Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe in Temp folder, CPU running at 100%


  • Please log in to reply
15 replies to this topic

#1 Fyrelle

Fyrelle

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 12:35 AM

My laptop HP Pavilion notebook pc, is running windows 8.1.

 

A few months ago my windows defender anti-virus would alert me and attempt to remove a bitcoin virus. It would quaratine it but I kept receiving the alert. I downloaded Malbytes Malware Antivirus, this seemed to fix the issue as my Windows defender stopped alerting me to the bitcoin miner.

 

However, in the last week I noticed my pc running very loudly and running at 100% cpu usage, one application is running 99%. I use my computer to do basic word processing and some internet research for school projects.

 

I read that the svchost is a bitcoin miner but can be difficult to get rid of if not removed correctly. I downloaded the Zemana Anti-Malware from your website-Bleeping Computer and it has identified the svchost as being a bitcoin miner as well.

 

Any help in resolving this issue would be greatly appreciated.

 

Thank you.



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 28 June 2015 - 01:03 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 01:22 AM

Hi,

Thank you for your reply. I am following your instructions now.

Will update.

 

Thank you again.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 28 June 2015 - 01:25 AM

:thumbup2:  Just make sure and allow the Escan to update fully, many people seem to skip that.



#5 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 09:07 AM

Hi,

Here is the log file from eScanAV. I will begin the next step in the instructions. Thanks for your assistance.

 

28 Jun 2015 02:22:32 [1bc4] - **********************************************************
28 Jun 2015 02:22:32 [1bc4] - MWAV - eScanAV AntiVirus Toolkit.
28 Jun 2015 02:22:32 [1bc4] - Copyright © MicroWorld Technologies
28 Jun 2015 02:22:32 [1bc4] - **********************************************************
28 Jun 2015 02:22:32 [1bc4] - Version 14.0.189 (C:\USERS\FYRELLE\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
28 Jun 2015 02:22:32 [1bc4] - Log File: C:\Users\Fyrelle\AppData\Local\Temp\LOG\MWAV.LOG
28 Jun 2015 02:22:32 [1bc4] - MWAV Registered: TRUE
28 Jun 2015 02:22:32 [1bc4] - User Account: Fyrelle (Administrator Mode)
28 Jun 2015 02:22:32 [1bc4] - OS Type: Windows Workstation [InstallType: Client]
28 Jun 2015 02:22:32 [1bc4] - OS: Windows 8.1 64-Bit [OS Install Date: 21 Jun 2014 14:14:20]
28 Jun 2015 02:22:32 [1bc4] - Ver: Personal Build 9200
28 Jun 2015 02:22:32 [1bc4] - System Up Time: 18 Minutes, 14 Seconds


28 Jun 2015 02:22:32 [1bc4] - Parent Process Name : C:\Users\Fyrelle\AppData\Local\Temp\mwavscan.exe
28 Jun 2015 02:22:32 [1bc4] - Windows Root  Folder: C:\WINDOWS
28 Jun 2015 02:22:32 [1bc4] - Windows Sys32 Folder: C:\WINDOWS\system32
28 Jun 2015 02:22:32 [1bc4] - DHCP NameServer: 10.0.1.1
28 Jun 2015 02:22:32 [1bc4] - Interface0 DHCPNameServer: 10.0.1.1
28 Jun 2015 02:22:32 [1bc4] - Interface1 DHCPNameServer: 10.0.1.1
28 Jun 2015 02:22:32 [1bc4] - Local Fixed Drives: c:\,d:\
28 Jun 2015 02:22:32 [1bc4] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
28 Jun 2015 02:22:32 [1bc4] - [CREATED ZIP FILE: C:\Users\Fyrelle\AppData\Local\Temp\pinfect.zip]
28 Jun 2015 02:22:32 [1bc4] - Command Line Options Given: /xsign
28 Jun 2015 02:22:34 [1bc4] - Latest Date of files inside MWAV: Sun Jun 28 09:08:03 2015.
28 Jun 2015 02:22:34 [1bc4] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Fyrelle\AppData\Local\Temp\LOG\ESCANDB.LOG]
28 Jun 2015 02:22:34 [1bc4] - Loaded/Created FileScan Cache Database...
28 Jun 2015 02:22:34 [1bc4] - Loading AV Library [DB]...
28 Jun 2015 02:22:43 [1bc4] - ArchiveScan: DISABLED
28 Jun 2015 02:22:44 [1bc4] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
28 Jun 2015 02:22:44 [1bc4] - MWAV doing self scanning...
28 Jun 2015 02:22:44 [1bc4] - MWAV files are clean.
28 Jun 2015 02:23:57 [1bc4] - ArchiveScan: DISABLED
28 Jun 2015 02:23:57 [1bc4] - Virus Database Date: 28 Jun 2015
28 Jun 2015 02:23:57 [1bc4] - Virus Database Count: 5698340
28 Jun 2015 02:23:57 [1bc4] - Sign Version: 7.61285 [520037]
28 Jun 2015 02:24:07 [0160] - **********************************************************
28 Jun 2015 02:24:07 [0160] - MWAV - eScanAV AntiVirus Toolkit.
28 Jun 2015 02:24:07 [0160] - Copyright © MicroWorld Technologies
28 Jun 2015 02:24:07 [0160] - **********************************************************
28 Jun 2015 02:24:07 [0160] - Version 14.0.189 (C:\USERS\FYRELLE\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
28 Jun 2015 02:24:07 [0160] - Log File: C:\Users\Fyrelle\AppData\Local\Temp\LOG\MWAV.LOG
28 Jun 2015 02:24:07 [0160] - MWAV Registered: TRUE
28 Jun 2015 02:24:07 [0160] - User Account: Fyrelle (Administrator Mode)
28 Jun 2015 02:24:07 [0160] - OS Type: Windows Workstation [InstallType: Client]
28 Jun 2015 02:24:07 [0160] - OS: Windows 8.1 64-Bit [OS Install Date: 21 Jun 2014 14:14:20]
28 Jun 2015 02:24:07 [0160] - Ver: Personal Build 9200
28 Jun 2015 02:24:07 [0160] - System Up Time: 19 Minutes, 49 Seconds


