Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got browser problems, please help.


  • Please log in to reply
8 replies to this topic

#1 xmyriadx

xmyriadx

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 23 December 2017 - 04:10 AM

My browser is moving up and down and the mouse is moving itself.  Please help me clean this computer.  Thanks for your help!



BC AdBot (Login to Remove)

 


#2 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2017 - 02:09 AM

Please help soon.. Get me started soon.  I'm not making any progress on my own.  Thank You!



#3 Havachat

Havachat

  • Members
  • 1,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:08:50 PM

Posted 24 December 2017 - 06:01 AM

Download Malwarebytes Free , run a Scan and delete what it Finds https://www.malwarebytes.com/

Run a Onetime Scan with Eset Online Scanner and Delete what it Finds https://www.eset.com/au/home/online-scanner/

Run JRT and delete what it finds https://www.bleepingcomputer.com/download/junkware-removal-tool/

 

Reset all your Browsers to there Default Settings.

Run CCleaner-  Free Version and Uncheck any Addons on Install https://www.piriform.com/ccleaner

Then only run the Clean Function / Analyze and Remove.

Reboot and see what happens.

 

Otherwise being the Xmas Spirit Time , everyone is Preoccupied with the Festivities.

Someone will guide you through the process of Scans and Posting some Logs and then assist you further,


Edited by Havachat, 24 December 2017 - 06:07 AM.


#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:50 PM

Posted 26 December 2017 - 01:00 PM

Hello xmyriadx,

 

 

Apologies for not getting to your question faster.

 

We generally look for Topics with no replies as this indicates to us that nobody is helping you.

As you had several replies you appear to have been overlooked. It's generally best if you want to add

to your initial post that you edit it as it doesn't reflect a reply.

 

I note (and thank Havachat) has given you some advice.

 

Are you still in need of assistance?

 

 

Cheers,

 

 

 

Kilt   :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 28 December 2017 - 08:07 AM

Yes, I tried what was suggested.  Unfortunately the virus is still being a bug.  Please help, I really appreciate it thank you!



#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:50 PM

Posted 28 December 2017 - 08:33 AM

Alrght then,

 

 

We'll take a look under the "hood."

 

 

 

 

 

Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!

 

 

Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software available on the Web.

(It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.)

 

 

Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!

 

 

 

Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!

 

 

 

**Read All Notes Under Individual Instructions BEFORE Running the Tools.**

 

You might find it useful to print these instructions for reference.

 

 

 

 

 

 

Let's be fairly thorough.....

 

​Please ensure you read my note about my own maintenance at the bottom of the page.

 

 

 

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

Then.......

 

 

Please download Security Check (by screen317) from HERE & save it to your Desktop.

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

 

Then.......

 

 

 

Download Farbar Service Scanner onto your Desktop (FSS)  HERE

 

 

Please Ensure the following Options are Selected:

  • RpcSs and PlugPlay <= (May be greyed out.)
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

(Please Don't Click the "Search Files" or "Export Service Buttons")

  • Click the Scan button to start scanning.
  • (FSS may take a short while to complete.)
  • When the Scan is Complete, a Report should Pop-Up in Notepad.
  • Please Copy and Paste the Contents into your Next Reply.

*(The Tool will create a log file called FSS.txt in the Folder the Tool is Run from.

That log will be saved. If there are any problems with the Pop-Up one, Copy from FSS.txt.)

 

 

​Then......

 

 

Download MiniToolBox(By FARBAR) to your Desktop:  HERE

 

Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)

 

Select the following Check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings (Make sure IE is closed first please.)
  • Report FF Proxy Settings
  • Reset FF Proxy Settings (Make sure Firefox is closed first please.)
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

 

Click the "Go" Button.

 

  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)

 

 

 

 

Then....

 

 

Now I'd like you to download the JRT (Junkware Removal Tool):  HERE

Save it to your Desktop so it's handy.

 

  • Right click on the JRT.exe Icon and select "Run as Administrator."
  • A black box will open and ask you if you want to continue. Do so. (Hit Enter I believe.)
  • The tool will do some work. Just be patient please.
  • When it's finished, a report should pop up in Notepad.
  • Please copy and paste the contents of the report into your Reply.

 

Ignore any warnings about the tool containing viruses etc.

 

 

 

Then......

 

 

Download AdwCleaner(from Xplode.

(If you had to Reboot after Running the prior tool

re-run RKill - That was Step ​1

 

From here: AdwCleaner.exe

 

 

Save to your Desktop so you can easily locate it.

 

  • Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
  • Right Click AdwCleaner.exe & Select "Run As Administrator"
  • Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
  • In Options under DeleteSelect Tracing Keys(Usually pre-selected,) and, under RESET select all Options on the Right Hand Side.
  • Do Not select any other Options with Square Boxes.
  • There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
  • Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
  • AdwCleaner will Start to Update the Database if required. This may take a little while.
  • The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
  • Next you should receive a Popup Notification advising of the Scan Result.
  • Select any Items AdwCleaner may have found for DeletionorDeselect anything you may wish to keep.
  • Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
  • NextClick Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
  • Once the computer has rebooted,second Log should appear. Please Paste into your Reply as well.

