Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Digital More ads


  • Please log in to reply
5 replies to this topic

#1 jnthn

jnthn

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 13 May 2015 - 06:20 PM

Hi, I wish you could help me get rid of 'this' http://i.imgur.com/uXvHFra.png  :mellow: thanks (every time i try to post the FRST log say website is offline So I did it backwards, paste the addition and uploaded the FRST, sorry)

Addition:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by xxx at 2015-05-12 14:08:28
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-21846585-2513204259-3780631123-500 - Administrator - Disabled) => C:\Users\Administrador
Guest (S-1-5-21-21846585-2513204259-3780631123-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-21846585-2513204259-3780631123-1002 - Limited - Enabled)
xxx (S-1-5-21-21846585-2513204259-3780631123-1001 - Administrator - Enabled) => C:\Users\xxx
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AIDA64 Extreme v5.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.20 - FinalWire Ltd.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Popcorn Time Offical versión 0.8.0.0 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.0 - Popcorn Time Offical)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.3.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.5 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)
UxStyle (Version: 0.2.3.0 - The Within Network, LLC) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-05-2015 16:24:58 Installed DirectX
11-05-2015 08:26:35 Scheduled Checkpoint
12-05-2015 09:15:37 Removed STOPzilla AntiMalware.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2015-05-12 06:47 - 00000860 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0653C210-6A14-4497-927C-84CF6A711639} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {22540C33-3726-48B9-A860-E10EFE104A3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {2A0A9925-2E90-4E20-B72F-EA86280131EB} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-21846585-2513204259-3780631123-1001
Task: {36DFE763-88EC-4CAA-ABBC-DE420EA67214} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3ECF746D-580B-4E21-8E13-37DC8C6ECAE3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-auron8888joas@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {616D5DD2-508C-4FE2-8336-75FABAEB1BCC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {65839E3D-D9A4-4C20-9B0A-034855C369D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {73E4E4AA-A789-483A-BC66-7ACA50D93F25} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {852CC24E-85A7-4B0F-93B5-9EF2AD7820E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {A9B4295B-65DC-45EE-BF74-8080744C0E53} - System32\Tasks\Opera scheduled Autoupdate 1427857737 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {B24CC4A9-446E-4610-A6AA-08E32A74D63E} - System32\Tasks\{77B17E74-15A7-4C90-8C27-8F12458B9D65} => pcalua.exe -a C:\Users\xxx\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=2sq
Task: {B3DE1FA9-B7DC-43CC-9CEF-99A35AAEB92D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {C1B1A34E-C640-4B8E-B3E3-29AE5DE60F78} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DCE73B61-DA53-4D05-B74E-844A2DA4D153} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-01 04:38 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-05-12 05:00 - 2015-01-06 12:47 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2015-05-12 05:09 - 2015-05-12 05:09 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-05-12 05:09 - 2015-05-12 05:09 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-05-12 05:09 - 2015-05-12 05:09 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-05-12 05:09 - 2015-05-12 05:09 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-24 15:28 - 2015-03-24 15:28 - 00036544 _____ () C:\Rainmeter\Rainmeter.exe
2015-03-24 15:28 - 2015-03-24 15:28 - 00775872 _____ () C:\Rainmeter\Rainmeter.dll
2015-04-02 15:03 - 2015-04-02 15:03 - 00717312 _____ () C:\Rainmeter\Plugins\SpotifyPlugin.dll
2015-03-24 15:27 - 2015-03-24 15:27 - 00408576 _____ () C:\Rainmeter\Plugins\NowPlaying.DLL
2015-03-24 15:27 - 2015-03-24 15:27 - 00033792 _____ () C:\Rainmeter\Plugins\AudioLevel.DLL
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-03-05 20:04 - 2015-03-05 20:04 - 18305024 ____N () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2015-03-05 18:44 - 2015-03-05 18:44 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2015-04-01 21:51 - 2015-04-01 21:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-04-13 22:35 - 2015-04-09 02:58 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 05:23 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-01 05:23 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-01 05:23 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-01 05:23 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-01 05:23 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-01 05:23 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-01 05:23 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-01 05:23 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-01 05:23 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-01 05:23 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-01 05:23 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-04-01 05:23 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-30 10:31 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 10:31 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-01 05:23 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-04-30 10:31 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\xxx\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\Software\Classes\exefile:  <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\wallpaper\wallhaven-49911.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\...\StartupApproved\Run: => "CGFLoader"
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\...\StartupApproved\Run: => "AceUpdater"
HKU\S-1-5-21-21846585-2513204259-3780631123-1001\...\StartupApproved\Run: => "AceWebExtensionUpdater"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{BD5E48F8-BCA1-484B-BCEF-FDE5581E4C90}D:\games\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\games\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{00556853-FD48-4B21-B07B-27EF5B3CBAEC}D:\games\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\games\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{1E6E7ABF-E1FC-45E8-AD7E-509D6BB31B30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C2E33FF8-7209-4FC2-8A1D-5325DD316F13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA63DAD8-E281-472F-A8DD-4BFAB95E5EFD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{92EDE5F1-E055-4139-B6F9-C7516244652C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{FF015234-0BE9-4109-B406-D5BC1EE7E9C4}C:\users\xxx\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\xxx\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{35669ED2-10E1-4BB6-8150-F2C632008608}C:\users\xxx\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\xxx\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [{0B9C8237-1904-44EB-96D1-D4E342B6C880}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{56CCDE26-0FEC-4FB1-ABD2-0C0C1FB567F8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FCDC9F91-18D1-4857-8613-B10B34DE3D7F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B8723F62-2E6A-40EC-BF0A-79908ECA1A41}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{C0637B6D-6FC4-4B4D-9723-4FC4FB4F50F9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4F25CCF0-2EDC-4309-AD71-8047EEB4C931}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{98A2760B-9122-4BC3-B961-04F8B8DD3B03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7A8E0E7A-B7F9-43A1-AB7D-8935B2650785}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3900DD5E-A598-4C43-A233-104818C4DE49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B127899E-941A-4DC7-8A1A-EF311AE51375}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3E7E28E4-B545-4490-8669-6CAA029C2665}F:\gta5.exe] => (Allow) F:\gta5.exe
FirewallRules: [UDP Query User{3CBB78A5-8C3C-4C40-8ADF-3D5EDAB8D34C}F:\gta5.exe] => (Allow) F:\gta5.exe
FirewallRules: [{9173AA2D-2E09-4944-B709-0A4EC428131B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{695C31E1-B870-4D3B-83C7-9DA9007E55EE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{353A1703-B6C9-4869-94C6-81B12C770518}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{46E3D48A-9118-4D02-A6BD-D402A5D8BD34}C:\users\xxx\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\xxx\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{8DBE4776-0BBC-4477-9103-DC9CFEE4AA42}C:\users\xxx\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\xxx\appdata\roaming\acestream\engine\ace_engine.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: NETGEAR WNA3100 N300 Wireless USB Adapter #2
Description: NETGEAR WNA3100 N300 Wireless USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Netgear
Service: BCMH43XX
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/12/2015 01:46:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:46:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 01:37:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:37:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 01:16:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:15:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 00:25:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-21846585-2513204259-3780631123-1001}/">.
 