28 Jun 2015 02:24:07 [0160] - Parent Process Name : c:\Windows\explorer.exe
28 Jun 2015 02:24:07 [0160] - Windows Root  Folder: C:\WINDOWS
28 Jun 2015 02:24:07 [0160] - Windows Sys32 Folder: C:\WINDOWS\system32
28 Jun 2015 02:24:07 [0160] - DHCP NameServer: 10.0.1.1
28 Jun 2015 02:24:07 [0160] - Interface0 DHCPNameServer: 10.0.1.1
28 Jun 2015 02:24:07 [0160] - Interface1 DHCPNameServer: 10.0.1.1
28 Jun 2015 02:24:07 [0160] - Local Fixed Drives: c:\,d:\
28 Jun 2015 02:24:07 [0160] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
28 Jun 2015 02:24:07 [0160] - [Unable to Create ZIP FILE: C:\Users\Fyrelle\AppData\Local\Temp\pinfect.zip!]
28 Jun 2015 02:24:08 [0160] - Latest Date of files inside MWAV: Sun Jun 28 09:08:03 2015.
28 Jun 2015 02:24:08 [0160] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Fyrelle\AppData\Local\Temp\LOG\ESCANDB.LOG]
28 Jun 2015 02:24:08 [0160] - Loaded/Created FileScan Cache Database...
28 Jun 2015 02:24:08 [0160] - Loading AV Library [DB]...
28 Jun 2015 02:24:11 [0160] - ArchiveScan: DISABLED
28 Jun 2015 02:24:11 [0160] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
28 Jun 2015 02:24:11 [0160] - MWAV doing self scanning...
28 Jun 2015 02:24:11 [0160] - MWAV files are clean.
28 Jun 2015 02:24:12 [0160] - ArchiveScan: DISABLED
28 Jun 2015 02:24:12 [0160] - Virus Database Date: 28 Jun 2015
28 Jun 2015 02:24:12 [0160] - Virus Database Count: 5698340
28 Jun 2015 02:24:12 [0160] - Sign Version: 7.61285 [520037]
28 Jun 2015 02:24:18 [1bc4] - Uninitializing Scanner (3)...
28 Jun 2015 02:24:18 [1bc4] - Freeing Libraries (3)...
28 Jun 2015 02:24:18 [1bc4] - AV Library Unloaded (3)...
28 Jun 2015 02:24:18 [1bc4] - Exiting App...
 
28 Jun 2015 02:24:31 [0160] - **********************************************************
28 Jun 2015 02:24:31 [0160] - MWAV - eScanAV AntiVirus Toolkit.
28 Jun 2015 02:24:31 [0160] - Copyright © MicroWorld Technologies
28 Jun 2015 02:24:31 [0160] -
28 Jun 2015 02:24:31 [0160] - Support: support@escanav.com
28 Jun 2015 02:24:31 [0160] - Web: http://www.escanav.com
28 Jun 2015 02:24:31 [0160] - **********************************************************
28 Jun 2015 02:24:31 [0160] - Version 14.0.189[DB] (C:\USERS\FYRELLE\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
28 Jun 2015 02:24:31 [0160] - Log File: C:\Users\Fyrelle\AppData\Local\Temp\LOG\MWAV.LOG
28 Jun 2015 02:24:31 [0160] - User Account: Fyrelle (Administrator Mode)
28 Jun 2015 02:24:31 [0160] - Parent Process Name : c:\Windows\explorer.exe
28 Jun 2015 02:24:31 [0160] - Windows Root  Folder: C:\WINDOWS
28 Jun 2015 02:24:31 [0160] - Windows Sys32 Folder: C:\WINDOWS\system32
28 Jun 2015 02:24:31 [0160] - OS: Windows 8.1 64-Bit [OS Install Date: 21 Jun 2014 14:14:20]
28 Jun 2015 02:24:31 [0160] - Ver: Personal Build 9200
28 Jun 2015 02:24:31 [0160] - Latest Date of files inside MWAV: Sun Jun 28 09:08:03 2015.
28 Jun 2015 02:24:31 [0160] - Priority: NORMAL
 
28 Jun 2015 02:24:31 [1344] - Options Selected by User:
28 Jun 2015 02:24:31 [1344] - Memory Check: Enabled
28 Jun 2015 02:24:31 [1344] - Registry Check: Enabled
28 Jun 2015 02:24:31 [1344] - StartUp Folder Check: Enabled
28 Jun 2015 02:24:31 [1344] - System Folder Check: Enabled
28 Jun 2015 02:24:31 [1344] - Services Check: Enabled
28 Jun 2015 02:24:31 [1344] - Scan Spyware: Enabled
28 Jun 2015 02:24:31 [1344] - Scan Archives: Disabled
28 Jun 2015 02:24:31 [1344] - Drive Check: Enabled
28 Jun 2015 02:24:31 [1344] - All Drive Check :Disabled
28 Jun 2015 02:24:31 [1344] - Drive Selected = C:\
28 Jun 2015 02:24:31 [1344] - Folder Check: Disabled
28 Jun 2015 02:24:31 [1344] - SCAN: All_Files [ANSI]
28 Jun 2015 02:24:31 [1344] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
28 Jun 2015 02:24:31 [1344] - Scanning DNS Records...
28 Jun 2015 02:24:31 [1344] - Scanning Master Boot Record (User)...
28 Jun 2015 02:24:32 [1344] - Scanning Logical Boot Records...
28 Jun 2015 02:24:44 [1344] - ScanFile (:BOOT:C) took 11969 ms
28 Jun 2015 02:24:44 [1344] - ***** Scanning For Hidden Rootkit Processes *****
28 Jun 2015 02:24:44 [1344] - ***** Scanning For Hidden Rootkit Services *****
 
