Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Websites Opening, Slow Performance


  • Please log in to reply
14 replies to this topic

#1 jtphenom

jtphenom

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 22 August 2017 - 08:02 PM

Hi Friends,

 

All of a sudden we have new browser windows opening and going to random websites.. mostly game sites, it appears. And everything is really slow. I'm using Firefox, but looked in Task Manager and 8 instances of Chrome were running. We haven't used Chrome lately...

 

I ran JRT, RKill, and MBAM already. I have the logs to post when you're ready.

Please assist. Thanks a million! :D



BC AdBot (Login to Remove)

 


#2 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 22 August 2017 - 08:04 PM

Oh.. and ads by "Candyblitz" are popping up in the lower-right corner of my screen.

UGH I don't know how many times I've told my 8 yo to NOT look up games on Google and go to random websites.



#3 RenneBeth

RenneBeth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2017 - 11:43 AM

.


Edited by RenneBeth, 24 August 2017 - 12:18 PM.


#4 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2017 - 11:52 AM

Renne please start your own thread.

Edited by jtphenom, 24 August 2017 - 11:53 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 PM

Posted 24 August 2017 - 03:29 PM

Hello. Ok post those logs and run these..

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2017 - 04:16 PM

OK here are initial logs. I will work on running those other scans. Thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by James (Administrator) on Tue 08/22/2017 at 19:59:42.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp (Folder)
Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mabloidgodmbnmnhoenmhlcjkfelomgp (Folder)
Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mabloidgodmbnmnhoenmhlcjkfelomgp_0.localstorage-journal (File)
Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mabloidgodmbnmnhoenmhlcjkfelomgp_0.localstorage (File)
Successfully deleted: C:\Users\James\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9Q72ABB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0X5G4Z2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8FMYBDM (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9Q72ABB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0X5G4Z2 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8FMYBDM (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0011191503318156mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/22/2017 at 20:03:38.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Already cleaned up the host entries found in this scan.

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/22/2017 08:42:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com

Program finished at: 08/22/2017 08:43:13 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
 



#7 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2017 - 04:18 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/22/2017
Scan Time: 8:46 PM
Logfile: 082217MBAM_LOG.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.08.22.09
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351574
Time Elapsed: 8 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.EasyHotSpot, HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASAPI32, Quarantined, [f0711878e7c2b4826e9508cc20e22fd1],
PUP.Optional.EasyHotSpot, HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASMANCS, Quarantined, [74edccc45e4b9e9837cc993b857d738d],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}, Quarantined, [90d1b6daccdd83b3bc788607c939e719],
PUP.Optional.IDSCProduct, HKU\S-1-5-21-1050946089-644464010-3888211241-1001\SOFTWARE\MICROSOFT\IDSC, Quarantined, [520f761acedb7bbbf3c202d045bd5ba5],

Registry Values: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}|AppName, Coupon Companion Plugin-bg.exe, Quarantined, [90d1b6daccdd83b3bc788607c939e719]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}|AppPath, C:\Program Files (x86)\Coupon Companion Plugin, Quarantined, [8fd2563abceddb5b0b9c318fb05242be]
PUP.Optional.IDSCProduct, HKU\S-1-5-21-1050946089-644464010-3888211241-1001\SOFTWARE\MICROSOFT\IDSC|partner, 2sqrmedia, Quarantined, [520f761acedb7bbbf3c202d045bd5ba5]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.MindSpark, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_easydocmerge.dl.myway.com_0.localstorage, Quarantined, [dc85830d7435d0664974e9ad0bf7ba46],
PUP.Optional.MindSpark, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_easydocmerge.dl.myway.com_0.localstorage-journal, Quarantined, [e77aeea22c7d56e0625ba6f0bf43a55b],

Physical Sectors: 0
(No malicious items detected)


(end)



