Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uploading to random websites? I think i'm being spied on


  • This topic is locked This topic is locked
31 replies to this topic

#1 Artkin

Artkin

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 08 April 2015 - 01:18 PM

Hi guys, it's been a good 6 months since i've posted here last. My last post was about being spied on also. No changes have been made since i have made my post and I still feel that my security is breached. My network works horrible after it used to work fantastic. In games i will spike from 100 ping to 1,200, hovering around 1200 hitting the same numbers back and fourth until it stops. Checking my resource monitor and TCP view it seems i have strange processes using network activity. I can vouch i've never had these problems before. Let me post pictures see what you guys think. The resource monitor shows these connections even with firefox not open.. TCP view next

 



BC AdBot (Login to Remove)

 


#2 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 08 April 2015 - 01:21 PM

http://tinypic.com/view.php?pic=2druucl&s=8

and

http://tinypic.com/r/2i6jlud/8


The system processes in TCP view open and close like mad, and i know this isnt normal I hope someone can please help me



#3 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 09 April 2015 - 11:24 PM

Nobody?? I need help here guys, please.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 09 April 2015 - 11:35 PM

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 

 

Tell me how things are, if you have any issues let us know. :)



#5 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 April 2015 - 07:29 PM

10 Apr 2015 18:16:04 [1060] - **********************************************************
10 Apr 2015 18:16:04 [1060] - MWAV - eScanAV AntiVirus Toolkit.
10 Apr 2015 18:16:04 [1060] - Copyright © MicroWorld Technologies
10 Apr 2015 18:16:04 [1060] - **********************************************************
10 Apr 2015 18:16:04 [1060] - Source: C:\Users\Foley\Downloads\mwav.exe
10 Apr 2015 18:16:04 [1060] - Version 14.0.178 (C:\USERS\FOLEY\APPDATA\LOCAL\TEMP\MEXE.COM)
10 Apr 2015 18:16:04 [1060] - Log File: C:\Users\Foley\AppData\Local\Temp\MWAV.LOG
10 Apr 2015 18:16:04 [1060] - MWAV Registered: TRUE
10 Apr 2015 18:16:04 [1060] - User Account: Foley (Administrator Mode)
10 Apr 2015 18:16:04 [1060] - OS Type: Windows Workstation [InstallType: Client]
10 Apr 2015 18:16:04 [1060] - OS: Windows 7 64-Bit [OS Install Date: 28 Sep 2014 23:16:50]
10 Apr 2015 18:16:04 [1060] - Ver: Professional Service Pack 1 (Build 7601)
10 Apr 2015 18:16:04 [1060] - System Up Time: 9 Hours, 24 Minutes, 18 Seconds


10 Apr 2015 18:16:04 [1060] - Parent Process Name : C:\Users\Foley\Downloads\mwav.exe
10 Apr 2015 18:16:04 [1060] - Windows Root  Folder: C:\Windows
10 Apr 2015 18:16:04 [1060] - Windows Sys32 Folder: C:\Windows\system32
10 Apr 2015 18:16:04 [1060] - DHCP NameServer: 192.168.1.1
10 Apr 2015 18:16:04 [1060] - Interface0 DHCPNameServer: 192.168.1.1
10 Apr 2015 18:16:04 [1060] - Local Fixed Drives: c:\,e:\
10 Apr 2015 18:16:04 [1060] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
10 Apr 2015 18:16:04 [1060] - [CREATED ZIP FILE: C:\Users\Foley\AppData\Local\Temp\pinfect.zip]
10 Apr 2015 18:16:04 [1060] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
10 Apr 2015 18:16:06 [1060] - ** Changed Value of "Path"
10 Apr 2015 18:16:06 [1060] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Foley\AppData\Local\Temp\ESCANDB.LOG]
10 Apr 2015 18:16:06 [1060] - Loaded/Created FileScan Cache Database...
10 Apr 2015 18:16:06 [1060] - Loading AV Library [DB]...
10 Apr 2015 18:16:22 [1060] - ArchiveScan: DISABLED
10 Apr 2015 18:16:22 [1060] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
10 Apr 2015 18:16:22 [1060] - MWAV doing self scanning...
10 Apr 2015 18:16:22 [1060] - MWAV files are clean.
10 Apr 2015 18:16:25 [1060] - ArchiveScan: DISABLED
10 Apr 2015 18:16:25 [1060] - Virus Database Date: 02 Mar 2015
10 Apr 2015 18:16:25 [1060] - Virus Database Count: 6701505
10 Apr 2015 18:16:25 [1060] - Sign Version: 7.59505 [518257]
10 Apr 2015 18:16:31 [1060] - Downloading AntiVirus and Anti-Spyware Databases...
10 Apr 2015 18:20:48 [1060] - Update Successful...
10 Apr 2015 18:20:52 [1060] - Indexed Spyware Databases Successfully Created...
10 Apr 2015 18:20:52 [1060] - Old Sign Version: 7.59505    New Sign Version: 7.60047
10 Apr 2015 18:21:02 [1060] - Reload of AntiVirus Signatures successfully done.
10 Apr 2015 18:21:02 [1060] - Virus Database Date: 10 Apr 2015
10 Apr 2015 18:21:02 [1060] - Virus Database Count: 5704983
10 Apr 2015 18:21:02 [1060] - Sign Version: 7.60047 [518799]
 
