Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus blocking Anti-Virus: Windows Defender


  • This topic is locked This topic is locked
41 replies to this topic

#1 yayayoya

yayayoya

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 03:44 AM

Hello,

 

I need your help. I'm having the same problem as this one:

http://www.bleepingcomputer.com/forums/t/496263/access-is-denied-and-disabled-windows-defender-microsoft-security-essentials/ 

 

I think I'm having exactly the same problem, but I can open my Windows defender but when I click the Start now button, the program disappears. and I tried it in services, and action center still not working! And I don't know what kind of virus it is. I think it's a virus that won't open it because my Malwarebytes won't open until I renamed it to "anything.exe" (as I've read in other forums). My USB gets infected also so I need to get Defender fixed.

 

Thank you. Looking forward to your reply



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 04:15 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 06:53 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Aiya at 2015-07-01 19:04:41
Running from C:\Users\Aiya\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1850969101-3584789739-587064572-500 - Administrator - Disabled) => C:\Users\Administrator
Aiya (S-1-5-21-1850969101-3584789739-587064572-1001 - Administrator - Enabled) => C:\Users\Aiya
Guest (S-1-5-21-1850969101-3584789739-587064572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1850969101-3584789739-587064572-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1850969101-3584789739-587064572-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1850969101-3584789739-587064572-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON L100 Series Printer Uninstall (HKLM\...\EPSON L100 Series) (Version:  - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{E7E058CF-4638-49D4-936D-AC6DAE3B002E}) (Version: 1.1.1 - Hewlett-Packard)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.0.3.0 - SEIKO EPSON CORPORATION) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1850969101-3584789739-587064572-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1850969101-3584789739-587064572-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1850969101-3584789739-587064572-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1850969101-3584789739-587064572-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1850969101-3584789739-587064572-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F18B27-640F-411F-9E3C-BD21114C71F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {0542837F-1BA4-4A9B-9868-2A7BD5E38329} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {05C42CC3-8F7F-4330-B311-23A6A88FBAA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-11] (Hewlett-Packard Company)
Task: {0F9A4868-D2EE-4208-B011-46541481D523} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {1C945AD3-51B3-4B9A-8A38-65C73E42C46B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-12-28] ()
Task: {1E554C35-2FB9-4006-9B34-A907F36CEC25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {219F4819-7CB6-4492-9EF6-4CDE48948802} - \AutoKMS No Task File <==== ATTENTION
Task: {307C32F2-0603-423C-96A7-E9D84F1F30B3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {338C7C05-8C3B-49E0-AACA-09B690C1FDB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {3F28B17E-77E4-407B-A567-3370AD5A6E4D} - System32\Tasks\HPCeeScheduleForAiya => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {453A5EF1-9B58-49A2-B7A2-824F160D1F4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-11] (Hewlett-Packard Company)
Task: {7E41CC9F-7BAF-426E-A1AF-DF08C444A29B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {911AF805-621A-4200-B43B-EF8F6BE0EBA9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARIANAIYA-Aiya MarianAiya => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {93E5657F-A110-4120-BE89-281582673B55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C477E80C-0BCE-4B04-9F15-6683D8293428} - System32\Tasks\{8DA9B9EF-63BB-4E97-9D84-BCCE7825228B} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {C60145E9-F8D8-4484-98F6-700F3F9D752B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-11] (Hewlett-Packard Company)
Task: {CF3C661E-61BB-4F7F-8BEA-DB8E6114C17F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-28] (CyberLink)
Task: {E7D75C48-71FE-4E4E-B4B9-88BA713476B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {F36B55FE-21B3-4763-BDAB-6CDB359C6476} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAiya.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2012-10-26 05:48 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-23 19:52 - 2015-06-20 13:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 19:52 - 2015-06-20 13:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Aiya\OneDrive:ms-properties
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1850969101-3584789739-587064572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aiya\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_2694.jpg
DNS Servers: 202.78.117.7 - 210.4.2.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1850969101-3584789739-587064572-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{488B9C47-3CFC-45B0-9372-53323F31404C}] => (Allow) C:\Users\Public\Music\Steam\SteamApps\common\NEKOPARA Vol. 1 Demo\nekopara_vol1_trial.exe
FirewallRules: [{B3668ADC-E576-4995-8016-2E745032B374}] => (Allow) C:\Users\Public\Music\Steam\SteamApps\common\NEKOPARA Vol. 1 Demo\nekopara_vol1_trial.exe
FirewallRules: [{190FB262-09EC-43C0-B2C3-092C00481810}] => (Allow) C:\Users\Public\Music\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F148258E-FA4B-4410-8639-94B958262371}] => (Allow) C:\Users\Public\Music\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{52F21A9A-64D6-4F66-BB26-BC389C17173F}] => (Allow) C:\Users\Public\Music\Steam\Steam.exe