 

  • If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.

 

The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.

 

 

 

Then......

 

 

I know you have already run this scan. I would like you to run it in combination

with RKill please.

 

Download and run the ESET Free Online Virus Scanner from:  HERE

​(If you had to restart for any reason between running RKill and this step,

​Please re-run Rkill.)

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • ​Try to save the log after cleaning.
  • Click Back, then Finish to exit ESET Online Scanner.
  • Do NOT delete the ESET scanner at this stage please.

Please re-enable your antivirus when the scan is complete.

 

Let me know if you encounter any problems.

 

 

After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File to your desktop.
  • Post the Log File contents in your Reply, assuming there was one.
  • Close down any other open programs.
  • Reboot.

 

​I'll look over your log file(s.)

 

Log back in to your thread for further instructions please.

 

We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post: HERE

 

** Please Note: I may be slightly longer than 48 hours as I need to conduct maintenance on my own computer.

    If you need help during this time please contact an Admin. There is a list at the bottom of the page. Show 

    them this message please! That is also the reason this list is longer than usual.  Thank you.

 

I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......

 

 

 

Cheers,

 

 

 

Kilt   :thumbup2: 

 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 29 December 2017 - 06:55 AM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/29/2017 01:34:08 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\mfc40u.dll : 953,856 : 09/17/2010 10:53 PM : 289283d6cea099207609398c13c2c1d0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953,856 : 09/17/2010 11:18 PM : 842900dedbc8e3e8dbcccb298fd88f65 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll : 927,504 : 04/14/2008 04:00 AM : cddd4416b2b4c7295fe3fdb6dde57e4e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/17/2010 10:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/29/2017 01:34:36 AM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)



Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 28.0.0.126
Adobe Reader XI
Mozilla Firefox (52.5.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 27-01-2016
Ran by John (administrator) on 29-12-2017 at 01:39:33
Running from "C:\Documents and Settings\John\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E0000000D0000000A000000090000000C0000000B000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar Version: 17-06-2016
Ran by John (administrator) on 29-12-2017 at 01:41:21
Running from "C:\Documents and Settings\John\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: DG31PR Manufacturer: INTEL
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : John-Computer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : att.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : att.net

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-1C-C0-76-35-3A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.73

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Thursday, December 28, 2017 11:58:28 PM

Lease Expires . . . . . . . . . . : Friday, December 29, 2017 11:58:28 PM

Server: dsldevice.att.net
Address: 192.168.1.254

Name: google.com
Address: 216.58.216.46



Pinging google.com [216.58.219.46] with 32 bytes of data:



Reply from 216.58.219.46: bytes=32 time=21ms TTL=53

Reply from 216.58.219.46: bytes=32 time=20ms TTL=53



Ping statistics for 216.58.219.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 21ms, Average = 20ms

Server: dsldevice.att.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 206.190.39.42, 98.138.252.38, 98.139.180.180



Pinging yahoo.com [98.138.252.38] with 32 bytes of data:



Reply from 98.138.252.38: bytes=32 time=90ms TTL=45

Reply from 98.138.252.38: bytes=32 time=90ms TTL=45



Ping statistics for 98.138.252.38:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 90ms, Average = 90ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c c0 76 35 3a ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.73 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.73 192.168.1.73 20
192.168.1.0 255.255.255.0 192.168.1.73 192.168.1.73 20
192.168.1.73 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.73 192.168.1.73 20
224.0.0.0 240.0.0.0 192.168.1.73 192.168.1.73 20
255.255.255.255 255.255.255.255 192.168.1.73 192.168.1.73 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/28/2017 04:04:21 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 52.5.2.6549, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/25/2017 07:10:25 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 52.0.1.6284, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/25/2017 01:25:31 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 49.0.2.6136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/25/2017 01:24:06 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 49.0.2.6136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/16/2017 05:27:13 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/16/2017 05:27:13 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/15/2017 05:16:43 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/15/2017 05:16:43 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/17/2017 04:18:11 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 49.0.2.6136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/23/2017 01:36:47 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, faulting module mozglue.dll, version 49.0.2.6136, fault address 0x0000e83e.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (12/29/2017 01:34:24 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:34:22 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:34:20 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:34:17 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:34:15 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:31:53 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:31:50 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:31:48 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:31:45 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (12/29/2017 01:31:43 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (12/28/2017 04:04:21 AM) (Source: Application Hang)(User: )
Description: firefox.exe52.5.2.6549hungapp0.0.0.000000000

Error: (12/25/2017 07:10:25 AM) (Source: Application Hang)(User: )
Description: firefox.exe52.0.1.6284hungapp0.0.0.000000000

Error: (12/25/2017 01:25:31 AM) (Source: Application Hang)(User: )
Description: firefox.exe49.0.2.6136hungapp0.0.0.000000000

Error: (12/25/2017 01:24:06 AM) (Source: Application Hang)(User: )
Description: firefox.exe49.0.2.6136hungapp0.0.0.000000000

