Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error code 0xc000007b and internet not working in some spots


  • Please log in to reply
99 replies to this topic

#1 Houka

Houka

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 November 2015 - 09:57 PM

OK I'm here because my brother Laptop doesn't seem to want to work very well lets see. First thing is that he's got Steam and want to Play Final Fantasy V but states he is missing some .dll files which he download but now can't run due to error (0xc000007b) and have no idea how to fix it. I assume it because of something with Windows 10 which he recently updated to, This may be a technical issue but need to say wanted to to unsure it's not some kind of bug causing it,

 

However on the other side he been having issue with internet troubles selectively. He can go on Google and YubeTube just fine but can't seem to connect to stream online stuff and few other place states he's not connect despite he is. I'm sure a bug or something is there somewhere. He has done Avest, Adware Cleaner, and Malebytes, which did find a lot but didn't fix the issue. Though that was before the Widows 10 update.

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 16 November 2015 - 09:23 AM

Hi Houka :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 12:56 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Cody (administrator) on 16-11-2015 at 23:47:20
Running from "C:\Users\Cody\Desktop"
Microsoft Windows 8.1  (X64)
Model: X551CAP Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
========================= IP Configuration: ================================

VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi 2 (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : CodyT
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-0A-64-C3-93-91
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 24-0A-64-C3-93-91
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::78ce:aa33:f4dd:5b8d%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 16, 2015 12:04:13 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 17, 2015 12:04:14 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 270797412
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-DB-76-27-24-0A-64-C3-93-91
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 24-0A-64-C3-93-90
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-9F-F3-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-B8-DC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fd80:ce3f:2ca1:39f2%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520618023
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-DB-76-27-24-0A-64-C3-93-91
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  10.0.0.1

Name:    google.com
Addresses:  2607:f8b0:4009:808::200e
   216.58.216.78

Pinging google.com [216.58.216.78] with 32 bytes of data:
Reply from 216.58.216.78: bytes=32 time=22ms TTL=53
Reply from 216.58.216.78: bytes=32 time=20ms TTL=53

Ping statistics for 216.58.216.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 22ms, Average = 21ms
Server:  UnKnown
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=119ms TTL=41
Reply from 206.190.36.45: bytes=32 time=117ms TTL=41

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 117ms, Maximum = 119ms, Average = 118ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...16 0a 64 c3 93 91 ......Microsoft Wi-Fi Direct Virtual Adapter
 16...24 0a 64 c3 93 91 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  5...24 0a 64 c3 93 90 ......Bluetooth Device (Personal Area Network)
  3...d8 50 e6 9f f3 ea ......Realtek PCIe FE Family Controller
 19...08 00 27 00 b8 dc ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.2     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    281
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 19    276 fe80::/64                On-link
 16    281 fe80::/64                On-link
 16    281 fe80::78ce:aa33:f4dd:5b8d/128
                                    On-link
 19    276 fe80::fd80:ce3f:2ca1:39f2/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20062

Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20062

Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16140

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16140

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13421

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13421

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 12:43:16 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f68

Start Time: 01d120348e38e201

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3062873f-8c2d-11e5-bfae-240a64c39390

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (11/16/2015 01:40:12 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (11/16/2015 01:18:22 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (11/16/2015 01:18:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (11/16/2015 01:18:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (11/16/2015 12:03:49 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (11/15/2015 10:47:47 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (11/15/2015 01:02:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.Office.OneNote.

Error: (11/15/2015 01:02:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.Office.OneNote.

Error: (11/15/2015 12:51:45 PM) (Source: Service Control Manager) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/15/2015 12:51:31 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20062

Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20062

Error: (11/16/2015 04:40:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16140

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16140

Error: (11/16/2015 04:40:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13421

