Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with the proverbial pain of malware


  • Please log in to reply
1 reply to this topic

#1 JustanAvrgBear

JustanAvrgBear

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 October 2015 - 01:20 PM

Hello All,

 

Here are the scan results from the tools utilized in assist with the process of  my system and the browser preloaded with the Adware, malware and all of the other garbage that is such  a " Pain in the Preverbal" for us all.

 

 Results of screen317's Security Check version 1.009 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player  19.0.0.185 
 Adobe Reader XI 
 Mozilla Firefox (41.0.1)
 Google Chrome (45.0.2454.101)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
_________________________________________________________________________________________________
 
Farbar Service Scanner Version: 26-07-2015
Ran by ariss (administrator) on 12-10-2015 at 10:49:44
Running from "C:\Users\ariss\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 

Windows Firewall:
=============
 
Firewall Disabled Policy:
==================
 

System Restore:
============
 
System Restore Policy:
========================
 

Action Center:
============
 

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 

Windows Autoupdate Disabled Policy:
============================
 

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 

Other Services:
==============
 

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 

**** End of log ****
__________________________________________________________________________________________________
 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by ariss (administrator) on 12-10-2015 at 10:53:28
Running from "C:\Users\ariss\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Satellite S75t-A Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ==============================
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188EE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)
 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Ethernet" nexthop=192.168.1.1 publish=Yes
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : NotYourAverageBear
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 64-5A-04-96-0B-53
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 08-9E-01-ED-D1-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71fe:d29c:6ce4:91f7%6(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.145.247(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 50896385
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0A-83-EC-08-9E-01-ED-D1-C1
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188EE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 64-5A-04-96-0B-53
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::891d:c19d:408a:77a8%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.80(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 12, 2015 8:44:48 AM
   Lease Expires . . . . . . . . . . : Tuesday, October 13, 2015 12:21:49 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 73685508
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0A-83-EC-08-9E-01-ED-D1-C1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4000:806::1005
   216.58.218.174
 

Pinging google.com [216.58.218.174] with 32 bytes of data:
Reply from 216.58.218.174: bytes=32 time=15ms TTL=55
Reply from 216.58.218.174: bytes=32 time=17ms TTL=55
 
Ping statistics for 216.58.218.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   206.190.36.45
   98.138.253.109
   98.139.183.24
 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=55ms TTL=52
Reply from 98.139.183.24: bytes=32 time=53ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 55ms, Average = 54ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
  5...64 5a 04 96 0b 53 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...08 9e 01 ed d1 c1 ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  3...64 5a 04 96 0b 53 ......Realtek RTL8188EE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.80     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.145.247    266
  169.254.145.247  255.255.255.255         On-link   169.254.145.247    266
  169.254.255.255  255.255.255.255         On-link   169.254.145.247    266
      192.168.1.0    255.255.255.0         On-link      192.168.1.80    281
     192.168.1.80  255.255.255.255         On-link      192.168.1.80    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.80    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   169.254.145.247    266
        224.0.0.0        240.0.0.0         On-link      192.168.1.80    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   169.254.145.247    266
  255.255.255.255  255.255.255.255         On-link      192.168.1.80    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  6    266 fe80::/64                On-link
  3    281 fe80::/64                On-link
  6    266 fe80::71fe:d29c:6ce4:91f7/128
                                    On-link
  3    281 fe80::891d:c19d:408a:77a8/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    266 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\WWatcherLSP.dll [293008] (WWatcher)
Catalog9 02 C:\WINDOWS\system32\WWatcherLSP.dll [293008] (WWatcher)
Catalog9 03 C:\WINDOWS\system32\WWatcherLSP.dll [293008] (WWatcher)
Catalog9 04 C:\WINDOWS\system32\WWatcherLSP.dll [293008] (WWatcher)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\WWatcherLSP.dll [293008] (WWatcher)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\WINDOWS\System32\WWatcherLSP64.dll [343128] (WWatcher)
x64-Catalog9 02 C:\WINDOWS\System32\WWatcherLSP64.dll [343128] (WWatcher)
x64-Catalog9 03 C:\WINDOWS\System32\WWatcherLSP64.dll [343128] (WWatcher)
x64-Catalog9 04 C:\WINDOWS\System32\WWatcherLSP64.dll [343128] (WWatcher)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 16 C:\WINDOWS\System32\WWatcherLSP64.dll [343128] (WWatcher)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/12/2015 10:53:11 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
 (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (10/12/2015 10:43:11 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
 (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (10/12/2015 10:37:56 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery/restore failed with unexpected error -1216.
 
