Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by KMS Win10 Activator - Please help!


  • Please log in to reply
6 replies to this topic

#1 Fellow83

Fellow83

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 16 August 2015 - 02:52 PM

Hello. I tried to get Windows 10 for free (I did buy a key for Windows 7, but I couldn't upgrade), so I (blindly) used a KMS Windows 10 Activator. I can see that it put ads on my browser, redirects me sometimes to "pay for virus support" sites. I use this computer daily, but it doesn't matter to me if I reinstall Windows 10, if you suggest that as an option.

 

Please help me!

Many thanks,

Fellow83.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:40 AM

Posted 16 August 2015 - 03:07 PM

Hi there,

This is why you should not use pirated software. :)

I will assist you in cleaning your machine. After that you can post in the Windows 7 section to seek help with upgrading to Windows 10 using your legit key.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Fellow83

Fellow83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 16 August 2015 - 03:49 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by scott (administrator) on 16-08-2015 at 16:46:15
Running from "D:\VIRUS REMOVAL"
Microsoft Windows 10 Home  (X64)
Model: Hi-Fi A85W Manufacturer: BIOSTAR Group
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9287 Wireless Network Adapter = Wi-Fi (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-SCOTT
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B8-97-5A-3D-B3-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9287 Wireless Network Adapter
   Physical Address. . . . . . . . . : E8-DE-27-64-3C-36
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  4...b8 97 5a 3d b3 5e ......Realtek PCIe GBE Family Controller
  3...e8 de 27 64 3c 36 ......Qualcomm Atheros AR9287 Wireless Network Adapter
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63843

Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63843

Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/16/2015 04:03:56 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/16/2015 04:03:55 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/16/2015 04:03:55 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (08/16/2015 04:03:54 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/16/2015 04:03:54 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (08/16/2015 04:03:53 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/16/2015 04:03:53 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8


System errors:
=============
Error: (08/16/2015 04:38:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/16/2015 04:03:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 04:03:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 03:55:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 03:55:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 03:28:20 PM) (Source: Service Control Manager) (User: )
Description: The winsec service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

Error: (08/16/2015 03:24:30 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2015 03:24:30 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2015 03:24:30 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2015 03:24:30 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63843

Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63843

Error: (08/16/2015 04:39:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/16/2015 04:03:56 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/16/2015 04:03:55 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/16/2015 04:03:55 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C00300010001(0x00000000, 16:03:55:187 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 16:03:55:191)
00030001(0x00000000, 16:03:55:196 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 16:03:55:196 - 0)
00040001(0x00000000, 16:03:55:196 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 16:03:55:201 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 16:03:55:202 - 0, 1)
00040006(0x00000001, 16:03:55:202 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 16:03:55:202 - 0)
0002000C(0x00000000, 16:03:55:984 - 500)
00010002(0x8004FC01, 16:03:55:984 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 16:03:55:985)

Error: (08/16/2015 04:03:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/16/2015 04:03:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C00300010001(0x00000000, 16:03:53:654 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 16:03:53:658)
00030001(0x00000000, 16:03:53:664 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 16:03:53:664 - 0)
00040001(0x00000000, 16:03:53:664 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 16:03:53:669 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 16:03:53:669 - 0, 1)
00040006(0x00000001, 16:03:53:669 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 16:03:53:669 - 0)
0002000C(0x00000000, 16:03:54:451 - 500)
00010002(0x8004FC01, 16:03:54:451 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 16:03:54:452)