10 Apr 2015 18:21:19 [1060] - **********************************************************
10 Apr 2015 18:21:19 [1060] - MWAV - eScanAV AntiVirus Toolkit.
10 Apr 2015 18:21:19 [1060] - Copyright © MicroWorld Technologies
10 Apr 2015 18:21:19 [1060] -
10 Apr 2015 18:21:19 [1060] - Support: support@escanav.com
10 Apr 2015 18:21:19 [1060] - Web: http://www.escanav.com
10 Apr 2015 18:21:19 [1060] - **********************************************************
10 Apr 2015 18:21:19 [1060] - Version 14.0.178[DB] (C:\USERS\FOLEY\APPDATA\LOCAL\TEMP\MEXE.COM)
10 Apr 2015 18:21:19 [1060] - Log File: C:\Users\Foley\AppData\Local\Temp\MWAV.LOG
10 Apr 2015 18:21:19 [1060] - User Account: Foley (Administrator Mode)
10 Apr 2015 18:21:19 [1060] - Parent Process Name : C:\Users\Foley\Downloads\mwav.exe
10 Apr 2015 18:21:19 [1060] - Windows Root  Folder: C:\Windows
10 Apr 2015 18:21:19 [1060] - Windows Sys32 Folder: C:\Windows\system32
10 Apr 2015 18:21:19 [1060] - OS: Windows 7 64-Bit [OS Install Date: 28 Sep 2014 23:16:50]
10 Apr 2015 18:21:19 [1060] - Ver: Professional Service Pack 1 (Build 7601)
10 Apr 2015 18:21:19 [1060] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
10 Apr 2015 18:21:19 [18d0] - Options Selected by User:
10 Apr 2015 18:21:19 [18d0] - Memory Check: Enabled
10 Apr 2015 18:21:19 [18d0] - Registry Check: Enabled
10 Apr 2015 18:21:19 [18d0] - StartUp Folder Check: Enabled
10 Apr 2015 18:21:19 [18d0] - System Folder Check: Enabled
10 Apr 2015 18:21:19 [18d0] - Services Check: Enabled
10 Apr 2015 18:21:19 [18d0] - Scan Spyware: Enabled
10 Apr 2015 18:21:19 [18d0] - Scan Archives: Disabled
10 Apr 2015 18:21:19 [18d0] - Drive Check: Enabled
10 Apr 2015 18:21:19 [18d0] - All Drive Check :Disabled
10 Apr 2015 18:21:19 [18d0] - Drive Selected = C:\
10 Apr 2015 18:21:19 [18d0] - Folder Check: Disabled
10 Apr 2015 18:21:19 [18d0] - SCAN: All_Files [ANSI]
10 Apr 2015 18:21:19 [18d0] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
10 Apr 2015 18:21:19 [18d0] - Scanning DNS Records...
10 Apr 2015 18:21:19 [18d0] - Scanning Master Boot Record (User)...
10 Apr 2015 18:21:19 [18d0] - Scanning Logical Boot Records...
10 Apr 2015 18:21:20 [18d0] - ***** Scanning For Hidden Rootkit Processes *****
10 Apr 2015 18:21:20 [18d0] - ***** Scanning For Hidden Rootkit Services *****
 
10 Apr 2015 18:21:25 [18d0] - ***** Scanning Memory Files *****
 
10 Apr 2015 18:21:32 [18d0] - ***** Scanning Registry Files *****
10 Apr 2015 18:21:32 [18d0] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
10 Apr 2015 18:21:32 [18d0] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
10 Apr 2015 18:21:34 [18d0] - ERROR(3)!!! Invalid Entry Logitech G930 = C:\Program Files (x86)\Logitech\G930\G930.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
10 Apr 2015 18:21:34 [18d0] - ***** Scanning StartUp Folders *****
 
10 Apr 2015 18:22:48 [18d0] - ***** Scanning Service Files *****
10 Apr 2015 18:22:48 [18d0] - Scanning File C:\Windows\system32\drivers\1394ohci.sys
10 Apr 2015 18:22:48 [18d0] - ERROR(2)!!! ScanFile Fails for C:\Windows\system32\drivers\1394ohci.sys...
10 Apr 2015 18:22:50 [18d0] - ERROR(2)!!! Invalid Entry \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AsrCDDrv.
10 Apr 2015 18:23:01 [18d0] - ERROR(2)!!! Invalid Entry System32\Drivers\PCASp60.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\PCASp60.
10 Apr 2015 18:23:05 [18d0] - ERROR(2)!!! Invalid Entry System32\drivers\synth3dvsc.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\Synth3dVsc.
10 Apr 2015 18:23:06 [18d0] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
10 Apr 2015 18:23:07 [18d0] - ERROR(2)!!! Invalid Entry system32\drivers\tsusbhub.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\tsusbhub.
10 Apr 2015 18:23:07 [18d0] - ERROR(2)!!! Invalid Entry System32\drivers\rdvgkmd.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\VGPU.
 