Error: (10/12/2015 10:37:56 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (10/12/2015 10:33:11 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
 (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (10/12/2015 10:31:23 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery/restore failed with unexpected error -1216.
 
Error: (10/12/2015 10:31:23 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (10/12/2015 10:23:11 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
 (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (10/12/2015 10:21:08 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery/restore failed with unexpected error -1216.
 
Error: (10/12/2015 10:21:08 AM) (Source: ESENT) (User: )
Description: svchost (700) DS_Token_DB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 

System errors:
=============
Error: (10/12/2015 10:37:56 AM) (Source: Service Control Manager) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876
 
Error: (10/12/2015 10:31:23 AM) (Source: Service Control Manager) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876
 
Error: (10/12/2015 10:21:08 AM) (Source: Service Control Manager) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876
 
Error: (10/12/2015 10:12:09 AM) (Source: Service Control Manager) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876
 
Error: (10/12/2015 09:58:34 AM) (Source: Service Control Manager) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876
 
Error: (10/12/2015 09:28:00 AM) (Source: DCOM) (User: NOTYOURAVERAGEB)
Description: 2WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
Error: (10/12/2015 09:28:00 AM) (Source: Service Control Manager) (User: )
Description: The WWatcherProxy service failed to start due to the following error:
%%2
 
Error: (10/12/2015 09:27:57 AM) (Source: DCOM) (User: NOTYOURAVERAGEB)
Description: 2WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
Error: (10/12/2015 09:27:57 AM) (Source: Service Control Manager) (User: )
Description: The WWatcherProxy service failed to start due to the following error:
%%2
 
Error: (10/12/2015 09:27:54 AM) (Source: DCOM) (User: NOTYOURAVERAGEB)
Description: 2WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 

Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-09-28 22:55:41.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:55:23.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:55.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:42.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:42.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:41.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:41.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:41.889
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-28 22:54:41.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 