28 Jun 2015 02:24:48 [1344] - ***** Scanning Memory Files *****
28 Jun 2015 02:24:56 [1344] - Scanning File c:\Windows\Temp\svchost.exe
28 Jun 2015 02:24:56 [1344] - Process c:\Windows\Temp\svchost.exe found loaded in Memory...
28 Jun 2015 02:24:56 [1344] - *** Terminating Infected Process c:\Windows\Temp\svchost.exe...
28 Jun 2015 02:24:59 [1344] - *** Termination Successful.
28 Jun 2015 02:25:00 [1344] - File c:\Windows\Temp\svchost.exe infected by "Application.Bitcoinminer.HH (DB)" Virus! Action Taken: File Renamed.

 
28 Jun 2015 02:25:01 [1344] - ***** Scanning Registry Files *****
28 Jun 2015 02:25:07 [1344] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
28 Jun 2015 02:25:07 [1344] - ***** Scanning StartUp Folders *****
28 Jun 2015 02:32:28 [1818] - Scanning File C:\Users\Fyrelle\AppData\Roaming\Origin\update.vbe
28 Jun 2015 02:32:28 [1818] - File C:\Users\Fyrelle\AppData\Roaming\Origin\update.vbe infected by "Trojan.Downloader.Vbs.Doget.FTQ (DB)" Virus! Action Taken: File Renamed.

 
28 Jun 2015 02:34:09 [1344] - ***** Scanning Service Files *****
28 Jun 2015 02:34:18 [1344] - ERROR(2)!!! Invalid Entry \SystemRoot\system32\DRIVERS\avchv.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\avchv.
28 Jun 2015 02:34:35 [1344] - ERROR(2)!!! Invalid Entry C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\LavasoftTcpService.
28 Jun 2015 02:34:48 [1344] - ERROR(2)!!! Invalid Entry system32\DRIVERS\RtsPer.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\RTSPER.
28 Jun 2015 02:34:55 [1344] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
28 Jun 2015 02:35:05 [1344] - ***** Scanning Registry and File system for Adware/Spyware *****
28 Jun 2015 02:35:06 [1344] - Loading Spyware Signatures from new External Database [Name: C:\Users\Fyrelle\AppData\Local\Temp\spydb.avs, Size: 464724]...
28 Jun 2015 02:35:06 [1344] - Indexed Spyware Databases Successfully Created...
 
28 Jun 2015 02:35:54 [1344] - Offending Folder found: C:\ProgramData\Package Cache\{95160001-1163-0409-1000-0000000FF1CE}v16.0.2617.1200\packages\sptoolsdependencies\v16
28 Jun 2015 02:35:54 [1344] - Deltree of Folder C:\ProgramData\Package Cache\{95160001-1163-0409-1000-0000000FF1CE}v16.0.2617.1200\packages\sptoolsdependencies\v16...
28 Jun 2015 02:35:54 [1344] - Object "NetworkEssentials Spyware/Adware" found in File System! Action Taken: Entries Removed.

28 Jun 2015 02:35:54 [1344] - Offending file found: C:\WINDOWS\Temp\svchost.exe.mwt
28 Jun 2015 02:35:54 [1344] - System found infected with Lingling Trojan (C:\WINDOWS\Temp\svchost.exe.mwt)! Action taken: File Deleted.
28 Jun 2015 02:35:54 [1344] - Object "Lingling Trojan" found in File System! Action Taken: File Deleted.

 
28 Jun 2015 02:35:56 [1344] - ***** Scanning Registry Files *****
28 Jun 2015 02:35:57 [1344] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
28 Jun 2015 02:35:57 [1344] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
28 Jun 2015 02:35:57 [1344] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
28 Jun 2015 02:35:57 [1344] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
28 Jun 2015 02:35:57 [1344] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
28 Jun 2015 02:35:57 [1344] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://g.msn.com/HPNOT13/1
28 Jun 2015 02:35:57 [1344] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.bing.com/?pc=U162F
28 Jun 2015 02:35:57 [1344] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.bing.com/?pc=U162F
 
28 Jun 2015 02:35:57 [1344] - ***** Scanning System32 Folders *****
 
 
28 Jun 2015 02:37:40 [1344] - ***** Scanning Drive C:\ *****
28 Jun 2015 02:37:51 [1844] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Fyrelle\AppData\Roaming\VOPackage\nseC0B3.tmpfs.vir
28 Jun 2015 02:37:51 [1844] - File C:\AdwCleaner\Quarantine\C\Users\Fyrelle\AppData\Roaming\VOPackage\nseC0B3.tmpfs.vir infected by "Gen:Variant.Zusy.132272 (DB)" Virus! Action Taken: File Renamed.