10 Apr 2015 18:23:10 [18d0] - ***** Scanning Registry and File system for Adware/Spyware *****
10 Apr 2015 18:23:10 [18d0] - Loading Spyware Signatures from new External Database [Name: C:\Users\Foley\AppData\Local\Temp\spydb.avs, Size: 464724]...
10 Apr 2015 18:23:10 [18d0] - Indexed Spyware Databases Successfully Created...
 
10 Apr 2015 18:23:12 [18d0] - Offending Folder found: C:\Users\Foley\AppData\Local\Temp\STX-1.06(W7-QR)\WIN7\WinUpdate
10 Apr 2015 18:23:12 [18d0] - Deltree of Folder C:\Users\Foley\AppData\Local\Temp\STX-1.06(W7-QR)\WIN7\WinUpdate...
10 Apr 2015 18:23:12 [18d0] - Object "Schoeberl.e Trojan" found in File System! Action Taken: Entries Removed.

 
10 Apr 2015 18:23:18 [18d0] - ***** Scanning Registry Files *****
10 Apr 2015 18:23:18 [18d0] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
10 Apr 2015 18:23:18 [18d0] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
10 Apr 2015 18:23:18 [18d0] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
10 Apr 2015 18:23:18 [18d0] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
10 Apr 2015 18:23:18 [18d0] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
10 Apr 2015 18:23:18 [18d0] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
10 Apr 2015 18:23:18 [18d0] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
10 Apr 2015 18:23:19 [18d0] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
10 Apr 2015 18:23:19 [18d0] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
10 Apr 2015 18:23:19 [18d0] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
10 Apr 2015 18:23:19 [18d0] - ***** Scanning System32 Folders *****
 
10 Apr 2015 18:24:18 [1450] - ScanFile (C:\Users\Foley\AppData\Local\Temp\Logitech_Webcam_2.51.828.0\LWS\HelpInstaller_Release_x86.exe) took 9204 ms
 
10 Apr 2015 18:24:46 [18d0] - ***** Scanning Drive C:\ *****
10 Apr 2015 18:25:04 [1544] - ScanFile (C:\NVIDIA\DisplayDriver\344.11\Win8_WinVista_Win7_64\English\Display.Driver\nvd3dumx.dl_) took 10343 ms
10 Apr 2015 18:26:09 [1bf8] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{9E09B831-09BA-4F7E-8D21-457BCE307DD6}\nvoglv64.dl_) took 6193 ms
10 Apr 2015 18:27:13 [1bf8] - Scanning File C:\Program Files (x86)\Origin Games\Battlefield 3\Support\readme\Ctimne.txt
10 Apr 2015 18:27:38 [1958] - ScanFile (C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exe) took 6505 ms
10 Apr 2015 19:08:17 [1bf8] - ScanFile (C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe) took 41808 ms
10 Apr 2015 19:08:17 [1bf8] - Scanning of C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe Timed out!!!
10 Apr 2015 19:08:51 [1a94] - ScanFile (C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Game\Bin\TS3SP01.ex_) took 7581 ms
10 Apr 2015 19:08:56 [1450] - ScanFile (C:\Program Files (x86)\Skype\Phone\Skype.exe) took 5319 ms
10 Apr 2015 19:14:14 [1100] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\Dta\languagecore.pbo) took 6100 ms
10 Apr 2015 19:14:50 [070c] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe) took 8486 ms
10 Apr 2015 19:45:47 [1100] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad\mow_assault_squad.exe) took 5241 ms
10 Apr 2015 19:46:12 [136c] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2.exe) took 7629 ms
10 Apr 2015 19:46:15 [1bf8] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2_ed.exe) took 10483 ms
10 Apr 2015 19:53:57 [1958] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe) took 5210 ms
10 Apr 2015 19:54:15 [1958] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Autumn_wet_map\nearHF.raw) took 16739 ms
10 Apr 2015 19:54:16 [070c] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Spring_map\nearHF.raw) took 17971 ms
10 Apr 2015 19:54:17 [136c] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Spring_wet_map\nearHF.raw) took 18501 ms
10 Apr 2015 19:54:19 [1100] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Winter_map\nearHF.raw) took 18876 ms
10 Apr 2015 19:54:19 [1544] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Autumn_map\nearHF.raw) took 21700 ms
10 Apr 2015 19:54:21 [1a94] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\redist\dotnetfx20.exe) took 6739 ms
10 Apr 2015 19:54:22 [1450] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\Maps\Clear_Summer_map\nearHF.raw) took 22543 ms
10 Apr 2015 19:59:42 [1450] - Scanning File C:\System Volume Information\{0bc73d72-daf9-11e4-be0b-d053a5ab2a45}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Apr 2015 19:59:42 [1958] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Apr 2015 19:59:42 [1bf8] - Scanning File C:\System Volume Information\{49d63d26-de5c-11e4-80e8-839b5d253b59}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Apr 2015 20:06:52 [1544] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\xonarstx.inf_amd64_neutral_c17fb699d61c47be\cmudaxp64.sys) took 5539 ms
10 Apr 2015 20:07:11 [1a94] - ScanFile (C:\Windows\System32\mfc100u.dll) took 5943 ms
 