Error: (05/12/2015 00:25:25 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: XXX-PC)
Description: Application or service 'STOPzilla AntiMalware' could not be restarted.
 
Error: (05/12/2015 00:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.15.1.4270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe8
 
Start Time: 01d08c9d7dbdd9b8
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
Report Id: f10ee052-f890-11e4-8289-485b395dfa3b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/12/2015 00:23:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (05/12/2015 01:58:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Credential Manager service terminated with the following error: 
%%5
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:27 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:44:24 PM) (Source: DCOM) (EventID: 10016) (User: XXX-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}xxx-PCxxxS-1-5-21-21846585-2513204259-3780631123-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/12/2015 01:41:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (05/12/2015 01:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/12/2015 01:46:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:46:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 01:37:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:37:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 01:16:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (05/12/2015 01:15:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (05/12/2015 00:25:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-21846585-2513204259-3780631123-1001}/
 
Error: (05/12/2015 00:25:25 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: XXX-PC)
Description: 0SZServer.exeSTOPzilla AntiMalware0302621784600
 
Error: (05/12/2015 00:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spyhunter4.exe4.15.1.4270fe801d08c9d7dbdd9b80C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exef10ee052-f890-11e4-8289-485b395dfa3b
 
Error: (05/12/2015 00:23:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 27%
Total physical RAM: 12279.11 MB
Available physical RAM: 8918.82 MB
Total Pagefile: 14135.11 MB
Available Pagefile: 10200.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:275.56 GB) (Free:221.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: ((D:)) (Fixed) (Total:298.09 GB) (Free:52.16 GB) NTFS
Drive e: () (Fixed) (Total:279.47 GB) (Free:145.28 GB) NTFS
Drive f: (Externo) (Fixed) (Total:1397.26 GB) (Free:1332.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4FC73D1C)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 279.5 GB) (Disk ID: 25C725C6)
Partition 1: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 256B256A)
Partition 1: (Not Active) - (Size=275.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=3.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: A7488178)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   480.23KB   5 downloads

Edited by jnthn, 13 May 2015 - 06:23 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:10 PM

Posted 17 May 2015 - 06:43 PM

hi,

 

Iam shelf life and will try to help you. Iam only on this site once or twice per day, more on the weekends. I may not reply until the next day in some cases.