#8 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2017 - 06:17 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by James (administrator) on 24-08-2017 at 17:22:16
Running from "C:\Users\James\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: PIQY0 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
TeamViewer VPN Adapter = Local Area Connection 3 (Media disconnected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=? subinterface=ethernet_6 mtu=1477
set subinterface interface=? subinterface=ethernet_10 mtu=1477
set subinterface interface=? subinterface=ethernet_14 mtu=1477
set subinterface interface=? subinterface=ethernet_11 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : James-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-CE-62-C9-7B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 74-E5-0B-CC-D1-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 74-E5-0B-CC-D1-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 74-E5-0B-CC-D1-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c4e6:419:c26d:3f92%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 22, 2017 8:56:42 PM
   Lease Expires . . . . . . . . . . : Friday, August 25, 2017 8:56:55 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 376759563
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-36-13-D1-DC-0E-A1-FA-AE-F0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-FA-AE-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7C45BCB8-B34F-4775-8287-B1FC753B5F7E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:802::200e
      172.217.7.238


Pinging google.com [172.217.7.238] with 32 bytes of data:
Reply from 172.217.7.238: bytes=32 time=234ms TTL=54
Reply from 172.217.7.238: bytes=32 time=16ms TTL=54

Ping statistics for 172.217.7.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 234ms, Average = 125ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.138.253.109
      98.139.180.149
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=108ms TTL=52
Reply from 98.138.253.109: bytes=32 time=59ms TTL=52

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 59ms, Maximum = 108ms, Average = 83ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...00 ff ce 62 c9 7b ......TeamViewer VPN Adapter
 17...74 e5 0b cc d1 95 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...74 e5 0b cc d1 95 ......Microsoft Virtual WiFi Miniport Adapter
 15...74 e5 0b cc d1 94 ......Intel® WiFi Link 1000 BGN
 13...dc 0e a1 fa ae f0 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15    281 fe80::/64                On-link
 15    281 fe80::c4e6:419:c26d:3f92/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2017 02:52:52 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/23/2017 07:58:43 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (08/23/2017 12:44:20 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (08/22/2017 11:58:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/22/2017 08:56:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (08/22/2017 08:00:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x5040
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/22/2017 07:26:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x35e4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (08/22/2017 08:59:41 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.


Error: (08/22/2017 08:59:41 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330 = Logon failure: the specified account password has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/22/2017 08:00:00 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/21/2017 08:20:13 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.


Error: (08/21/2017 08:20:13 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330 = Logon failure: the specified account password has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/21/2017 08:16:39 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:14:44 AM on ‎8/‎21/‎2017 was unexpected.

Error: (08/21/2017 06:06:17 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/21/2017 05:22:17 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/21/2017 04:55:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/21/2017 03:53:58 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


Microsoft Office Sessions:
=========================
Error: (08/24/2017 02:52:52 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/23/2017 07:58:43 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (08/23/2017 12:44:20 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (08/22/2017 11:58:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/22/2017 08:56:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path name43900

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path name25900

Error: (08/22/2017 08:56:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path name17900

Error: (08/22/2017 08:00:12 PM) (Source: Application Error)(User: )
Description: plugin-container.exe54.0.1.63885953d640xul.dll54.0.1.63885953d62e80000003008a6bcb504001d31ba1ffcda83aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll083aa02a-8796-11e7-84fb-dc0ea1faaef0

Error: (08/22/2017 07:26:53 PM) (Source: Application Error)(User: )
Description: plugin-container.exe54.0.1.63885953d640xul.dll54.0.1.63885953d62e80000003008a6bcb35e401d31b96c96ef04eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll60edfd6f-8791-11e7-84fb-dc0ea1faaef0