FirewallRules: [{2369CF82-B093-475E-B999-199D1AF70E45}] => (Allow) C:\Users\Public\Music\Steam\Steam.exe
FirewallRules: [{81828E79-DA63-4E72-A21D-4B27C23D7A11}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A6E5D3D4-2A6D-487D-84B9-484C5F4C77E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1075F45-6B51-452A-9312-EC4EBBABD211}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{EEF5CFCE-C749-4EF0-A954-9018B3F69515}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{529ADB3B-BE4E-4CB6-8BC0-3F113E6D9EE9}C:\users\public\documents\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\users\public\documents\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{6A124E79-3FFB-4D37-81A4-672ACA5119FD}C:\users\public\documents\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\users\public\documents\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [{DB3A2A91-1B1B-4D0D-9C87-983D9302D5D7}] => (Allow) C:\Users\Public\Documents\Steam\bin\steamwebhelper.exe
FirewallRules: [{9FF00C3B-172D-4FEE-942A-1B21E889DD4A}] => (Allow) C:\Users\Public\Documents\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{A9A77772-E7FA-4319-8278-A60A644802CB}C:\users\aiya\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\aiya\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2119AA76-57D7-4388-AD09-F9D19587EF3C}C:\users\aiya\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\aiya\appdata\local\akamai\netsession_win.exe
FirewallRules: [{33B42DDD-8F41-4913-BA8B-E9BB3060CB62}] => (Allow) LPort=50248
FirewallRules: [{4B4E0492-E2CF-4FD8-ABD5-A770EBCAC3D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{01B2C20A-F0DA-49F1-BD94-EAB66A1F1196}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F864F758-9E6A-409F-807E-1FD2F4765742}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B4328C9-64CD-4205-B3DB-AC78B3B3E5A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{414F58C8-9597-4063-A06A-E564E1897A4D}C:\users\aiya\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aiya\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{B0F7A401-5F3F-4BC8-8A44-46B6656C98C4}C:\users\aiya\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aiya\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F9CC51A0-C8D1-40C6-A03A-8581851CC5BB}] => (Allow) C:\Users\Public\Documents\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9D0F408D-E13D-42A5-A462-8D716ECB1E62}] => (Allow) C:\Users\Public\Documents\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0E84FC56-3EF2-48CC-B2C0-9DC5A9682491}] => (Allow) C:\Users\Public\Documents\Steam\Steam.exe
FirewallRules: [{A9CE0FE3-CD9D-46A6-B21F-BC39E3FF3A05}] => (Allow) C:\Users\Public\Documents\Steam\Steam.exe
FirewallRules: [{EE83FB24-5FF7-4230-90EA-496F81393A27}] => (Allow) C:\Users\Aiya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E28E7DE0-C7B5-4BA9-B246-B180DC92E53B}] => (Allow) C:\Users\Aiya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DDD07B20-8EBF-47E1-8756-6A7B6F5BBF77}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{406A3FE2-2838-44CA-A547-981C9FE870D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{575817DF-4354-46E1-8ABA-AC7976F2D4CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5448ED1B-3872-4CB7-8B72-EAFE496108DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0C1139A-BADA-41F0-8823-FB21D5B0F753}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96A5F432-AD4F-48E4-8FAA-3211F382FA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{019377DE-547F-4B35-81C3-B3E53FF70DA9}] => (Allow) LPort=1900
FirewallRules: [{FEC625AC-B72C-47CB-97FC-D362761FDDE0}] => (Allow) LPort=2869
FirewallRules: [{65B8371D-B15A-426B-AF45-2D1602A56E55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{29721E05-202D-45B0-A160-73AA9A64F873}] => (Allow) C:\Users\Aiya\Music\Steam\Steam.exe
FirewallRules: [{57FD817B-FB0B-442A-9FA1-72289E9F8F28}] => (Allow) C:\Users\Aiya\Music\Steam\Steam.exe
FirewallRules: [{F4A195CB-F3EA-4362-B6C7-10393D0B5706}] => (Allow) C:\Users\Aiya\Music\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2D1B953C-FCC3-4242-9B3F-E0311AB2D486}] => (Allow) C:\Users\Aiya\Music\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{62514E6F-D1AF-47D0-9CC2-CF0FE31D1EF9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{330BCF42-7DB4-4FE0-BB82-13406BC41F27}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9AB355AB-D477-4B05-A393-1AF31FB5864F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2015 07:02:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: QtCore_Ad_SyncNs_4.dll, version: 4.8.2.0, time stamp: 0x50d3fca7
Exception code: 0xc0000005
Fault offset: 0x00000000000266ab
Faulting process id: 0xf78
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15031
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15031
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2015 06:15:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dcc
 
Start Time: 01d0b3e62853dc1a
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 1e7d1472-1fda-11e5-bf8a-38eaa7dc9119
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/01/2015 06:00:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1f30
 
Start Time: 01d0b3e40fdc3cf5
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 057714b2-1fd8-11e5-bf8a-38eaa7dc9119
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/01/2015 05:45:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1dd0
 
Start Time: 01d0b3e1f76af243
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: ed438c5d-1fd5-11e5-bf8a-38eaa7dc9119
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/01/2015 05:30:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 728
 