Error: (08/16/2015 04:03:53 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/16/2015 04:03:53 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{6BF528E1-5013-4D47-B9DA-6495EA2D5206}) (Version: 3.3.1 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{C1609E6E-10B5-46F4-A48C-AC57045D0B88}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{B2429EA1-767E-4947-A458-F2204A2AA1BB}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (HKLM\...\{03DE1AEE-D3FA-4BF3-9150-28F54815E888}) (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{235CCCE6-3CB9-4E09-9D8E-0F212644C668}) (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (HKLM-x32\...\{59F3E23B-CD8C-4210-A558-C78BF7F99536}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (HKLM-x32\...\{35FC2DD2-7798-4230-83D9-C4FBFDD31577}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{6618DB5E-8788-46E1-94F4-9F1C0FC075BD}) (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{772590BC-E61B-4080-B9D5-A71497612F36}) (Version: 12.0.31010 - Microsoft Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CodedUITest81 (HKLM-x32\...\{3AF80693-9047-3BAA-9554-22AB6C428AB4}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
CodedUITestUAP (HKLM-x32\...\{7AE0E2AA-82E3-3E1C-BBA9-091C59CCD4C6}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.1.5 - Telerik)
Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IDE Tools for Windows 10 - ENU (HKLM-x32\...\{F65D8617-6C94-4D12-B7CF-EC25EB9D60BD}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (HKLM-x32\...\{1F0931AA-E184-42DE-9956-9199CD3D3FF4}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intellisense Lang Pack Mobile Extension SDK 10.0.10240.0 (HKLM-x32\...\{3C06680E-B0F3-4C36-A648-8DCCAE530298}) (Version: 10.0.10240.0 - Microsoft Corporation) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Kits Configuration Installer (HKLM-x32\...\{0275DC52-C83E-3142-D2EF-70877F885663}) (Version: 10.0.26624 - Microsoft) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{276E74C3-A23F-4518-8043-9DF4F7F99ED3}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Project and Item Templates for Visual Studio Community 2015 - ENU (HKLM-x32\...\{85619B33-76D7-4FF8-A04D-6E568B0CF29A}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (HKLM-x32\...\{E5F7C407-DA1F-4E90-90EC-EABA993191E0}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (HKLM-x32\...\{11D8613E-5F4A-4546-8F3A-799BD7A9F840}) (Version: 14.0.23121 - Microsoft Corporation) Hidden
Python Tools 2.2 for Visual Studio 2015 (HKLM-x32\...\{DE3F045F-57D5-4DAF-A479-DB759047966B}) (Version: 2.2.30718.00 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Telerik Control Panel (HKLM-x32\...\{36B673F9-5230-43C4-9F90-003A08C35427}) (Version: 15.5.721.0 - Telerik AD)
Telerik JustDecompile Q2 2015 (HKLM-x32\...\{152CCA0F-9BCD-4884-935C-170919608B9F}) (Version: 15.2.623.0 - Telerik AD)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6E3FB6C9-8C3C-45D4-BD9E-AECA430EE8E0}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{EA2C2406-C25C-4845-842F-360EFEA4CDCE}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.3.0 (HKLM-x32\...\{7f54b430-3428-4775-aeae-531e46185ec6}) (Version: 1.5.23115.0 - Microsoft Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6AFD985C-21B7-8F2D-86B2-19A0563A1195}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{4B51AEB6-6809-14FF-9BED-0CA4562E7C29}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C7EDFCB3-6341-A239-4626-499461403BC1}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{AC7E3FD3-018B-5DD8-2C2B-3AE87B283E48}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{35CC86CF-B9E6-6E9D-7DFF-F2C4A7668A57}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{311BF490-B346-3B34-80BD-B892C4835026}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{2F157523-39A0-B488-8BD7-60B25186B5EB}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{AF110624-9E71-3F58-0992-C12DBEE79BA7}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8F542B99-CF59-6042-48B8-549B60E66232}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{91F4F520-25FB-AB44-610A-B8D53C4BF25D}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1C47EFF0-EDFE-BBA3-0BB5-8345E002C0D8}) (Version: 10.0.26624 - Microsoft Corporation) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 8151.82 MB
Available physical RAM: 6421.35 MB
Total Virtual: 9431.82 MB
Available Virtual: 7511.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.02 GB) (Free:869.25 GB) NTFS
2 Drive d: (PS2_DRIVE) (Removable) (Total:14.61 GB) (Free:13.92 GB) FAT32

========================= Users: ========================================

User accounts for \\DESKTOP-SCOTT

Administrator            DefaultAccount           Guest                    
scott                    