 

We will get two downloads to use, both target adware. Post the logs and we will go from there.

 

 Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal  process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 
==========================================================
     Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

 


How Can I Reduce My Risk to Malware?


#3 jnthn

jnthn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 19 May 2015 - 06:53 AM

Hi, first of all thank you for your time. Three days after the Ad 's Appear, Windows had some updates ( http://i.imgur.com/OXCQ34Z.png ) after reboot the Ad 's disappeared. Those updates may solucionasen the problem or can I still be infected ? If you think the problem is already solved with the windows updates and you'll tell me.
 

# AdwCleaner v4.203 - Logfile created 19/05/2015 at 13:23:08
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : xxx - XXX-PC
# Running from : C:\Users\xxx\Desktop\adwcleaner_4.203 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v42.0.2311.152
 
 
-\\ Opera v29.0.1795.47
 
 
*************************
 
AdwCleaner[R0].txt - [35223 bytes] - [18/06/2014 16:36:33]
AdwCleaner[R10].txt - [1759 bytes] - [19/05/2015 13:06:24]
AdwCleaner[R1].txt - [21288 bytes] - [12/05/2015 04:03:07]
AdwCleaner[R2].txt - [1180 bytes] - [12/05/2015 05:16:29]
AdwCleaner[R3].txt - [1302 bytes] - [12/05/2015 13:10:58]
AdwCleaner[R4].txt - [1417 bytes] - [12/05/2015 13:17:03]
AdwCleaner[R5].txt - [1480 bytes] - [12/05/2015 13:28:15]
AdwCleaner[R6].txt - [1598 bytes] - [12/05/2015 13:37:45]
AdwCleaner[R7].txt - [1522 bytes] - [12/05/2015 13:40:29]
AdwCleaner[R8].txt - [1638 bytes] - [12/05/2015 13:45:28]
AdwCleaner[R9].txt - [2534 bytes] - [13/05/2015 01:46:57]
AdwCleaner[S0].txt - [14169 bytes] - [18/06/2014 16:42:20]
AdwCleaner[S1].txt - [2797 bytes] - [12/05/2015 04:04:15]
AdwCleaner[S2].txt - [1249 bytes] - [12/05/2015 05:20:33]
AdwCleaner[S3].txt - [1371 bytes] - [12/05/2015 13:12:00]
AdwCleaner[S4].txt - [1548 bytes] - [12/05/2015 13:33:07]
AdwCleaner[S5].txt - [1588 bytes] - [12/05/2015 13:41:32]
AdwCleaner[S6].txt - [2622 bytes] - [13/05/2015 01:48:43]
AdwCleaner[S7].txt - [1684 bytes] - [19/05/2015 13:23:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1743  bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.3 (05.18.2015:1)
OS: Windows 8.1 Pro x64
Ran by xxx on Tue 05/19/2015 at 13:32:43.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-21846585-2513204259-3780631123-1001
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/19/2015 at 13:40:59.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:10 PM

Posted 19 May 2015 - 05:15 PM

Looks like you already ran adwcleaner several times. No I dont think those Windows updates where the cause of it stopping. Those arent even critical security updates. There only recommended and optional.

Just cruise around and make sure there gone. I will leave the thread open.


How Can I Reduce My Risk to Malware?


#5 jnthn

jnthn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 20 May 2015 - 01:00 AM

Yes, before I came here I tried to take care of the problem using online tutorials and software they recommended (malwarebytes, adaware, adwcleaner, Emisoft, FRST, JRT, etc ... ) none worked, adwcleaner was the only one that showed results but after click on Clean, remove the results and restart the computer... the Ad's still there. I also tried deleting the folders manually but the problem continued for a few days, when I created the post I stopped trying to get rid of the malware, maybe it's coincidence... but right after the Windows Update the problem disappears.
 
I do not know, the truth is I am very confused, some day chrome began to go slow and closed abruptly thereafter appeared the Ad's, and after a few days without trying to eliminate the malware on my own, disappears after the Windows needed to be restarted, sorry did not know or have no more information to give.
 
 
>>>Spyhunter 4<<< worst idea ever, atleast in my experience.
 
(sorry for the ¿weird? english)


#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:10 PM

Posted 20 May 2015 - 04:36 PM

Maybe its a coincidence, running all those tools cleared it up.

Nobody really recommends Spyhunter as a anti malware app. Stick with the free version of Malwarebytes. Why dont you scan with FRST again to get a new log and we can clean some things up with a  FRST script. Your English is fine.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users