10 Apr 2015 20:14:09 [18d0] - ***** Checking for specific ITW Viruses *****
 
10 Apr 2015 20:14:09 [18d0] - ***** Scanning complete. *****
 
10 Apr 2015 20:14:09 [18d0] - Total Objects Scanned: 571205
10 Apr 2015 20:14:09 [18d0] - Total Critical Objects: 1
10 Apr 2015 20:14:09 [18d0] - Total Disinfected Objects: 0
10 Apr 2015 20:14:09 [18d0] - Total Objects Renamed: 0
10 Apr 2015 20:14:09 [18d0] - Total Deleted Objects: 1
10 Apr 2015 20:14:09 [18d0] - Total Errors: 11
10 Apr 2015 20:14:09 [18d0] - Time Elapsed: 01:09:28
10 Apr 2015 20:14:09 [18d0] - Virus Database Date: 10 Apr 2015
10 Apr 2015 20:14:09 [18d0] - Virus Database Count: 5704983
10 Apr 2015 20:14:09 [18d0] - Sign Version: 7.60047 [518799]
 
10 Apr 2015 20:14:09 [18d0] - Scan Completed.
 



#6 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 April 2015 - 07:43 PM

~ ZHPCleaner v2015.4.10.164 by Nicolas Coolman (10/04/2015)
~ Run by Foley (Administrator)  (10/04/2015 20:32:44)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Foley\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Foley\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (197)
MOVED file: C:\ProgramData\SecTaskMan\failed.q_Quarantine_00_q.ini   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_10743651ECAB9444B8525176ADC8F93D   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_10743651ECAB9444B8525176ADC8F93D.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_12342rg   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_12346db   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_12350vi3   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_13B3A47134C4DD3468F6379CBD88B784   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_13B3A47134C4DD3468F6379CBD88B784.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_2B0163E6D0340BE4183EB2758E9BEDD8   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_2B0163E6D0340BE4183EB2758E9BEDD8.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_365DBDEABB423EE438666A45AD2C9D88   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_365DBDEABB423EE438666A45AD2C9D88.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_46B5A9879DD95AB419A50FCFA0B1B7EF   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_46B5A9879DD95AB419A50FCFA0B1B7EF.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_472D7398182C4E24C8BD0A2BFD791998   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_472D7398182C4E24C8BD0A2BFD791998.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4920FD12D9B61474BAF62BBABF2D83E7   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4920FD12D9B61474BAF62BBABF2D83E7.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4ADCFCAE6823BED4298D350026933F74   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4ADCFCAE6823BED4298D350026933F74.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4E020FCD7CF4EEA47AE18B5014E6201F   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4E020FCD7CF4EEA47AE18B5014E6201F.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF230120717FF   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF230120717FF.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_591761FF4EE90C64C87DBF3A54E788BA   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_591761FF4EE90C64C87DBF3A54E788BA.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5D6775DE4B957B64FA18F5D2497D6C04   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5D6775DE4B957B64FA18F5D2497D6C04.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5ECDC744555FB924FB6A46C2C3D686F4   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5ECDC744555FB924FB6A46C2C3D686F4.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5FE249168DC24D7468C9E2A9B80B581F   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_5FE249168DC24D7468C9E2A9B80B581F.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6013214C586B6E849BDB4E9F1148E14B   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6013214C586B6E849BDB4E9F1148E14B.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_66C587142F09EC04C85BC149FB9C2708   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_66C587142F09EC04C85BC149FB9C2708.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008120111403   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008120111403.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_68AB67CA7DA73301B744BA0000000010   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_68AB67CA7DA73301B744BA0000000010.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_70DA7C156F3C5364E8A83231608D01EF   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_70DA7C156F3C5364E8A83231608D01EF.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_711E928B270DAE14696089623AD8431C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_711E928B270DAE14696089623AD8431C.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_75DEC8D2BDCC68D40978B3CBEAF8F822   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_75DEC8D2BDCC68D40978B3CBEAF8F822.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7810FB462D3FB89499AE61A39FEAE69C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7810FB462D3FB89499AE61A39FEAE69C.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7C43C21609E58D74B9C5F017D78D7262   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7C43C21609E58D74B9C5F017D78D7262.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7C9F8B73BF303523781852719CD9C700   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_7C9F8B73BF303523781852719CD9C700.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_89201680EA92B5443BD7FEEB50089276   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_89201680EA92B5443BD7FEEB50089276.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_96F071321C0420729002000010000000   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_96F071321C0420729002000010000000.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_9B80807EEF87180369853A9CBD9C7A89   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_9B80807EEF87180369853A9CBD9C7A89.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_9eab5ec6ac3d99b498a1d16c1c815acf   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_9eab5ec6ac3d99b498a1d16c1c815acf.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A565722D3300DA0498AB56A302C5CD11   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A565722D3300DA0498AB56A302C5CD11.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A59E554B408BF9345B3333B66153EA79   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A59E554B408BF9345B3333B66153EA79.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A670D4BFDFEDFAE4DA36075D3ACB62A2   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_A670D4BFDFEDFAE4DA36075D3ACB62A2.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B460BCB556F951E4ABBF66E9275EF49D   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B460BCB556F951E4ABBF66E9275EF49D.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B67AEAD9F05E27245A5910428E6255D3   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B67AEAD9F05E27245A5910428E6255D3.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B6907FD0A517332468337C1AE66D6D61   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_B6907FD0A517332468337C1AE66D6D61.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C025571B2A687A53689168CD7369889B   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C025571B2A687A53689168CD7369889B.