========================= Minidump Files ==================================

C:\Windows\Minidump\080715-14984-01.dmp
========================= Restore Points ==================================

02-08-2015 08:41:30 Windows Modules Installer
05-08-2015 21:37:20 Windows Update
11-08-2015 21:09:43 Windows Modules Installer
14-08-2015 20:12:12 Removed Java 8 Update 51

**** End of log ****
 

 Results of screen317's Security Check version 1.007  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Visual Studio Extensions for Windows Library for JavaScript
 Java 8 Update 51  
 Java SE Development Kit 7 Update 55
 Microsoft VisualStudio JavaScript Language Service
 Microsoft VisualStudio JavaScript Project System
 Adobe Flash Player     18.0.0.232  
 Mozilla Firefox (40.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 SecurityCheck.exe    
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:40 AM

Posted 16 August 2015 - 03:55 PM

Let's see if these will get anything.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
===

Junkware Removal Tool by Malwarebytes Corporation

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Regards,
Alex

#5 Fellow83

Fellow83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 16 August 2015 - 04:08 PM

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 17:02:18
# Updated 14/08/2015 by Xplode
# Database : 2015-08-14.3 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : scott - DESKTOP-SCOTT
# Running from : D:\VIRUS REMOVAL\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

File Found : C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\9mz79jns.default\Extensions\bloodyvikings@ffs.bplaced.net.xpi

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner[S1].txt - [784 octets] - [16/08/2015 17:02:18]

########## EOF - C:\AdwCleaner[S2].txt - [846 octets] ##########
 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 10 Home x64
Ran by scott on Sun 08/16/2015 at 17:04:45.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/16/2015 at 17:07:09.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:40 AM

Posted 16 August 2015 - 04:13 PM

Hi there,

Please re-run AdwCleaner and choose Cleaning for all detections.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
===

Reset your browsers using instructions here.

How is the computer doing?

#7 Fellow83

Fellow83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 16 August 2015 - 04:38 PM

Emsisoft Emergency Kit - Version 10.0
Last update: 8/16/2015 5:33:55 PM
User account: DESKTOP-SCOTT\scott

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/16/2015 5:34:18 PM
Value: HKEY_USERS\S-1-5-21-964020359-3181172109-1376357726-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-964020359-3181172109-1376357726-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
C:\$Recycle.Bin\S-1-5-21-964020359-3181172109-1376357726-1001\$RH7KZLH.6\KMSPico.exe     detected: Dropped:Application.OutBrowse.J ( B)

Scanned    75062
Found    3

Scan end:    8/16/2015 5:38:16 PM
Scan time:    0:03:58

C:\$Recycle.Bin\S-1-5-21-964020359-3181172109-1376357726-1001\$RH7KZLH.6\KMSPico.exe    Quarantined Dropped:Application.OutBrowse.J ( B)
Value: HKEY_USERS\S-1-5-21-964020359-3181172109-1376357726-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-964020359-3181172109-1376357726-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    3
 

 

 

ESET ONLINE SCANNER (LOG FILE):

------------------------------------------------

C:\$Recycle.Bin\S-1-5-21-964020359-3181172109-1376357726-1001\$R4F5VR9.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-964020359-3181172109-1376357726-1001\$RZ8OM88.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-964020359-3181172109-1376357726-1001\$RH7KZLH.6\remedia-installer-1019.exe    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting - quarantined
C:\Program Files (x86)\Security\security.exe    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Users\scott\AppData\Local\Mozilla\Firefox\Profiles\9mz79jns.default\cache2\entries\54867D7B2841967586CAE22E70A5D18E6830A495    HTML/ScrInject.B.Gen virus    deleted - quarantined

------------------------------------------------

 

The computer is running normally again :D

 

There is one thing, though: whenever I try to delete C:\program files (x86)\security\ , it says that the folder

is in use?

 

BTW thank you! :)
 


Edited by Fellow83, 17 August 2015 - 02:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users