=========================== Installed Programs ============================
 
AD Replication Status Tool 1.0 (HKLM-x32\...\{9B1CF78B-6540-487B-99D0-D9DC372051AF}) (Version: 2.6.40122.1 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-3b6bb174-13fe-4940-bec2-0e0b6fec9719) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCENT/CCNA ICND1 100-101 Network Simulator Lite (HKLM-x32\...\{F3E303BD-33F4-FAF5-CF10-53D2072A4323}) (Version: 1.0.0 - Pearson Education) Hidden
CCENT/CCNA ICND1 100-101 Network Simulator Lite (HKLM-x32\...\com.pearson.ccna.NetworkSimulator.ICND1.lite) (Version: 1.0.0 - Pearson Education)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CiscoGUI (HKLM-x32\...\{8A802DCC-9D18-4F6A-B54A-8C072CF2184F}) (Version: 1.0.0 - NxTSOF)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.100.12 - Citrix Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 15.8.8.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.8.2 - ELAN Microelectronic Corp.)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ICND1 Network Simulator Lite (HKLM-x32\...\ICND1 Network Simulator Lite) (Version: 1.0.0.14 - Pearson IT Certification)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
King Oddball (HKLM-x32\...\WTA-ece6c8e6-3b68-488d-b680-e6ef650645bd) (Version: 3.0.2.48 - WildTangent) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
NetBrain Auto Update Slave Server (HKLM-x32\...\{A65A6B04-32F8-49A9-A8EF-0A76F4A016FF}) (Version: 5.4.2 - NetBrain Technologies, Inc.)
NetBrain Workstation Instant Trial Edition (HKLM-x32\...\{3C4BD374-9FED-40BA-87B8-27A88A0FB186}) (Version: 5.4.2 - NetBrain Technologies, Inc.) Hidden
NetBrain Workstation Instant Trial Edition (HKLM-x32\...\InstallShield_{3C4BD374-9FED-40BA-87B8-27A88A0FB186}) (Version: 5.4.2 - NetBrain Technologies, Inc.)
NetBrain Workstation Personal Edition (HKLM-x32\...\{F24B7EC5-C5D4-4874-9611-3885540DE482}) (Version: 4.1.1 - NetBrain Technologies, Inc.) Hidden
NetBrain Workstation Personal Edition (HKLM-x32\...\InstallShield_{F24B7EC5-C5D4-4874-9611-3885540DE482}) (Version: 4.1.1 - NetBrain Technologies, Inc.)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Online Plug-in (HKLM-x32\...\{9C1496FA-BB86-4A08-96CC-4F43EC65395A}) (Version: 14.1.100.12 - Citrix Systems, Inc.) Hidden
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.22 - Pearson IT Certification)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-fec579bd-5d66-4779-b6d5-a53aad44b3e4) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Professor Teaches Windows 8.1 (HKLM-x32\...\Professor Teaches Windows 8.1) (Version:  - )
Qmap Reader (HKLM-x32\...\{9993E6D4-80E5-410B-843A-951CF17F54D5}) (Version: 1.01.00000 - NetBrain) Hidden
Qmap Reader (HKLM-x32\...\InstallShield_{9993E6D4-80E5-410B-843A-951CF17F54D5}) (Version: 1.01.00000 - NetBrain)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{D8FD5C98-F5A6-4623-B9C5-6099B227C343}) (Version: 4.1.100.46563 - Citrix Systems, Inc.) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SVH (HKLM-x32\...\rec_en_77_is1) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
utilPrograms (HKLM-x32\...\WebWatcherInstall) (Version:  - )
VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version:  - Avanset)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wanted for Half Life! Screen Saver (HKLM-x32\...\Wanted for Half Life! Screen Saver) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.8 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
========================= Devices: ================================
 

========================= Memory info: ===================================
 
Percentage of memory in use: 36%
Total physical RAM: 8116.27 MB
Available physical RAM: 5176.97 MB
Total Virtual: 9396.27 MB
Available Virtual: 6181.61 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI10672700E) (Fixed) (Total:921.65 GB) (Free:802.86 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\NOTYOURAVERAGEB
 
Administrator            ariss                    DefaultAccount          
Guest                    Nancy                   
 
========================= Restore Points ==================================
 
23-09-2015 01:12:51 Scheduled Checkpoint
28-09-2015 16:40:41 Windows Update
29-09-2015 20:33:46 avast! antivirus system restore point
03-10-2015 08:44:15 Chrome Cleanup Tool
11-10-2015 05:35:12 Scheduled Checkpoint
 
**** End of log ****
______________________________________________________________________________________________________
 