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C0580BCA63FF8BB478C2859EFCBFA41A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C0580BCA63FF8BB478C2859EFCBFA41A.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3AEB2FCAE628F23AAB933F1E743AB79   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3AEB2FCAE628F23AAB933F1E743AB79.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3AF8C38AE4F4C6438293DEC5373836D   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3AF8C38AE4F4C6438293DEC5373836D.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3CE67F61B43E63479BF845CD8B7DEDC   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C3CE67F61B43E63479BF845CD8B7DEDC.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C87C2F32131E0AC4F8484337BF7782AB   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C87C2F32131E0AC4F8484337BF7782AB.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C97D4C1997538E84DAAF888140A2BE37   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_C97D4C1997538E84DAAF888140A2BE37.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CA69C616B4B9644458381AC0F2AD424A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CA69C616B4B9644458381AC0F2AD424A.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CBE729434D8935D489EB15D05F99F905   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CBE729434D8935D489EB15D05F99F905.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CD458457A0E28D941A1A24C6F1B94195   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CD458457A0E28D941A1A24C6F1B94195.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_D23A06E79DA76FC73187F2CBBD3BE717   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_D23A06E79DA76FC73187F2CBBD3BE717.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_DC8A59DBF9D1DA5389A1E3975220E6BB   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_DC8A59DBF9D1DA5389A1E3975220E6BB.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_E6121561DA7E0524291ABFE86D31199C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_E6121561DA7E0524291ABFE86D31199C.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_E67444E8FB115A144A7562F62DF743D4   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_E67444E8FB115A144A7562F62DF743D4.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EACB9EE39A9E5E54B9C1384A3D750EC5   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EACB9EE39A9E5E54B9C1384A3D750EC5.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EE2D4441DA7C8A4448F462434B39351D   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EE2D4441DA7C8A4448F462434B39351D.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401.dll   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_ conhost  - Access is denied - Click on Show Details for All Processes in menu View! 883D0   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_AppleMobileDeviceHelper8C36ED48   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_AppleMobileDeviceService816F2D49   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_armsvc31AC3CC1   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_AsusAudioCenter6F9A501F   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_chrome37C45954   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_distnoted7C7C5F28   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_DTLite2C986948   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_entreelist.dll [Microsoft Corporation - Advanced Windows 32 Base API] (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_enviewlist.dll [Microsoft Corporation - NT Layer DLL] (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_explorerBD8D42B   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_ezprint3225A2A9   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_failed700   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_G93014D60   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_GfExperienceService807286A1   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_HsMgr124C1003   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_HsMgr64105D4E04   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_iPodService1CADD331   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_iTunes1809E367   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_iTunesHelper2075972A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_iusb3monC327731C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_jp2ssv216A9FAA   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_jusched3E192584   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_LWEMon31B7E84A   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_LWS3ED81D6B   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_lxdncoms14FE12B1   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_lxdnmon2FE012B2   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_mdnsNSP20AADB69   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_mDNSResponder23E9D6F   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_MsMpEng3A2E5CE8   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_msseces397C506C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_NisSrv3CE69FF5   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_NvBackend47DAA0B6   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_NvNetworkService6C4DF6A9   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_nvSCPAPISvr581440CE   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_nvstreamsvc585B7BBE   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_nvtray3CB750ED   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_nvvsvc1706409E   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_nvxdsync41828DB   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_PnkBstrA160F2C59   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_RaRegistry3176BC45   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_RaRegistry6431B4EE46   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_RaUI219FFE2C   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_sidebar1F228416   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_SPReview28AF9A04   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_ssv1CD5FAF   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_TaskMan35B94581   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_vsmon3444E206   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_ZAPrivacyService4CF67811   (Adware.Yontoo)
MOVED file: C:\ProgramData\SecTaskMan\_zatray35E7188A   (Adware.Yontoo)
MOVED folder: C:\ProgramData\SecTaskMan (Adware.Yontoo)
MOVED folder: C:\Users\Foley\AppData\Local\CrashRpt\UnsentCrashReports (LOG.CrashReports)
MOVED folder: C:\Users\Foley\AppData\Local\CrashRpt (LOG.CrashReports)
MOVED file: C:\Users\Foley\AppData\Local\Temp\~nsu.tmp\Au_.exe [Bandoo Media Inc - iLivid Uninstall] (Adware.Bandoo)
MOVED file: C:\Users\Foley\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile   (Adware.Bandoo)


---\\  Registry ( Key, Value, Data) (3)
DELETED key*: HKEY_USERS\S-1-5-21-510676003-3341429976-2907470696-1000\Software\iLivid [] (Adware.Bandoo)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\iLivid.torrent [] (Adware.Bandoo)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup-r484-n-bf.exe [] (Adware.Bandoo)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 60541
~ Items found : 0
~ Items repaired : 200