CodeIntegrity Errors:
===================================
  Date: 2017-08-24 17:15:26.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:15:25.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:07.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:06.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:06.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:06.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:03.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 17:05:03.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 12:33:37.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-24 12:33:37.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.3.3 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2300 - Broadcom Corporation)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
f.lux (HKCU\...\Flux) (Version:  - f.lux Software LLC)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
HP Officejet 5740 series Basic Device Software (HKLM\...\{7FAA9D15-FF0B-4593-8D4A-0B941FD1977A}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
King's Quest Collection™ (HKLM-x32\...\{29BB5153-133B-4C82-AF51-BF303F2BFD63}) (Version: 1.00.0000 - Sierra)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo R.I.C. (Robust Intelligent Companion) (HKLM\...\Lenovo R.I.C. (Robust Intelligent Companion)) (Version: 1.0.10.1220 - Lenovo)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Macrium Reflect Free Edition (HKLM\...\{64B08ABE-B34D-472B-85EA-12E9C87AAEE1}) (Version: 5.0.4432 - Paramount Software (UK) Ltd.)
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 16.0.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Plex Media Server (HKLM-x32\...\{463146d9-558d-4fb6-b24b-f3ea40a1246b}) (Version: 1.1.3.2700 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{8E47A816-155F-49AB-B550-F9228684379A}) (Version: 1.1.2700 - Plex, Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6339 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
ROBLOX Player for James (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shutterfly Express Uploader (HKLM-x32\...\{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}) (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0200 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2628B9D9-1B0F-4625-A3E2-B9717CEDEC94}) (Version: 1.1.2700 - Plex, Inc.) Hidden
Strongvault Online Backup (HKLM-x32\...\{5E33D30D-D896-4D92-B033-5F45819B2937}) (Version: 5.0.2.34 - Strongvault Online Backup) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.31.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Avanset)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wizard101 (HKCU\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8135.86 MB
Available physical RAM: 5749.99 MB
Total Virtual: 16269.9 MB
Available Virtual: 13846.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:213.31 GB) (Free:16.46 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25.06 GB) (Free:21.77 GB) NTFS

========================= Users: ========================================

User accounts for \\JAMES-PC

Administrator            Guest                    James                    
Kathy                    UpdatusUser              


**** End of log ****
 


# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 24 21:27:45 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-22-2017.4
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
PUP.Adware.Heuristic, C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1050946089-644464010-3888211241-1001\Software\Cr_Installer
PUP.Optional.Legacy, [Key] - HKCU\Software\Cr_Installer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


C:\Users\James\Desktop\Hirens.BootCD.15.2.zip    multiple threats,Win32/PSWTool.KonBoot.A potentially unsafe application,a variant of Win32/Adware.SpeedingUpMyPC.AM application    
C:\Users\James\Documents\Hirens.BootCD.15.2.zip    multiple threats,Win32/PSWTool.KonBoot.A potentially unsafe application,a variant of Win32/Adware.SpeedingUpMyPC.AM application    
C:\Users\James\Documents\medicat.4.23.2016.iso    a variant of Win32/AdapterWatch.A potentially unsafe application,a variant of Win32/BrowsingHistoryView.A potentially unsafe application,a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application,a variant of Win32/PSWTool.ChromePass.A potentially unsafe application,a variant of Win32/PSWTool.Dialupass.F potentially unsafe application,a variant of Win32/PSWTool.IEPassView.NAE potentially unsafe application,Win32/PSWTool.LsaSecretsDump.A potentially unsafe application,Win32/PSWTool.LsasView potentially unsafe application,a variant of Win32/PSWTool.MailPassView.E potentially unsafe application,a variant of Win32/MPass.A potentially unsafe application,a variant of Win32/NetPass.AA potentially unsafe application,Win32/PSWTool.OperaPassView potentially unsafe application,a variant of Win32/OutlookAddressBookView.A potentially unsafe application,a variant of Win32/PSWTool.PassFox.D potentially unsafe application,a variant of Win32/PSWTool.WebBrowserPassView.C potentially unsafe application,a variant of Win32/PSWTool.PCAnyPass.A potentially unsafe application,a variant of Win32/PSWTool.ProductKey potentially unsafe application,a variant of Win32/PSWTool.PstPassword.A potentially unsafe application,a variant of Win32/PSWTool.RDPassView.NAC potentially unsafe application,a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application,a variant of Win32/SkypeContactsView.A potentially unsafe application,a variant of Win32/SkypeLogView.A potentially unsafe application,a variant of Win32/Sniffer.SniffPass.B potentially unsafe application,a variant of Win32/Sniffer.SniffPass.A potentially unsafe application,a variant of Win32/PSWTool.VNCPassView.A potentially unsafe application,a variant of Win32/PSWTool.WebBrowserPassView.B potentially unsafe application,a variant of Win32/WirelessKeyView.A potentially unsafe application,a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application,a variant of Win64/NetPass.B potentially unsafe application,a variant of Win64/WirelessKeyView.B potentially unsafe application,Win32/WirelessKeyView.A potentially unsafe application    
C:\Users\James\Documents\trinity-rescue-kit.3.4-build-372.iso    Win32/PSKill.NAA potentially unsafe application    
C:\Users\James\Documents\Hirens.BootCD.15.2\Hiren's.BootCD.15.2.iso    multiple threats,Win32/PSWTool.KonBoot.A potentially unsafe application,a variant of Win32/Adware.SpeedingUpMyPC.AM application    
C:\Users\James\Downloads\FalconFour's Ultimate Boot CD v4.6\F4UBCD-4.6.iso    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 PM