28 Jun 2015 02:38:12 [1818] - ScanFile (C:\Program Files\AMD\CCC2\Install\ccc2_install.exe) took 7016 ms
28 Jun 2015 02:39:36 [1624] - ScanFile (C:\Program Files\Microsoft Office 15\root\client\mfc100u.dll) took 7860 ms
28 Jun 2015 02:41:12 [15dc] - ScanFile (C:\Program Files\Microsoft Office 15\root\office15\PROOF\1036\MSGR3FR.DLL) took 6781 ms
28 Jun 2015 02:43:09 [1624] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\mastlog.ldf) took 6687 ms
28 Jun 2015 02:43:10 [16e8] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\MSDBData.mdf) took 7984 ms
28 Jun 2015 02:43:11 [1814] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\model.mdf) took 8219 ms
28 Jun 2015 02:43:11 [14e8] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\ReportServer$SQLEXPRESS.mdf) took 7891 ms
28 Jun 2015 02:43:11 [1818] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\modellog.ldf) took 8453 ms
28 Jun 2015 02:43:11 [15dc] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\MSDBLog.ldf) took 8406 ms
28 Jun 2015 02:43:11 [1784] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\ReportServer$SQLEXPRESS_log.ldf) took 8032 ms
28 Jun 2015 02:43:16 [1844] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\tempdb.mdf) took 9157 ms
28 Jun 2015 02:43:17 [1624] - ScanFile (C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\DATA\templog.ldf) took 8125 ms
28 Jun 2015 02:47:07 [16e8] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 6594 ms
28 Jun 2015 02:49:13 [1814] - ScanFile (C:\Program Files (x86)\CyberLink\Power2Go8\Gallery\CL_Gallery.exe) took 7641 ms
28 Jun 2015 03:00:58 [1844] - ScanFile (C:\Program Files (x86)\Microsoft Office\Office12\PPCORE.DLL) took 5015 ms
28 Jun 2015 03:16:50 [1784] - ScanFile (C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\TS3EP02.exe) took 6437 ms
28 Jun 2015 03:18:53 [1844] - ScanFile (C:\Program Files (x86)\WildGames\4 Elements II\4 Elements-WT.exe) took 5063 ms
28 Jun 2015 03:19:00 [1814] - ScanFile (C:\Program Files (x86)\WildGames\Farm Frenzy\Farm Frenzy-WT.exe) took 5063 ms
28 Jun 2015 03:22:59 [15dc] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:22:59 [1844] - Scanning File C:\System Volume Information\{a97f566f-145c-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:22:59 [1624] - Scanning File C:\System Volume Information\{39288d27-1060-11e5-bed2-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:22:59 [16e8] - Scanning File C:\System Volume Information\{f6923da2-1c37-11e5-bed4-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:22:59 [1784] - Scanning File C:\System Volume Information\{a97f5659-145c-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:22:59 [14e8] - Scanning File C:\System Volume Information\{230e0ce0-1a6f-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 03:23:25 [16e8] - ScanFile (C:\Users\Fyrelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdm.dll) took 5265 ms
28 Jun 2015 03:27:44 [14e8] - ScanFile (C:\Users\Fyrelle\Documents\Database Project\SQL Express\redist\VisualStudioShell\KB2251489.MSP) took 9407 ms
28 Jun 2015 03:27:44 [1844] - ScanFile (C:\Users\Fyrelle\Documents\Database Project\SQL Express\redist\VisualStudioShell\VS10SP1-KB983509.MSP) took 9938 ms
28 Jun 2015 03:28:03 [14e8] - Scanning File C:\Users\Fyrelle\Documents\Docs from Samsung\Always(Passion: Here for You Album Version)-Kristian Stanfill.mp3
28 Jun 2015 03:29:07 [15dc] - ScanFile (C:\Users\Fyrelle\Documents\Mom Flash\Windows OS Update\MSO2k7_kg.zip) took 6375 ms
28 Jun 2015 03:30:18 [1844] - ScanFile (C:\Users\Fyrelle\Documents\USB PNY data\CustomGuide\Outlook Web Access 2007\Outlook Web Access 2007.doc) took 5531 ms
28 Jun 2015 07:39:33 [1814] - ScanFile (C:\Users\Fyrelle\Documents\Work Files Extra\CustomGuide\Outlook Web Access 2007\Outlook Web Access 2007.doc) took 6156 ms
28 Jun 2015 07:41:17 [1818] - ScanFile (C:\Users\Fyrelle\Downloads\battlelog-web-plugins_2.3.2_133.exe) took 12375 ms
28 Jun 2015 07:41:23 [15dc] - ScanFile (C:\Users\Fyrelle\Downloads\kau.zip) took 5844 ms
28 Jun 2015 07:42:02 [1784] - ScanFile (C:\Users\Fyrelle\Music\iTunes\iTunes Music\Mobile Applications\100 Pics 1.20.ipa) took 7641 ms