Malwarebytes History Application Logs Scan Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/12/2015
Scan Time: 11:32 AM
Logfile:
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2015.10.12.01
Rootkit Database: v2015.10.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: ariss
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433839
Time Elapsed: 31 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 4
PUP.Optional.ConvertAd, C:\Program Files (x86)\AFE37040-1443498063-11E3-90C1-089E01EDD1C1\hnse58D1.tmp, 2556, Delete-on-Reboot, [872ad1848efd4aec0af5c8f618ea7789]
Rogue.TechSupportScam, C:\Users\ariss\AppData\Local\WinDan\WinDanApp.exe, 7708, Delete-on-Reboot, [aa07aaab296233037faad11b43be16ea]
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\ariss\AppData\Local\Crsoft\crsvc.exe, 2952, Delete-on-Reboot, [357cc095662592a4ebcfc284e51e35cb]
PUP.Optional.NetService, C:\Users\ariss\AppData\Roaming\NetService\netservice.exe, 2800, Delete-on-Reboot, [b5fcdf764a418bab823b85c1857e44bc]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 135
PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gyvixodu, Quarantined, [872ad1848efd4aec0af5c8f618ea7789],
PUP.Optional.BrowseFox.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\huhetyxy, Quarantined, [9c156beaf3980333509457a95fa136ca],
Adware.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PremierOpinion, Quarantined, [cee398bdef9c5ed89f0701b308f84eb2],
PUP.Optional.WebWatcher, HKLM\SOFTWARE\CLASSES\APPID\{BB5E0EB5-8A8C-441E-B6B0-D8A5614571C7}, Quarantined, [2d8467ee3259aa8c991d06fc0ff4f60a],
PUP.Optional.WebWatcher, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{BB5E0EB5-8A8C-441E-B6B0-D8A5614571C7}, Quarantined, [2d8467ee3259aa8c991d06fc0ff4f60a],
PUP.Optional.WebWatcher, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{BB5E0EB5-8A8C-441E-B6B0-D8A5614571C7}, Quarantined, [2d8467ee3259aa8c991d06fc0ff4f60a],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [e1d0ec69e5a646f0dcd0a256f1116799],
PUP.Optional.TaskRNDM, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [c1f0ea6bc0cb56e0984133cf15ee39c7],
PUP.Optional.TaskRNDM, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [c1f0ea6bc0cb56e0984133cf15ee39c7],
PUP.Optional.Tuvaro, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}, Quarantined, [327fdb7aa7e444f2b8a9c10025dd50b0],
PUP.Optional.Tuvaro, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, Quarantined, [327fdb7aa7e444f2b8a9c10025dd50b0],
PUP.Optional.ConsumerInput, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5859193cff8c85b1c04dc03a34ce8b75],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5859193cff8c85b1c04dc03a34ce8b75],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [565b9eb727640135524e36cc15eeff01],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [565b9eb727640135524e36cc15eeff01],
PUP.Optional.EasyCalendar.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Crashhd, Quarantined, [357cc095662592a4ebcfc284e51e35cb],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\TYPELIB\{5534719D-3FBF-4B02-9EB1-460277DBE138}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{07FD117E-BAC6-4F75-8570-B4FCE1084A67}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{41CB0A85-E6F1-4870-A57C-26B9A4621E48}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{BF0D7E34-16EC-4682-8144-34007DD3A8C7}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{DED2C126-AACF-4F4C-B916-8A220ACCC234}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{EC67C245-F357-4687-A695-B96A7DACF38D}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07FD117E-BAC6-4F75-8570-B4FCE1084A67}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41CB0A85-E6F1-4870-A57C-26B9A4621E48}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BF0D7E34-16EC-4682-8144-34007DD3A8C7}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DED2C126-AACF-4F4C-B916-8A220ACCC234}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EC67C245-F357-4687-A695-B96A7DACF38D}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{07FD117E-BAC6-4F75-8570-B4FCE1084A67}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{41CB0A85-E6F1-4870-A57C-26B9A4621E48}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BF0D7E34-16EC-4682-8144-34007DD3A8C7}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DED2C126-AACF-4F4C-B916-8A220ACCC234}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EC67C245-F357-4687-A695-B96A7DACF38D}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5534719D-3FBF-4B02-9EB1-460277DBE138}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5534719D-3FBF-4B02-9EB1-460277DBE138}, Quarantined, [c8e925308efd4de9f577d01d3fc5e31d],