End of clean at 20:40:08
===================
ZHPCleaner-[R]-10042015-20_40_08.txt
 



#7 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 April 2015 - 07:48 PM

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (37.0.1)
 Google Chrome (41.0.2272.101)
 Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZaPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#8 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 April 2015 - 07:50 PM

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Foley (administrator) on 10-04-2015 at 20:49:31
Running from "C:\Users\Foley\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

802.11n USB Wireless LAN Card = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Foley-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n USB Wireless LAN Card
   Physical Address. . . . . . . . . : 78-44-76-96-C5-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::18fb:f17a:ada4:34d1%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.31(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 10, 2015 8:42:29 PM
   Lease Expires . . . . . . . . . . : Saturday, April 11, 2015 8:42:29 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 242762870
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-BA-88-66-78-44-76-96-C5-59
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A3600E21-4D31-4080-A6A0-7273A890E631}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24d3:1555:e76d:6ba8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::24d3:1555:e76d:6ba8%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  my.router
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:80f::200e
      167.206.12.114
      167.206.12.113
      167.206.12.104
      167.206.12.84
      167.206.12.88
      167.206.12.93
      167.206.12.98
      167.206.12.103
      167.206.12.118
      167.206.12.89
      167.206.12.119
      167.206.12.123
      167.206.12.99
      167.206.12.94
      167.206.12.108
      167.206.12.109


Pinging google.com [167.206.12.109] with 32 bytes of data:
Reply from 167.206.12.109: bytes=32 time=16ms TTL=59
Reply from 167.206.12.109: bytes=32 time=11ms TTL=59

Ping statistics for 167.206.12.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 16ms, Average = 13ms
Server:  my.router
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=413ms TTL=52
Reply from 98.139.183.24: bytes=32 time=407ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 407ms, Maximum = 413ms, Average = 410ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...78 44 76 96 c5 59 ......802.11n USB Wireless LAN Card
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.31     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.31    276
     192.168.1.31  255.255.255.255         On-link      192.168.1.31    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.31    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.31    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.31    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6abd:24d3:1555:e76d:6ba8/128
                                    On-link
 10    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 10    276 fe80::18fb:f17a:ada4:34d1/128
                                    On-link
 13    306 fe80::24d3:1555:e76d:6ba8/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2015 10:31:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: acs.exe, version: 0.0.0.0, time stamp: 0x550bfcc2
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x53159a85
Exception code: 0xc0000005
Fault offset: 0x000e030c
Faulting process id: 0x568
Faulting application start time: 0xacs.exe0
Faulting application path: acs.exe1
Faulting module path: acs.exe2
Report Id: acs.exe3

Error: (04/04/2015 08:46:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: AssettoCorsa.exe, version: 0.15.316.4681, time stamp: 0x5506e3d3
Faulting module name: libcef.DLL, version: 3.2171.1979.0, time stamp: 0x54c0967c
Exception code: 0x4000001f
Fault offset: 0x0014e690
Faulting process id: 0x19d8
Faulting application start time: 0xAssettoCorsa.exe0
Faulting application path: AssettoCorsa.exe1
Faulting module path: AssettoCorsa.exe2
Report Id: AssettoCorsa.exe3

Error: (04/04/2015 07:08:38 PM) (Source: MsiInstaller) (User: Foley-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/04/2015 07:08:36 PM) (Source: MsiInstaller) (User: Foley-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/04/2015 05:44:22 PM) (Source: Application Hang) (User: )
Description: The program SndVol.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18ec

Start Time: 01d06f130e6d817c

Termination Time: 3

Application Path: C:\Windows\system32\SndVol.exe

Report Id: bef50440-db13-11e4-be0b-d053a5ab2a45

Error: (04/04/2015 05:43:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: acs.exe, version: 0.0.0.0, time stamp: 0x550bfcc2
Faulting module name: fmodstudio.dll, version: 0.1.5.13, time stamp: 0x54ec9bbc
Exception code: 0x40000015
Fault offset: 0x001afde3
Faulting process id: 0x15f4
Faulting application start time: 0xacs.exe0
Faulting application path: acs.exe1
Faulting module path: acs.exe2
Report Id: acs.exe3

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/30/2015 03:47:35 PM) (Source: Application Hang) (User: )
Description: The program arma3launcher.exe version 1.1.129.525 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1764

Start Time: 01d06b224f5b62ac

Termination Time: 5

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

Report Id: 98f3cb2f-d715-11e4-8d67-da231512f14b


System errors:
=============
Error: (04/10/2015 08:42:26 PM) (Source: Service Control Manager) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/10/2015 08:42:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (04/10/2015 08:30:57 PM) (Source: Service Control Manager) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/10/2015 08:30:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (04/10/2015 09:56:54 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (04/10/2015 09:56:54 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/10/2015 08:52:41 AM) (Source: Service Control Manager) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/10/2015 08:52:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (04/09/2015 10:48:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 114.3.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/09/2015 10:48:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.2452.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (04/06/2015 10:31:28 AM) (Source: Application Error)(User: )
Description: acs.exe0.0.0.0550bfcc2kernel32.dll6.1.7601.1840953159a85c0000005000e030c56801d0707653e87c02C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\acs.exeC:\Windows\syswow64\kernel32.dll9bbce06c-dc69-11e4-97ad-be6299d60c5a