28 Jun 2015 07:57:10 [14e8] - ScanFile (C:\Windows\Installer\18e404b.msp) took 6422 ms
28 Jun 2015 07:57:10 [1814] - ScanFile (C:\Windows\Installer\18e3fa4.msp) took 6625 ms
28 Jun 2015 07:57:17 [15dc] - ScanFile (C:\Windows\Installer\1c78e3d4.msp) took 7703 ms
28 Jun 2015 07:57:31 [1844] - ScanFile (C:\Windows\Installer\25a60e.msp) took 5421 ms
28 Jun 2015 07:57:37 [1844] - ScanFile (C:\Windows\Installer\2ae3d3c9.msp) took 5234 ms
28 Jun 2015 07:57:40 [14e8] - ScanFile (C:\Windows\Installer\304a9de4.msp) took 5922 ms
28 Jun 2015 07:57:50 [15dc] - ScanFile (C:\Windows\Installer\564a3d4.msp) took 5671 ms
28 Jun 2015 07:57:50 [1814] - ScanFile (C:\Windows\Installer\64961b9.msp) took 5641 ms
28 Jun 2015 07:57:51 [1818] - ScanFile (C:\Windows\Installer\6496269.msp) took 5422 ms
28 Jun 2015 07:57:51 [1784] - ScanFile (C:\Windows\Installer\3fc908.msp) took 13078 ms
28 Jun 2015 07:57:56 [1624] - ScanFile (C:\Windows\Installer\6496208.msp) took 10265 ms
28 Jun 2015 07:58:00 [1844] - ScanFile (C:\Windows\Installer\6496401.msp) took 5719 ms
28 Jun 2015 07:58:00 [14e8] - ScanFile (C:\Windows\Installer\64961ce.msp) took 14906 ms
28 Jun 2015 07:58:00 [1814] - ScanFile (C:\Windows\Installer\6496477.msp) took 5156 ms
28 Jun 2015 07:58:01 [16e8] - ScanFile (C:\Windows\Installer\649630e.msp) took 13235 ms
28 Jun 2015 07:58:14 [15dc] - ScanFile (C:\Windows\Installer\80f83ae.msp) took 7422 ms
28 Jun 2015 07:58:17 [1784] - ScanFile (C:\Windows\Installer\b4cc83e4.msp) took 5563 ms
 
28 Jun 2015 08:21:31 [1344] - ***** Checking for specific ITW Viruses *****
 
28 Jun 2015 08:21:31 [1344] - ***** Scanning complete. *****
 
28 Jun 2015 08:21:31 [1344] - Memory/System Found Infected!!! Rescanning all objects to ensure that system is clean...
 
28 Jun 2015 08:21:31 [1344] - Options Selected by User:
28 Jun 2015 08:21:31 [1344] - Memory Check: Enabled
28 Jun 2015 08:21:31 [1344] - Registry Check: Enabled
28 Jun 2015 08:21:31 [1344] - StartUp Folder Check: Enabled
28 Jun 2015 08:21:31 [1344] - System Folder Check: Enabled
28 Jun 2015 08:21:31 [1344] - Services Check: Enabled
28 Jun 2015 08:21:31 [1344] - Scan Spyware: Enabled
28 Jun 2015 08:21:31 [1344] - Scan Archives: Disabled
28 Jun 2015 08:21:31 [1344] - Drive Check: Enabled
28 Jun 2015 08:21:31 [1344] - All Drive Check :Disabled
28 Jun 2015 08:21:31 [1344] - Drive Selected = C:\
28 Jun 2015 08:21:31 [1344] - Folder Check: Disabled
28 Jun 2015 08:21:31 [1344] - SCAN: All_Files [ANSI]
28 Jun 2015 08:21:31 [1344] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
28 Jun 2015 08:21:32 [1344] - Scanning Master Boot Record (User)...
28 Jun 2015 08:21:32 [1344] - Scanning Logical Boot Records...
28 Jun 2015 08:21:35 [1344] - ***** Scanning For Hidden Rootkit Processes *****
28 Jun 2015 08:21:35 [1344] - ***** Scanning For Hidden Rootkit Services *****
 
28 Jun 2015 08:21:56 [1344] - ***** Scanning Memory Files *****
 
28 Jun 2015 08:21:57 [1344] - ***** Scanning Registry Files *****
 
28 Jun 2015 08:22:00 [1344] - ***** Scanning StartUp Folders *****
 
28 Jun 2015 08:23:37 [1344] - ***** Scanning Service Files *****
 
28 Jun 2015 08:24:46 [1344] - ***** Scanning Registry and File system for Adware/Spyware *****
28 Jun 2015 08:24:46 [1344] - Loading Spyware Signatures from new External Database [Name: C:\Users\Fyrelle\AppData\Local\Temp\spydb.avs, Size: 464724]...
28 Jun 2015 08:24:46 [1344] - Indexed Spyware Databases Successfully Created...
 
 
28 Jun 2015 08:25:13 [1344] - ***** Scanning Registry Files *****
28 Jun 2015 08:25:14 [1344] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
28 Jun 2015 08:25:14 [1344] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://g.msn.com/HPNOT13/1
28 Jun 2015 08:25:14 [1344] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.bing.com/?pc=U162F
28 Jun 2015 08:25:14 [1344] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.bing.com/?pc=U162F
 
28 Jun 2015 08:25:14 [1344] - ***** Scanning System32 Folders *****
 
 
28 Jun 2015 08:25:28 [1344] - ***** Scanning Drive C:\ *****
28 Jun 2015 08:35:07 [1624] - Scanning File C:\System Volume Information\{a97f566f-145c-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:35:07 [14e8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:35:07 [1814] - Scanning File C:\System Volume Information\{f6923da2-1c37-11e5-bed4-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:35:07 [1784] - Scanning File C:\System Volume Information\{230e0ce0-1a6f-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:35:07 [1818] - Scanning File C:\System Volume Information\{a97f5659-145c-11e5-bed3-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:35:07 [16e8] - Scanning File C:\System Volume Information\{39288d27-1060-11e5-bed2-a0d3c165dd8c}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Jun 2015 08:36:24 [1814] - Scanning File C:\Users\Fyrelle\Documents\Docs from Samsung\Always(Passion: Here for You Album Version)-Kristian Stanfill.mp3
 