PUP.Optional.FlashBeat, HKLM\SOFTWARE\Flashbeat, Quarantined, [8130d87d8b0070c6425fae03ab5930d0],
PUP.Optional.HighDefAction, HKLM\SOFTWARE\HighDefAction, Quarantined, [8d241144701b7eb8f56052649d67738d],
PUP.Optional.YorkNewCin, HKLM\SOFTWARE\YorkNewCin, Quarantined, [f4bd1e37d0bbc76f32b7904f7391b947],
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD, Quarantined, [436e56ffabe03cfa99da4361679d27d9],
PUP.Optional.WeWatcherProxy, HKLM\SOFTWARE\CLASSES\APPID\WWatcherProxy.EXE, Quarantined, [e2cf57fe4e3d90a6e082914de123f60a],
PUP.Optional.WeWatcherProxy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\WWatcherProxy.EXE, Quarantined, [f5bc5ef78cff2f07ff63de00cb3946ba],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [d7da89cca4e76dc94a017635e61e5ca4],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [c9e881d4e7a4d75f63e80f9c0bf960a0],
PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [1a97f65fc9c2f34329fa80155ea67e82],
PUP.Optional.OnePCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\OnePCOptimizer_RASAPI32, Quarantined, [59588bcaaedd999d42d806e57b8902fe],
PUP.Optional.OnePCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\OnePCOptimizer_RASMANCS, Quarantined, [20911540018a261043d73caf1de7639d],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\8bd15580-c4ca-47cb-a2f5-9b9dddd24bdd-5, Delete-on-Reboot, [51603b1af794092d17399c0fc24222de],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\8bd15580-c4ca-47cb-a2f5-9b9dddd24bdd-5_user, Delete-on-Reboot, [69489abbe6a53ff7ed63d8d3d62e8a76],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Delete-on-Reboot, [456c272e96f5251118fef6a7ef15fb05],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Delete-on-Reboot, [7b369bbabfcc0a2c4cca2974d72d2fd1],
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PhraseProfessor Auto Updater 1.10.0.21 Core, Delete-on-Reboot, [f4bd6ce96328e0566f5d4186fd07b44c],
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PhraseProfessor Auto Updater 1.10.0.21 Pending Update, Delete-on-Reboot, [e4cde273206bde5813b9626562a2c838],
PUP.Optional.Goobzo.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Smp, Delete-on-Reboot, [298823323b50d3639aee17d3f50f9868],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_UpdateTask_Time_323335383133373836302d344a414155342a2a236c6c5a, Delete-on-Reboot, [c8e9e5702b605cda70f4e564000339c7],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, Delete-on-Reboot, [456c00555c2fa59154f08834e61e9e62],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, Delete-on-Reboot, [1e9394c1f794fc3aed58a11b81831be5],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Quarantined, [129f72e3543776c0c5882bbfef15dd23],
PUP.Optional.GameGogle, HKLM\SOFTWARE\SAKURA, Quarantined, [edc4c2930c7f8babdcefaa422bd9fb05],
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO, Quarantined, [228f59fc206b2214e6df3faa2ed6fc04],
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\SMUPD, Quarantined, [b9f870e58cffbd793b77922251b311ef],
PUP.Optional.Goobzo.ShrtCln, HKLM\SOFTWARE\SEARCHMODULE\SUCCESS, Quarantined, [2d844c09ec9fe551f8911fcbd33139c7],
PUP.Optional.CinePlus, HKLM\SOFTWARE\WOW6432NODE\CinePlus-1.44V28.09, Quarantined, [ac050b4a5635ad8997340f95659fda26],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CompeteInc, Quarantined, [c4ed76df4744c6704be8563fae56f40c],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, Quarantined, [f2bfeb6a008bfc3a4403bfe9ec18d729],
PUP.Optional.FlashBeat, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, Quarantined, [ae0388cd7a11082eb3ee9b168b795fa1],
PUP.Optional.HighDefAction, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, Quarantined, [ebc6f263c5c6d75fb5a001b5659f2fd1],
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\PhraseProfessor_1.10.0.21, Quarantined, [feb38bca5c2fb28416b81ea909fbc43c],
PUP.Optional.SpaceSoundPro, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, Quarantined, [4b667cd9a6e5a88e933db22112f2857b],
PUP.Optional.YorkNewCin, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, Quarantined, [149d2035404b91a50edbfce3c63ecd33],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\SVH\rec_en_77, Quarantined, [545dbd983b50f244bcc48a6332d225db],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [8928d3824f3c39fd3210a00be0242dd3],
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [832eada804877abc7cf7bfe57391c43c],
PUP.Optional.WeWatcherProxy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WWatcherProxy.EXE, Quarantined, [3b7680d5a0ebea4ca6bc5d8183815ea2],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [446d084d95f6cc6af36deec6ae5628d8],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [00b1a4b1e3a8e65026253e6dc2426c94],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [5f52094c7e0dde586fdc9516679d8a76],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Quarantined, [d3dee86d3853072f1e2a96ff9272f709],