Start Time: 01d0b3dfdf002aea
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: d2b3c867-1fd3-11e5-bf8a-38eaa7dc9119
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/01/2015 05:15:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ff8
 
Start Time: 01d0b3ddc6872c75
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: bee41554-1fd1-11e5-bf8a-38eaa7dc9119
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/01/2015 04:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anything.exe.exe, version: 1.0.2.929, time stamp: 0x552d3ec4
Faulting module name: QtGui4.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000135
Fault offset: 0x0009d4f2
Faulting process id: 0x18f8
Faulting application start time: 0xanything.exe.exe0
Faulting application path: anything.exe.exe1
Faulting module path: anything.exe.exe2
Report Id: anything.exe.exe3
Faulting package full name: anything.exe.exe4
Faulting package-relative application ID: anything.exe.exe5
 
 
System errors:
=============
Error: (07/01/2015 04:49:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Avira Real-Time Protection service, but this action failed with the following error: 
%%1058
 
Error: (07/01/2015 04:49:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Avira Scheduler service, but this action failed with the following error: 
%%1058
 
Error: (07/01/2015 04:49:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/01/2015 04:49:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/01/2015 04:49:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (07/01/2015 04:49:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (07/01/2015 04:49:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (07/01/2015 04:49:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (07/01/2015 04:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/01/2015 04:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (07/01/2015 07:02:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2QtCore_Ad_SyncNs_4.dll4.8.2.050d3fca7c000000500000000000266abf7801d0b3ec6c6f2a25C:\WINDOWS\Explorer.EXEC:\Program Files\Autodesk\Autodesk Sync\QtCore_Ad_SyncNs_4.dlla294aa80-1fe0-11e5-bf8a-38eaa7dc9119
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15031
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15031
 
Error: (07/01/2015 06:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2015 06:15:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415dcc01d0b3e62853dc1a4294967295C:\WINDOWS\syswow64\wwahost.exe1e7d1472-1fda-11e5-bf8a-38eaa7dc9119Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/01/2015 06:00:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151f3001d0b3e40fdc3cf54294967295C:\WINDOWS\syswow64\wwahost.exe057714b2-1fd8-11e5-bf8a-38eaa7dc9119Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/01/2015 05:45:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151dd001d0b3e1f76af2434294967295C:\WINDOWS\syswow64\wwahost.exeed438c5d-1fd5-11e5-bf8a-38eaa7dc9119Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/01/2015 05:30:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741572801d0b3dfdf002aea4294967295C:\WINDOWS\syswow64\wwahost.exed2b3c867-1fd3-11e5-bf8a-38eaa7dc9119Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/01/2015 05:15:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151ff801d0b3ddc6872c754294967295C:\WINDOWS\syswow64\wwahost.exebee41554-1fd1-11e5-bf8a-38eaa7dc9119Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/01/2015 04:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: anything.exe.exe1.0.2.929552d3ec4QtGui4.dll6.3.9600.17736550f42c2c00001350009d4f218f801d0b3d60677eb90C:\Program Files (x86)\Malwarebytes Anti-Malware\anything.exe.exeQtGui4.dll44ec6c6e-1fc9-11e5-bf8a-38eaa7dc9119
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-01 19:02:13.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 19:02:13.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 19:02:13.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 19:02:12.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 19:02:12.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 19:02:12.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 18:52:56.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 18:52:56.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 18:47:26.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 18:47:26.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 46%
Total physical RAM: 3995.27 MB
Available physical RAM: 2153.72 MB
Total Pagefile: 6171.27 MB
Available Pagefile: 4112.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:905.84 GB) (Free:322.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.11 GB) (Free:2.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D7E4BA4B)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 07:23 AM

FRST.txt is missing.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 07:27 AM

Yes, I'm sorry please wait.. I'm having trouble posting. Thanks



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 07:27 AM

OK. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 07:50 AM

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 08:11 AM

FRST attached

Attached Files

  • Attached File  FRST.txt   492.41KB   7 downloads


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 08:41 AM

Windows Defender can't work because Avira is running.

Step 1

Upload File(s) to virustotal.png
I want you to upload the following file(s) to an online virus-scanner to scan.

  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:
    C:\Users\Aiya\AppData\Roaming\obaubvcdgm.exe
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply;

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 10:58 AM

It failed, I'll be redoing it..



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 11:37 AM

what is the problem?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 01 July 2015 - 11:39 AM

https://www.virustotal.com/en/file/a68fe3c37911b2fcda598faa694f52767edc33fe153eaf6c37402f968b9eccaf/analysis/1435768266/

 

heres the link :)



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 01 July 2015 - 01:02 PM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 yayayoya

yayayoya
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 02 July 2015 - 10:54 AM

First step, I did the scan with AdwCleaner.exe as administrator. clicked clean, clicked okay and the computer said it need to restart like blue screen. I waited for the automatic C:\AdwCleaner[S#].txt file but it didn't show up, and tried to search it but it wasn't found.


Edited by yayayoya, 02 July 2015 - 10:55 AM.


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:43 PM

Posted 02 July 2015 - 10:55 AM

Proceed with step 2 please.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users