28 Jun 2015 08:42:03 [1344] - ***** Checking for specific ITW Viruses *****
 
28 Jun 2015 08:42:03 [1344] - ***** Scanning complete. *****
 
28 Jun 2015 08:42:03 [1344] - Total Objects Scanned: 1045767
28 Jun 2015 08:42:03 [1344] - Total Critical Objects: 5
28 Jun 2015 08:42:03 [1344] - Total Disinfected Objects: 0
28 Jun 2015 08:42:03 [1344] - Total Objects Renamed: 3
28 Jun 2015 08:42:03 [1344] - Total Deleted Objects: 2
28 Jun 2015 08:42:03 [1344] - Total Errors: 4
28 Jun 2015 08:42:03 [1344] - Time Elapsed: 02:09:33
28 Jun 2015 08:42:03 [1344] - Virus Database Date: 28 Jun 2015
28 Jun 2015 08:42:03 [1344] - Virus Database Count: 5698340
28 Jun 2015 08:42:03 [1344] - Sign Version: 7.61285 [520037]
 
28 Jun 2015 08:42:03 [1344] - Scan Completed.



#6 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 10:02 AM

Zemana AntiMalware 2.16.179.198 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/28
Operating System       : Windows 8.1 64-bit
Processor              : 4X AMD A10-5750M APU with Radeon™ HD Graphics
BIOS Mode              : UEFI
CUID                   : 00917264F22DED45E12DBD
Scan Type              : Deep Scan
Duration               : 42m 39s
Scanned Objects        : 400175
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

ninja-setup-3.0.7.exe
Status             : Scanned
Object             : %userprofile%\downloads\ninja-setup-3.0.7.exe
MD5                : 5269E6ED06CFFE100ED3F48B4A3DE45E
Publisher          : -
Size               : 2509450
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.7.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 



#7 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 10:16 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.0 (06.28.2015:1)
OS: Windows 8.1 x64
Ran by Fyrelle on Sun 06/28/2015 at 10:08:12.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_32D7BFCCDA15EFE2CB2A455BB47D01F5



~~~ Registry Keys



~~~ Files

Failed to delete: [File] C:\WINDOWS\syswow64\LavasoftTcpService.dll
Successfully deleted: [File] C:\WINDOWS\syswow64\LavasoftTcpService.ini
Successfully deleted: [File] C:\WINDOWS\syswow64\LavasoftTcpServiceOff.ini