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserAir.exe, Quarantined, [842dbf96761581b5109d3e09758eb44c],
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PhraseProfessorAutoUpdateClient_RASAPI32, Quarantined, [7e33391c3b5006304c96589343c14bb5],
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PhraseProfessorAutoUpdateClient_RASMANCS, Quarantined, [ecc50c4928632d09bd25628948bcf30d],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Quarantined, [842d4f06e0abf244202db634f1135ca4],
PUP.Optional.Recover, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rec_en_77_is1, Quarantined, [bff2cb8a0d7e251118c12aa12adac13f],
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [3a7758fd98f3b086cd73d00cd72de917],
PUP.Optional.HealthCareGovTool, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebWatcherInstall, Quarantined, [0ba6a1b48506e65069d856605fa538c8],
PUP.Optional.MyTubeTheater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}, Quarantined, [832ed97c1a71f046adf3a644ff0501ff],
PUP.Optional.GameGogle, HKLM\SOFTWARE\WOW6432NODE\SAKURA, Quarantined, [feb31e37d3b881b5f8d3e70560a48b75],
PUP.Optional.SearchModule, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUpd, Quarantined, [3d7478ddd5b6ea4c8a9dcc039a6a0ef2],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [a908ada8c0cbcb6bc65d6d6dc242847c],
PUP.Optional.WebWatcher, HKLM\SOFTWARE\WOW6432NODE\UTILPROGRAMS\COMPONENTS, Quarantined, [ffb2cc89eba01026d47f7278bd470cf4],
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTCPHANDLER, Quarantined, [b5fcdf764a418bab823b85c1857e44bc],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3476568016-3749791688-1648160286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [743dd184e9a292a4b1b8e86145bec33d],
PUP.Optional.BrowserAir, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\BrowserAir, Quarantined, [7c3555009af12c0adec9f750867d7e82],
PUP.Optional.CrossBrowse, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\Crossbrowse, Quarantined, [ffb285d0fe8d4de93b07f9af7a8a21df],
PUP.Optional.HighDefAction, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\HighDefAction, Quarantined, [bcf59abbd1ba73c390c4942230d4e11f],
PUP.Optional.Nosibay, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\Nosibay, Quarantined, [a0112f264c3f7cba141f8045867eb24e],
PUP.Optional.YorkNewCin, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\YorkNewCin, Quarantined, [baf7193cdcafac8a01e7b22d0400da26],
PUP.Optional.CrossRider, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [268bbe97bad18bab9b6208a1c0443ec2],
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\ARENAHD, Quarantined, [753c6de8cac187afa4b03b69cb3933cd],
PUP.Optional.BrowserAir, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.7CPFNLPEXRXC2TK523HPNU6Y5Y, Quarantined, [704172e34c3fa2941f686489ef1501ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [b2ff292c2269dc5a7a98b4f6996bb64a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [49681c39c9c2bd79c74b5654b450d030],
PUP.Optional.CrossRider, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CinePlus-1.44V28.09, Quarantined, [318064f166250a2c17fda802fe061ee2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HQ-VideoV28.09, Quarantined, [e5ccd77ed2b91125e92b5951c93ba957],
PUP.Optional.WindApp, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\STORE\WindApp, Quarantined, [129fc49153387abc0ebf6a746a9a6898],
PUP.Optional.WindApp, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\STORE\WindApp Tag, Quarantined, [3d74c491a9e20333e0ee7d61bf45ef11],
PUP.Optional.SelectionTool, HKU\S-1-5-21-3476568016-3749791688-1648160286-1004\SOFTWARE\WTOOLS\Selection Tools Tag, Quarantined, [fbb6193c9bf070c645387a56e22201ff],
PUP.Optional.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PremierOpinion, Quarantined, [8c253f16b2d976c01fdade5983800cf4],

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 10/12/2015 12:29:25 PM in x64 mode.
Windows Version: Windows 10 Home
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity:
 
 * HdAudAddService [Missing Service]
 
Searching for Missing Digital Signatures:
 
 * No issues found.
 
Checking HOSTS File:
 
 * No issues found.
 
Program finished at: 10/12/2015 12:37:01 PM
Execution time: 0 hours(s), 7 minute(s), and 36 seconds(s)
 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:46 AM

Posted 12 October 2015 - 05:29 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users