Error: (04/04/2015 08:46:32 PM) (Source: Application Error)(User: )
Description: AssettoCorsa.exe0.15.316.46815506e3d3libcef.DLL3.2171.1979.054c0967c4000001f0014e69019d801d06f322346b69bC:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exeC:\Program Files (x86)\Steam\steamapps\common\assettocorsa\launcher\support\libcef.DLL33837093-db2d-11e4-be0b-d053a5ab2a45

Error: (04/04/2015 07:08:38 PM) (Source: MsiInstaller)(User: Foley-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/04/2015 07:08:36 PM) (Source: MsiInstaller)(User: Foley-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/04/2015 05:44:22 PM) (Source: Application Hang)(User: )
Description: SndVol.exe6.1.7601.1751418ec01d06f130e6d817c3C:\Windows\system32\SndVol.exebef50440-db13-11e4-be0b-d053a5ab2a45

Error: (04/04/2015 05:43:14 PM) (Source: Application Error)(User: )
Description: acs.exe0.0.0.0550bfcc2fmodstudio.dll0.1.5.1354ec9bbc40000015001afde315f401d06f1a8d2cb67dC:\Program Files (x86)\Steam\steamapps\common\assettocorsa\acs.exeC:\Program Files (x86)\Steam\steamapps\common\assettocorsa\fmodstudio.dll98326be5-db13-11e4-be0b-d053a5ab2a45

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/03/2015 10:45:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/30/2015 03:47:35 PM) (Source: Application Hang)(User: )
Description: arma3launcher.exe1.1.129.525176401d06b224f5b62ac5C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe98f3cb2f-d715-11e4-8d67-da231512f14b



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 17.0.0.124 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
ArmA II Launcher (HKLM-x32\...\{EACFCDA4-3286-4DEB-92D8-53006239F347}) (Version: 1.4.1.0 - Spirited Machine)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version:  - ASRock Inc.)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Assetto Corsa Dedicated Server (HKLM-x32\...\Steam App 302550) (Version:  - )
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.1.0 - ASUS)
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)
Axis & Allies (HKLM-x32\...\{47836B39-2465-4F39-9D7E-52F70A1C3D72}) (Version: 1.00.000 - )
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version:  - BeamNG)
Blitzkrieg Mod version 4.8.0.0 (HKLM-x32\...\{81EC7B6D-B297-4820-B5BE-5A2373725158}_is1) (Version: 4.8.0.0 - Blitzkrieg Mod Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Colin McRae Rally (HKLM-x32\...\Steam App 287340) (Version:  - Codemasters Digital)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darkest Hour: Europe '44-'45 (HKLM-x32\...\Steam App 1280) (Version:  - Darkest Hour Team)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
German Soldiers Mod Fields of Honor XI (HKLM-x32\...\{5510B41F-4C23-4742-B8EA-7FEA80F50150}_is1) (Version:  - German Soldiers)
German Soldiers Mod Fields of Honor XII (HKLM-x32\...\{5510B41F-4C23-4742-B8EA-7FEA80F50151}_is1) (Version:  - German Soldiers)
German Soldiers Mod Fields of Honor XII (HKLM-x32\...\{5510B41F-4C23-4742-B8EA-7FEA80F50152}_is1) (Version:  - German Soldiers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Lead and Gold - Gangs of the Wild West (HKLM-x32\...\Steam App 42120) (Version:  - Fatshark)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Logitech G930 (HKLM\...\{91C4D79C-3579-48E8-ADFA-8818042AEB73}) (Version: 1.0.364 - Logitech)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Medal of Honor™ Multiplayer (HKLM-x32\...\Steam App 47830) (Version:  - Electronic Arts)
Medal of Honor™ Single Player (HKLM-x32\...\Steam App 47790) (Version:  - Electronic Arts)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version:  - Digitalmindsoft)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Control Panel 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.172.1357 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.1 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAMM (HKLM-x32\...\{DCF020E4-4FC7-4AEE-A71E-B805416E02F1}) (Version: 1.5.0.0 - The PA Community)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 5.0.0.2 - Electronic Arts)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.12.0 - Ralink)
Red Orchestra 2: Heroes of Stalingrad Beta (HKLM-x32\...\Steam App 104320) (Version:  - )
Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1200) (Version:  - Tripwire Interactive)
Rising Storm Beta (HKLM-x32\...\Steam App 224780) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rock of Ages (HKLM-x32\...\Steam App 22230) (Version:  - ACE Team)
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version:  - Slightly Mad Studios)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7006 - Six Projects)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Theatre of War (HKLM-x32\...\Steam App 46290) (Version:  - 1C Company)
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)
Zeno Clash 2 (HKLM-x32\...\Steam App 215690) (Version:  - ACE Team)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

========================= Devices: ================================

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_1E3A1849&REV_04\3&11583659&0&B0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_0112&SUBSYS_01121849&REV_09\3&11583659&0&10
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&15EF557F&0&01
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&15EF557F&0&02
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 16265.08 MB
Available physical RAM: 13731.18 MB
Total Pagefile: 32528.34 MB
Available Pagefile: 29825.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:2047.9 GB) (Free:1357.79 GB) NTFS
2 Drive d: (V753) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
3 Drive e: (SSD) (Fixed) (Total:111.79 GB) (Free:61.47 GB) NTFS
4 Drive f: (PLAY_DISC) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
5 Drive h: (INSTALL_DISC) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\FOLEY-PC

Administrator            Foley                    Guest                    


**** End of log ****
 


Thank you for helping me!!!!



