completed if there are threats found you will see [color=red]Found 3 threats[/red] or something similar above the progress bar

  • Click each tab under Results and uncheck any items you want to keep

  • After the scan has finished, click Clean and ok the reboot

  • When complete, your machine will restart and a log file will appear

  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

How did you go disabling the job and removing the reg key?

 

Please copy and paste the logs in your reply.

 

John


Edited by TsVk!, 17 June 2017 - 06:49 PM.


#11 throwaway1333

throwaway1333
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 18 June 2017 - 01:41 AM

Sorry,that was stupid I shouldn't have bumped so soon... this has just been stressing me out for the past few days and it's all i can think about, gotten two more blue screens since yesterday :(

I got a little confused on your instructions because my screen is different from yours.; I'm not seeing any "change" option. This is what my screen looks like:10px955.png

 

I'm using windows 7 if that makes a difference.

 

Also I'm a little confused with the question "how did i go disabling the job and edited the reg key"? Sorry i'm very slow, please bear with me :P


Edited by throwaway1333, 18 June 2017 - 01:48 AM.


#12 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 18 June 2017 - 01:49 AM

Sorry,that was stupid I shouldn't have bumped so soon... this has just been stressing me out for the past few days and it's all i can think about 

I got a little confused on your instructions because my screen is different from yours.; I'm not seeing any "change" option. This is what my screen looks like:

http://imgur.com/a/chw0c

 

I'm using windows 7 if that makes a difference.

 

Also I'm a little confused with the question "how did i go disabling the job and edited the reg key"? Sorry i'm very slow, please bear with me :P

 

You won't see that screen in Windows 7.

 

I would suggest downloading and running the free Registry Backup too from Tweaking.com (and hosted here on BleepingComputer's downloads section).

 

Much easier to use, and allows you to restore from a backup as well.

 

Select the "portable version" green download button. It does not need to be "installed". Just unzip the file in a folder of your choice and run it before making any changes to the registry.


Edited by jwoods301, 18 June 2017 - 01:52 AM.


#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 18 June 2017 - 02:17 AM

Excuse me jwoods. Please go and assist someone else who is not being helped. By all means if I am advising something that is blatantly incorrect or dangerous please speak up, but your way of skinning cats is not relevant in this thread.

----------------------

 

throwaway1333,

 

Apologies that the instructions are not 100% clear. When I get to my machines tomorrow I will provide you a screenshot and instructions that's OS specific for you. I need to check my instructions before posting.

 

You can run the Adware Removal tool and ADW Cleaner in the meanwhile, if you like.

 

TsVk!



#14 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 18 June 2017 - 02:42 AM

Excuse me jwoods. Please go and assist someone else who is not being helped. By all means if I am advising something that is blatantly incorrect or dangerous please speak up, but your way of skinning cats is not relevant in this thread.

----------------------

 

throwaway1333,

 

Apologies that the instructions are not 100% clear. When I get to my machines tomorrow I will provide you a screenshot and instructions that's OS specific for you. I need to check my instructions before posting.

 

You can run the Adware Removal tool and ADW Cleaner in the meanwhile, if you like.

 

TsVk!

 

No need to get snotty.

 

This is not the malware logs forum.

 

When there are alternatives that are easier for the OP, they should be aware of them.

 

Learn to target your help to the level of understanding of the OP.

 

BTW, much easier way to fix v01.log issues without hacking the registry.

 

Do some research.


Edited by jwoods301, 18 June 2017 - 02:45 AM.


#15 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:28 AM

Posted 18 June 2017 - 02:53 AM

Clicking file and save in regedit is not difficult. Adding unnecessary applications to machines is considered foolish in many circles.

 

Addressing the issue now is easy, the fix is there in post #10. To permanently disable the issue requires a registry fix.

 

Thank you for your ongoing concern. Please stop derailing this thread.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users