Error: (12/16/2017 05:27:13 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/16/2017 05:27:13 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/15/2017 05:16:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/15/2017 05:16:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/17/2017 04:18:11 PM) (Source: Application Hang)(User: )
Description: firefox.exe49.0.2.6136hungapp0.0.0.000000000

Error: (10/23/2017 01:36:47 PM) (Source: Application Error)(User: )
Description: plugin-container.exe49.0.2.6136mozglue.dll49.0.2.61360000e83e


=========================== Installed Programs ============================

Adobe Bridge 1.0 (HKLM\...\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}) (Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (HKLM\...\{8EDBA74D-0686-4C99-BFDD-F894678E5102}) (Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (HKLM\...\{8FFC924C-ED06-44CB-8867-3CA778ECE903}) (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Premiere Pro 2.0 (HKLM\...\{FA17A726-B229-4116-B793-A2AB1A4EAE2E}) (Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro 2.0 (HKLM\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (HKLM\...\{786C5747-1437-443D-B06E-79A00FE45110}) (Version: 1.0.2 - Adobe Systems) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Data Recovery Pro (HKLM\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 2.1.1.0 - ParetoLogic, Inc.)
DataPilot (HKLM\...\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}) (Version: 6.00.0000 - Susteen) Hidden
DataPilot (HKLM\...\InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}) (Version: 6.00.0000 - Susteen)
DEXIS Platinum Sensor Files (HKLM\...\{1B50D058-3864-4E8C-A477-B570D50246F7}) (Version: 1.00.0000 - Default Company Name) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Solution (HKLM\...\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}) (Version: - )
DVDFab 9.1.6.4 (21/08/2014) (HKLM\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)
ENLTV (HKLM\...\{25B535F5-8E56-4F9E-981E-83AC2EDE7DCA}) (Version: 8.0.7 - ENLTV)
ENLTV Driver Setup (HKLM\...\{F60B8CC3-561F-47BE-B1F9-8F208617B830}) (Version: 1.00.0000 - Encore)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
InCD (HKLM\...\InCD!UninstallKey) (Version: 4.3.18.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Network Connections 13.0.44.0 (HKLM\...\{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}) (Version: 13.0.44.0 - Intel)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.111.14 - Oracle Corporation) Hidden
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 52.5.3 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x86 en-US)) (Version: 52.5.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.3.6569 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Launcher (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.11.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Susteen Launcher (HKLM\...\{99ED894F-60CF-4D71-A645-442CD041D595}) (Version: 1.00.0000 - Susteen) Hidden
Susteen Launcher (HKLM\...\InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}) (Version: 1.00.0000 - Susteen)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (HKLM\...\KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (HKLM\...\KB980182) (Version: 1 - Microsoft Corporation) Hidden
USB-IrDA Adapter (HKLM\...\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}) (Version: - )
Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Active Development Co., Ltd. (3xHybrid) MEDIA (01/28/2007 1.3.3.2) (HKLM\...\0EE3AC5002FEB7039D326B15866A23084073CB72) (Version: 01/28/2007 1.3.3.2 - Active Development Co., Ltd.)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

========================= Devices: ================================

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1022\575832314139333133363339&1
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2035.77 MB
Available physical RAM: 1402.78 MB
Total Virtual: 3928.68 MB
Available Virtual: 3500.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:99.87 GB) NTFS
3 Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:821.93 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHN-COMPUTER

Administrator ASPNET Guest
HelpAssistant John operatory 1
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

06-10-2017 22:39:12 System Checkpoint
08-10-2017 01:04:44 System Checkpoint
19-10-2017 16:00:15 System Checkpoint
20-10-2017 23:17:30 System Checkpoint
25-10-2017 10:37:08 System Checkpoint
31-10-2017 22:26:41 System Checkpoint
19-11-2017 01:55:03 System Checkpoint
21-11-2017 05:59:39 System Checkpoint
25-11-2017 11:20:58 System Checkpoint
02-12-2017 04:17:21 System Checkpoint
24-12-2017 14:17:41 JRT Pre-Junkware Removal
25-12-2017 08:42:09 JRT Pre-Junkware Removal
29-12-2017 08:42:06 System Checkpoint

**** End of log ****



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by John (Administrator) on Fri 12/29/2017 at 1:44:04.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/29/2017 at 1:45:13.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



C:\Documents and Settings\John\Desktop\Sony Vegas Pro 10.0 32 Bit.rar Win32/Keygen.HU potentially unsafe application
C:\Documents and Settings\John\My Documents\Downloads\ccsetup538(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\John\My Documents\Downloads\ccsetup538.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\John\My Documents\Downloads\rcsetup152.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

#8 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 29 December 2017 - 07:01 AM

THIS(WILL NOT WORK, SAYS WIN32 NOT VALID) --------> Download AdwCleaner(from Xplode.)

(If you had to Reboot after Running the prior tool

re-run RKill - That was Step ​1)



From here: AdwCleaner.exe

#9 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 30 December 2017 - 03:20 AM

Unfortunately I still have the virus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users