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Fyrelle\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Fyrelle\appdata\locallow\company
Successfully deleted: [Folder] C:\Users\Fyrelle\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Successfully deleted: [Folder] C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7



~~~ Chrome


[C:\Users\Fyrelle\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Fyrelle\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Fyrelle\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Fyrelle\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/28/2015 at 10:14:39.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 10:47 AM

Thanks for such thorough instructions. This is the last log.

 

# AdwCleaner v4.207 - Logfile created 28/06/2015 at 10:41:18
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Fyrelle - NARA_BEE
# Running from : C:\Users\Fyrelle\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{8cb4bf3e-d11f-e470-8cb4-4bf3ed11fcfb}
Folder Deleted : C:\Users\Fyrelle\AppData\Roaming\SmileFiles

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SDP

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [4260 bytes] - [12/03/2015 18:20:56]
AdwCleaner[R1].txt - [887 bytes] - [12/03/2015 22:41:06]
AdwCleaner[R2].txt - [1122 bytes] - [28/06/2015 10:17:40]
AdwCleaner[S0].txt - [4284 bytes] - [12/03/2015 18:27:37]
AdwCleaner[S1].txt - [1054 bytes] - [28/06/2015 10:41:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1113  bytes] ##########
 



#9 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 02:48 PM

My system seems to be back to its usual self. Thank you so much for the guidance and patience you provided.

 

I appreciate it.

 

Thank you!



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 28 June 2015 - 04:46 PM

Lets just make certain all is well, with a final round of scans . :)

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#11 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 06:28 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_06_28_17_58_05
OS: Windows 8 - 64 Bit
Account Name: Fyrelle
U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished
 



#12 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 06:54 PM

~ ZHPCleaner v2015.6.28.284 by Nicolas Coolman (2015\06\28)
~ Run by Fyrelle (Administrator)  (28/06/2015 18:51:08)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Fyrelle\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Fyrelle\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit  (Build 9600)


---\\  Services (0)


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (6)
MOVED file: C:\Users\Fyrelle\Desktop\Shortcut to SecureDownloadManager.exe.lnk   (PUP.SearchAssist)
MOVED file: C:\Users\Fyrelle\Downloads\SecureDownloadManager.log   (PUP.SearchAssist)
MOVED folder*: C:\WINDOWS\Installer\MSI2582.tmp- (Empty)
MOVED folder*: C:\WINDOWS\Installer\MSI9650.tmp- (Empty)
MOVED folder*: C:\WINDOWS\Installer\MSI9FEF.tmp- (Empty)
MOVED folder*: C:\WINDOWS\Installer\MSIA90F.tmp- (Empty)


---\\  Registry ( Key, Value, Data) (4)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\HawkesUpdater ["C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe" (Not File)] (PUP.SoftwareUpdater)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\HawkesUpdater ["C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe" (Not File)] (PUP.ServiceManager)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1 [cpbrkpie Control] (Adware.CouponBar)
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_32D7BFCCDA15EFE2CB2A455BB47D01F5 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.CrossBrowse)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 976
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 11


End of clean at 18:51:46
===================
ZHPCleaner-[R]-28062015-18_51_46.txt
ZHPCleaner-[S]-28062015-18_43_52.txt
 



#13 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 28 June 2015 - 06:59 PM

MiniToolBox by Farbar  Version: 22-06-2015
Ran by Fyrelle (administrator) on 28-06-2015 at 18:56:54
Running from "C:\Users\Fyrelle\Downloads"
Microsoft Windows 8.1  (X64)
Model: HP Pavilion 17 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_7" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Nara_Bee
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : panhandle.rr.com

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-6F-25-FB-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 48-5A-B6-56-56-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : panhandle.rr.com
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
   Physical Address. . . . . . . . . : 48-5A-B6-56-56-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc3f:e28a:a44b:f7aa%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.1.28(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, June 28, 2015 10:43:11 AM
   Lease Expires . . . . . . . . . . : Monday, June 29, 2015 10:43:16 AM
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 10.0.1.1
   DHCPv6 IAID . . . . . . . . . . . : 71850678
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-E5-64-7E-A0-D3-C1-65-DD-8C
   DNS Servers . . . . . . . . . . . : 10.0.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : panhandle.rr.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : A0-D3-C1-65-DD-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3411:29d2:f5ff:fee3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3411:29d2:f5ff:fee3%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-E5-64-7E-A0-D3-C1-65-DD-8C
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.panhandle.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : panhandle.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  10.0.1.1

Name:    google.com
Addresses:  2607:f8b0:4008:807::200e
      216.58.192.110


Pinging google.com [216.58.192.110] with 32 bytes of data:
Reply from 216.58.192.110: bytes=32 time=52ms TTL=50
Reply from 216.58.192.110: bytes=32 time=51ms TTL=50

Ping statistics for 216.58.192.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 52ms, Average = 51ms
Server:  UnKnown
Address:  10.0.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=62ms TTL=47
Reply from 98.139.183.24: bytes=32 time=64ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 64ms, Average = 63ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 22...00 ff 6f 25 fb 6b ......TeamViewer VPN Adapter
 16...48 5a b6 56 56 5b ......Microsoft Wi-Fi Direct Virtual Adapter #2
 15...48 5a b6 56 56 5b ......Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
  3...a0 d3 c1 65 dd 8c ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1        10.0.1.28     25
         10.0.1.0    255.255.255.0         On-link         10.0.1.28    286
        10.0.1.28  255.255.255.255         On-link         10.0.1.28    286
       10.0.1.255  255.255.255.255         On-link         10.0.1.28    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.1.28    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.1.28    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:90d7:3411:29d2:f5ff:fee3/128
                                    On-link
 15    286 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::3411:29d2:f5ff:fee3/128
                                    On-link
 15    286 fe80::dc3f:e28a:a44b:f7aa/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    286 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/28/2015 06:50:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c54

Start Time: 01d0b1fc25e7c39f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 72e85d04-1df0-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 06:35:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ba8

Start Time: 01d0b1fa0d7775cf

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 5a6e2943-1dee-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 06:20:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aec

Start Time: 01d0b1f7f506542e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 421ee7e1-1dec-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 06:05:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a88

Start Time: 01d0b1f5dc998cb6

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 29a2f144-1dea-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 05:50:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e4

Start Time: 01d0b1f3c423a537

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 1125e9e8-1de8-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 05:35:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 187c

Start Time: 01d0b1f1abb15f8e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: f8b20dca-1de5-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 05:20:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dd4

Start Time: 01d0b1ef934614a6

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: e0471585-1de3-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 05:05:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e00

Start Time: 01d0b1ed7ad1fd52