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 10 April 2015 - 07:51 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#10 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 April 2015 - 09:11 PM

My screen keeps flashing black now every 5 seconds or so and then it'll slow pace and now it just stopped.. hmm



#11 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 11 April 2015 - 11:32 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/11/2015
Scan Time: 12:21:01 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.11.04
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Foley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356506
Time Elapsed: 8 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Ilivid, C:\Users\Foley\AppData\Roaming\ZHP\Quarantine\Au_.exe, Quarantined, [1c346a0137530e287c0223d6a65bad53],
PUP.Optional.Somoto, C:\Users\Foley\AppData\Local\Temp\bitool.dll, Quarantined, [c28e18533852be78f585688910f2619f],
PUP.Optional.Somoto, C:\Users\Foley\AppData\Local\Temp\nsr49FD.tmp, Quarantined, [242c87e4701a63d36474dded758cd828],
PUP.Optional.Somoto, C:\Users\Foley\AppData\Local\Temp\nswB03E.tmp, Quarantined, [82ceb1ba6921ab8b498f6367946d748c],
HackTool.GamesCheat.Gen, C:\Users\Foley\AppData\Local\Temp\Temp1_shift2_plus2_trainer.zip\shift2_plus2_trainer.exe, Quarantined, [b79986e50e7cfb3bf39841d3719520e0],
PUP.Optional.Somoto, C:\Users\Foley\AppData\Local\Temp\AVCBack\bitool.dll, Quarantined, [ee6247249befd5619ae0cb26996914ec],

Physical Sectors: 0
(No malicious items detected)


(end)



#12 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 11 April 2015 - 12:02 PM

Zemana AntiMalware 2.10.2.18 (Portable)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/4/11
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i5-2500K CPU @ 3.30GHz
BIOS Mode             : Legacy
CUID                  : 0009BEA4C983B6473B3243
Scan Type             : Deep Scan
Duration              : 27m 56s
Scanned Objects       : 57623
Detected Objects      : 3
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky


Detected Objects
-------------------------------------------------------
pamm.exe
   Status             : Scanned
   Object             : %localappdata%\uber entertainment\planetary annihilation\pamm\pamm.exe
   MD5                : E49C74549E7070492C4F68ACE6BC007F
   Publisher          : -
   Size               : 6964736
   Version            : 0.17.1.0
   Detections         : Zemana: Heur.Malicious
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\uber entertainment\planetary annihilation\pamm\pamm.exe
                Reference - C:\Users\Foley\Desktop\PAMM.lnk

BiTool[1].dll
   Status             : Scanned
   Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\ljwgvw08\bitool[1].dll
   MD5                : 13A09BECABCE7CE7DE02D42D9C00A250
   Publisher          : Somoto Ltd.
   Size               : 38456
   Version            : -
   Detections         : AVG: Generic5.AOJI, Eset: Win32/Somoto.C application, Kaspersky: not-a-virus:Downloader.Win32.Somato.h
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\ljwgvw08\bitool[1].dll

setup[2].exe
   Status             : Scanned
   Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\1yxckfpe\setup[2].exe
   MD5                : 5EC8C43AB0526A1690F9342416658373
   Publisher          : SITE ON SPOT Ltd.
   Size               : 204728
   Version            : -
   Detections         : Avira: PUA/Somoto.hzis, Kaspersky: not-a-virus:Downloader.NSIS.Mazel.q
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\1yxckfpe\setup[2].exe
 



#13 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 11 April 2015 - 12:07 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Ultimate x64
Ran by Foley on Sat 04/11/2015 at 13:05:12.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Foley\AppData\Roaming\mozilla\firefox\profiles\8mzxwl6u.default-1428330943762\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/11/2015 at 13:07:05.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#14 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 11 April 2015 - 12:12 PM

# AdwCleaner v4.201 - Logfile created 11/04/2015 at 13:10:08
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Foley - FOLEY-PC
# Running from : C:\Users\Foley\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Foley\AppData\Local\SecTaskMan

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.118

[C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=34&r=2014/01/18&hid=5139741343935238184&lg=EN&cc=US&unqvl=46
[C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1558 bytes] - [11/04/2015 13:08:43]
AdwCleaner[S0].txt - [1495 bytes] - [11/04/2015 13:10:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1554  bytes] ##########

 



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 11 April 2015 - 05:23 PM

Eset Scan
 
Disable your antivirus prior to running this scan.
 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users