Posted 25 August 2017 - 01:12 PM

OK .. You did clean the Hosts...and what MBAM foun, now remove what ADWCleaner found...

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

    Then run ESET


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 25 August 2017 - 04:21 PM

OK thanks. Stinks you have to run a full Adw scan again in order to clean what was found at first.



#11 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 25 August 2017 - 04:29 PM

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 21:22:56 2017
# Updated on 2017/05/08 by Malware# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 21:22:56 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1050946089-644464010-3888211241-1001\Software\Cr_Installer
Deleted: [Key] - HKCU\Software\Cr_Installer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2017/8/24 21:27:45]
C:/AdwCleaner/AdwCleaner[S1].txt - [1268 B] - [2017/8/25 21:22:2]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########bytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1050946089-644464010-3888211241-1001\Software\Cr_Installer
Deleted: [Key] - HKCU\Software\Cr_Installer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2017/8/24 21:27:45]
C:/AdwCleaner/AdwCleaner[S1].txt - [1268 B] - [2017/8/25 21:22:2]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#12 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 25 August 2017 - 06:42 PM

ESET just found my Hirens files that I've had for a long time and have never done any harm that I could see. Anyway, problem remains. Here's the log.

 

C:\Users\James\Desktop\Hirens.BootCD.15.2.zip    a variant of Win32/Adware.SpeedingUpMyPC.AM application    deleted
C:\Users\James\Documents\Hirens.BootCD.15.2.zip    a variant of Win32/Adware.SpeedingUpMyPC.AM application    deleted
C:\Users\James\Documents\Hirens.BootCD.15.2\Hiren's.BootCD.15.2.iso    a variant of Win32/Adware.SpeedingUpMyPC.AM application    deleted
 



#13 Hareen

Hareen

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hyderabad, India.
  • Local time:04:24 AM

Posted 25 August 2017 - 10:13 PM

I seriously suggest installing ad blockers at browser level or Install any ad blockers (I do not know of others except adGuard) at the system level.

 

Install the trial version to check the performance.

 

Eset finding threats in Hiren's CD is quite common. The issues found are not the ones that are affecting your system.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 PM

Posted 26 August 2017 - 09:40 AM

We don't want to remove things we shouldn't there.

Clear the plug ins / Add ons in your browser and see.

Firefox
How to disable extensions and plugins

Keeping your third-party plugins up to date
 
Disabling Plugins in Google Chrome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 26 August 2017 - 12:48 PM

Done. Will post back.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users