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: c7d3863c-1de1-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 04:49:22 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: aec

Start Time: 01d0b1eb3b4234bb

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 88430984-1ddf-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (06/28/2015 04:35:28 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1454

Start Time: 01d0b1e949edfcfd

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 96ece48d-1ddd-11e5-bed8-a0d3c165dd8c

Faulting package full name: 134D4F5B.Box_2.1.3.3_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box


System errors:
=============
Error: (06/28/2015 06:26:15 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/28/2015 06:25:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/28/2015 10:41:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (06/28/2015 10:41:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (06/28/2015 10:41:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (06/28/2015 10:41:49 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (06/28/2015 10:41:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/28/2015 10:41:19 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/28/2015 10:41:18 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/28/2015 10:41:17 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-28 11:18:00.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:18:00.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:18:00.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:18:00.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:59.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:59.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:59.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:59.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:58.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 11:17:58.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

4 Elements II (HKLM-x32\...\WTA-020c02bd-f63c-4914-b1bf-bbea78709542) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-04849bd6-33c6-4512-953a-02e0794bb6a2) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{9E2BF31C-7E39-C549-8AFE-56C3B927BD91}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
Azteca (HKLM-x32\...\WTA-0af72341-7546-4ef0-bdd4-71ada6c6303a) (Version: 2.2.0.97 - WildTangent) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-8d8dbc37-7d44-47f2-b09f-869658b6e463) (Version: 2.2.0.98 - WildTangent) Hidden
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-2800eb79-6e6d-44a9-b5f2-fc1f864bf324) (Version: 2.2.0.97 - WildTangent) Hidden
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build-a-lot (HKLM-x32\...\WTA-aab0350a-7eb3-4132-b34b-7fe68631b8cc) (Version: 2.2.0.98 - WildTangent) Hidden
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
CMD Demo Trial (HKLM-x32\...\{7050EDC0-C916-4372-BDF6-E571C80161F5}) (Version: 1.0.1 - dss financial and corporate service provider)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-1bd38e69-4fe7-4512-9d5a-fc3d2924721a) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-ed4bc12c-0e6c-431c-9e7d-f96c6809ad38) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-8ee3cff1-2338-44d8-818d-5c04dc9f04f1) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-21c63d04-c7fb-4383-bfc0-b796c9a1dc93) (Version: 3.0.2.32 - WildTangent) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Farm Frenzy (HKLM-x32\...\WTA-ff007bf9-fa42-45a2-bce6-56bcb3725070) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-81a42317-fd3e-4914-a598-61935d855e6d) (Version: 2.2.0.110 - WildTangent) Hidden
Hawkes Update Service Manager (HKLM-x32\...\Hawkes Update Service Manager) (Version: 1.0.9 - Hawkes Learning Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-fad99fc5-e454-49cc-aeb9-1e4fb3babbe9) (Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B41C6B3F-F752-46EA-BC46-F26D3AD147B8}) (Version: 1.2.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKCU\...\HP Photo Creations) (Version: 1.0.0.17422 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDBE Ribbon Creator  (HKLM-x32\...\IDBE Ribbon Creator) (Version: 1.0141 - IDBE Avenius)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (HKLM-x32\...\WTA-e8630527-2712-41e1-8954-862adc08823d) (Version: 2.2.0.98 - WildTangent) Hidden
KeyedAccess v4.2 for Microsoft Access (HKLM-x32\...\KeyedAccess_is1) (Version:  - Peter's Software)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Luxor Evolved (HKLM-x32\...\WTA-aa0b2dd0-855e-4ad0-bb05-2d9941ac1b7a) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-7a8cb3bf-f7b8-4d67-b4b8-7a8fdfb818e0) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-7f905754-422f-4e51-a590-344579e97ee5) (Version: 2.2.0.98 - WildTangent) Hidden
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Access 2013 (HKLM-x32\...\Office15.AccessR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Office Access Developer Extensions (English) 2007 (HKLM-x32\...\{90120000-00D0-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-e57aa2b2-4cb7-4034-b06e-40859b7e8749) (Version: 2.2.0.98 - WildTangent) Hidden
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Peggle Nights (HKLM-x32\...\WTA-656131dd-d310-4587-a13b-e29bbbe4ef62) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-3a86f0b8-8616-4ae8-997a-95b591dfc9a7) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-8f8d6e76-4fb4-4d15-bb5d-bbc888ae6454) (Version: 2.2.0.97 - WildTangent) Hidden
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Radeon RAMDisk (HKLM-x32\...\{6B302E33-24EF-4D3F-9F55-CE327433EFDD}) (Version: 4.4.0.19 - Dataram, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Restaurant Empire 2  (HKLM-x32\...\Restaurant Empire 2) (Version:  - Enlight Software Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (HKLM-x32\...\WTA-161a2181-0ece-4bbc-bce1-971535292613) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-4fe362ef-800b-4f13-ab78-128745970c80) (Version: 3.0.2.32 - WildTangent) Hidden
Sagekey Access 2007 Deployment Wizard (HKLM-x32\...\{D69AAFF8-A33D-485C-B21F-F01E07E06407}) (Version: 4.0.2 - SageKey Software Inc.)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Setup - The SIMS 4  Deluxe Edition ... (HKLM-x32\...\Setup - The SIMS 4  Deluxe Edition ...) (Version: ... - Electronic Arts)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{B40B7A25-308B-4650-8B42-E51710CDD4D9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{026E123D-2160-46C7-A801-87D27D46835E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{700C00BA-E947-4B77-8EF1-588DF210E931}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Statistics (Academic Year 2014-2015 Student) (HKLM-x32\...\Statistics (Academic Year 2014-2015 Student)) (Version: 10.1.2 - Hawkes Learning Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
System Ninja version 3.0.7 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.7 - SingularLabs)
Tales of Lagoona (HKLM-x32\...\WTA-fffa44c0-f922-40b7-9f1e-2c556cfe3626) (Version: 2.2.0.110 - WildTangent) Hidden
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.AccessR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-daf3973e-669a-49de-a94a-78dd5ebd082a) (Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wipe (HKLM\...\wipe) (Version: 2015.06 - PrivacyRoot.com)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Youda Jewel Shop (HKLM-x32\...\WTA-8eb80b7f-1ad3-4e64-8bef-bc853149fc1b) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.198 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-fc5ef4c4-e278-40a8-9476-ac429c732c60) (Version: 2.2.0.98 - WildTangent) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 7366.26 MB
Available physical RAM: 5029.32 MB
Total Pagefile: 7878.26 MB
Available Pagefile: 5084.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.71 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:670.81 GB) (Free:398.55 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:26.62 GB) (Free:2.66 GB) NTFS

========================= Users: ========================================

User accounts for \\NARA_BEE

Administrator            Fyrelle                  Guest                    


**** End of log ****
 



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 28 June 2015 - 07:02 PM

Post the eset log when complete.



#15 Fyrelle

Fyrelle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 AM

Posted 29 June 2015 - 12:45 AM

ESET Log

 

C:\AdwCleaner\Quarantine\C\Users\Fyrelle\AppData\Roaming\VOPackage\nseC0B3.tmpfs.vir.mwt    a variant of Win32/Adware.AdService.U application    cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Users\Fyrelle\AppData\Roaming\Origin\update.vbe.mwt    VBS/CoinMiner.AD trojan    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe    VBS/CoinMiner.AD trojan    cleaned by deleting - quarantined
C:\Windows\SysWOW64\LavasoftTcpService.dll    a variant of Win32/Komodia.A potentially unsafe application    cleaned by deleting - quarantined
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe    VBS/Kryptik.DC trojan    cleaned by deleting - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users