Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 paling

paling

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 20 September 2014 - 06:01 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Administrator at 2014-09-21 01:00:25
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Uw bedrijfsnaam) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0417.2226.38446 - Uw bedrijfsnaam) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KMSpico v9.2.2 RC (HKLM\...\KMSpico_is1) (Version: 9.2.2 RC - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NARUTO SHIPPUDEN ULTIMATE NINJA STORM REVOLUTION (HKLM-x32\...\NARUTO SHIPPUDEN ULTIMATE NINJA STORM REVOLUTION_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Settings (HKLM-x32\...\{5243DD98-BB0E-4D60-A7F9-8D69948B5BC7}) (Version: 1.00.0000 - Hunter Win8 Settings)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SmarterPower (HKLM\...\SmarterPower) (Version: 2014.09.20.121843 - SmarterPower) <==== ATTENTION
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-09-2014 15:09:43 Microsoft Visual C++ 2005 Redistributable is geïnstalleerd
13-09-2014 15:10:05 DirectX is geïnstalleerd.
14-09-2014 22:14:53 DirectX is geïnstalleerd.
16-09-2014 16:01:36 DirectX is geïnstalleerd.
20-09-2014 21:44:34 Controlepunt van HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-10-21 01:49 - 00001085 ____A C:\Windows\system32\Drivers\etc\hosts
178.73.210.219 thepiratebay.se
178.73.210.219 www.thepiratebay.se
178.73.210.219 thepiratebay.org
178.73.210.219 www.piratebay.org
178.73.210.219 piratebay.se
178.73.210.219 www.piratebay.se
178.73.210.219 piratebay.org
178.73.210.219 www.piratebay.org
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E2CAD87-FA17-4644-8788-2256F077828A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29515EC1-4C60-4A31-9C80-F927E656FDC0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {815A01D7-C473-4D37-8B5F-2513BF12C823} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-09] (AVAST Software)
Task: {966AB97A-95F9-4937-86EF-D71FBBA2BACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BDB960A9-2DBC-4BBD-BF00-F7B868E03778} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FE919C0F-DC21-4B51-B82B-B8D8D74460A5} - System32\Tasks\AutoPico Daily Restart => E:\KMSpico\AutoPico.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-20 14:18 - 2014-09-20 19:31 - 00325368 _____ () C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe
2014-09-20 17:34 - 2014-09-20 19:30 - 00325368 _____ () C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe
2014-09-09 20:18 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-09-20 17:35 - 2014-09-19 22:59 - 00098552 _____ () C:\Program Files (x86)\SmarterPower\bin\SmarterPower.BrowserAdapter.exe
2014-09-20 17:35 - 2014-09-19 19:55 - 00349944 _____ () C:\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe
2014-09-09 21:29 - 2014-09-18 09:55 - 00606776 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-09-09 21:31 - 2014-09-09 21:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-20 19:23 - 2014-09-20 19:23 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092001\algo.dll
2014-09-09 21:29 - 2014-09-18 09:55 - 36966968 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-09 20:18 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-09-09 20:18 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-09-09 20:18 - 2013-05-07 11:16 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2014-09-09 20:18 - 2013-05-07 11:16 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2014-09-09 21:31 - 2014-09-09 21:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-09 21:29 - 2014-09-18 09:55 - 00867896 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-09-09 21:29 - 2014-09-18 09:55 - 00886840 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-09-09 21:29 - 2014-09-18 09:55 - 00108600 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\libegl.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-09 21:24 - 2014-09-04 05:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-2721866289-871974508-1848092291-500\Software\Classes\.exe:  =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 01:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1812) SRUJet: Fout -1811 (0xfffff8ed) is opgetreden tijdens het openen van logboekbestand C:\Windows\system32\SRU\SRU0005A.log.
 
Error: (09/21/2014 00:58:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: FRST64.exe, versie: 12.9.2014.0, tijdstempel: 0x541330eb
Naam van module met fout: FRST64.exe, versie: 12.9.2014.0, tijdstempel: 0x541330eb
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000024a00
Id van proces met fout: 0xf20
Starttijd van toepassing met fout: 0xFRST64.exe0
Pad naar toepassing met fout: FRST64.exe1
Pad naar module met fout: FRST64.exe2
Rapport-id: FRST64.exe3
Volledige pakketnaam met fout: FRST64.exe4
Relatieve toepassings-id van pakket met fout: FRST64.exe5
 
Error: (09/20/2014 07:04:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN8PC)
Description: Het activeren van de app winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store is mislukt door de fout -2144927149. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
Error: (09/20/2014 05:37:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (09/20/2014 05:35:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (09/20/2014 05:28:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (09/18/2014 10:24:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (09/16/2014 11:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN8PC)
Description: Het activeren van de app Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing is mislukt door de fout -2144927149. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
Error: (09/16/2014 11:30:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (09/16/2014 11:15:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
 
System errors:
=============
Error: (09/21/2014 00:47:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Service KMSELDI-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (09/21/2014 00:47:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AODDriver4.3-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (09/21/2014 00:47:39 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff801544b322f)C:\Windows\MEMORY.DMP092114-6146-01
 
Error: (09/21/2014 00:47:33 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/21/2014 00:20:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AODDriver4.3-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (09/21/2014 00:20:50 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/21/2014 00:16:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Update service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (09/21/2014 00:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AODDriver4.3-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (09/21/2014 00:11:09 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/20/2014 11:58:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Service KMSELDI-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2014 01:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1812SRUJet: C:\Windows\system32\SRU\SRU0005A.log-1811 (0xfffff8ed)
 
Error: (09/21/2014 00:58:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe12.9.2014.0541330ebFRST64.exe12.9.2014.0541330ebc00000050000000000024a00f2001cfd526649ddba0C:\Users\Administrator\Downloads\FRST64.exeC:\Users\Administrator\Downloads\FRST64.exea3cb9e3d-4119-11e4-be95-448a5b5fb52e
 
Error: (09/20/2014 07:04:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN8PC)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store-2144927149
 
Error: (09/20/2014 05:37:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (09/20/2014 05:35:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\$Recycle.Bin\S-1-5-21-2721866289-871974508-1848092291-500\$RZS57T4.exe
 
Error: (09/20/2014 05:28:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\Administrator\Downloads\SoftonicDownloader_voor_ds3-tool.exe
 
Error: (09/18/2014 10:24:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\Administrator\Downloads\SoftonicDownloader_voor_ds3-tool.exe
 
Error: (09/16/2014 11:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN8PC)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927149
 
Error: (09/16/2014 11:30:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\Administrator\Downloads\SoftonicDownloader_voor_ds3-tool.exe
 
Error: (09/16/2014 11:15:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\Administrator\Downloads\SoftonicDownloader_voor_ds3-tool.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 8190.17 MB
Available physical RAM: 6186.72 MB
Total Pagefile: 16382.17 MB
Available Pagefile: 13901.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.45 GB) (Free:55.79 GB) NTFS
Drive d: (ANWB_CD_AM) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive e: (NieuwVolume) (Fixed) (Total:465.76 GB) (Free:439.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 41CB68F8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: AA2A8174)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 21 September 2014 - 12:15 PM

Hello paling and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Not the  FRST.txt

 

Please send the FRST.txt filesLog.

 

-------------------------------------------

 

Are you still with us?

 

Sincerely  :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 23 September 2014 - 02:01 PM

Hello

 

3 Day Inactivity

  • This is the third day since my last post.
  • Are you still there? If you need more time, just let me know.
  • If you do not post within 48 hours, this thread will be closed due to inactivity.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 25 September 2014 - 01:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users