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13421

Error: (11/16/2015 04:40:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2015 12:43:16 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.209111f6801d120348e38e2014294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe3062873f-8c2d-11e5-bfae-240a64c39390microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
  Date: 2014-07-27 00:32:59.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-27 00:32:59.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-26 22:02:20.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-26 22:02:19.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
Application Insights Tools for Visual Studio 2015 RC (HKLM-x32\...\{D160EB10-3249-44B8-91FE-FA266004BE3E}) (Version: 3.2 - Microsoft Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
AzureTools.Notifications (HKLM-x32\...\{AE75FA48-59DB-4C47-9B34-756093C15213}) (Version: 2.6.30331.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.15.5208 - BlueStack Systems, Inc.)
Dotfuscator and Analytics Community Edition 5.18.0 (HKLM-x32\...\{7C361160-7ADC-46CE-AFDC-D10C6EADD032}) (Version: 5.18.0.2789 - PreEmptive Solutions) Hidden
Download Windows Universal Tools (HKLM-x32\...\{EFA507A3-9D2B-37E3-8530-8EC1FFA750C5}) (Version: 14.0.22823 - Microsoft Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Fallout 2 Unofficial Patch 1.02.31 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version:  - killap)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FF7Music (HKLM\...\FF7Music) (Version:  - )
FFTasker Uninstall (HKLM\...\FFTasker) (Version:  - )
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.8 - Sharpened Productions)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version:  - )
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.3.2 - Sharpened Productions)
FINAL FANTASY III (HKLM-x32\...\Steam App 239120) (Version:  - Square Enix)
FINAL FANTASY IV (HKLM-x32\...\Steam App 312750) (Version:  - Square Enix)
FINAL FANTASY V (HKLM-x32\...\Steam App 382890) (Version:  - SQUARE ENIX)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
FOMM 0.14.11.12 (HKLM-x32\...\{072C2AEF-16B2-46B7-BA7F-D0CAA7B4F89F}_is1) (Version:  - Prideslayer)
Free Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - Somoto Ltd)
Freedom Planet (HKLM-x32\...\Steam App 248310) (Version:  - GalaxyTrail)
Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5456A561-2429-411B-B2C8-CAE4411D446B}) (Version: 10.0.1733 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (ENU) (HKLM-x32\...\{E689C2B1-3711-4FF7-95C4-1F4932A2B493}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta4 (HKLM\...\{a87918f8-8462-36ae-ab64-5bac8473c726}) (Version: 1.0.10413.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.22823 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50325.0) (HKLM-x32\...\{91A6AD24-DADE-407B-B19B-65000C22B931}) (Version: 14.0.50325.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 RC (HKLM-x32\...\{d79c19c8-760e-4fc2-a85a-8a89093b59e6}) (Version: 14.0.22823 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.6 Beta3 (HKLM\...\{07F0FC77-282E-42E5-BAE6-B8C098F8453E}) (Version: 3.1238.1942 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft) (Version: ${VERSION} - )
Minecraft Packages (HKCU\...\Minecraft Packages) (Version:  - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{3F9C5688-4EFD-3263-9CF8-C064339483C9}) (Version: 14.0.22823 - Microsoft Corporation) Hidden
MySQL Administrator 1.1 (HKLM-x32\...\{8A2DA523-38FD-49DA-88E9-6BCDD7CCE9CF}) (Version: 1.1.9 - MySQL AB)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.1.0.4 - NETGEAR)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.7 - Black Tree Gaming)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Patr  Pats Flickr App (HKLM-x32\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version:  - "")
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Plarium (HKCU\...\Plarium) (Version:  - Plarium)
PowerShellIntegration.Notifications (HKLM-x32\...\{B330548B-1EBE-429C-AA47-FC12748FA18F}) (Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python Tools Redirection Template (HKLM-x32\...\{73E8C006-8839-4F7E-9D97-6E6444BC1E2E}) (Version: 0.7.4100.000 - Microsoft Corporation) Hidden
Reddit Liquid Streams (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version:  - "")
Roslyn Language Services - x86 (HKLM-x32\...\{12C7E475-97B8-3B24-A7D3-D5B03D0D1D9B}) (Version: 14.0.22823 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{386C29BB-2CEA-3511-89A0-D78306B139AA}) (Version: 14.0.22823 - Microsoft Corporation) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:  - )
Snap.Do Engine (HKCU\...\{a2279c73-5063-4a62-9662-154d9af93657}) (Version: 10.213.1.15234 - ReSoft Ltd.)
Solid YouTube Downloader and Converter 6.2.0.1 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-ytd}_is1) (Version:  - DreamVideoSoft,Inc.)
Sonic CD (HKLM-x32\...\Steam App 200940) (Version:  - Blit Software)
SteamVR (HKLM-x32\...\Steam App 250820) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 RC (HKLM-x32\...\{142FD6FA-097F-3BE5-B727-AD275B20D138}) (Version: 14.0.22821 - Microsoft Corporation) Hidden
Techhubby (HKLM-x32\...\{B3563448-C4CD-46DB-915A-359E22D1754D}) (Version: 1.0.0 - TECHHUBBYSOL)
Test Tools for Microsoft Visual Studio 2015 RC (HKLM-x32\...\{57D9C3F2-7F4A-4039-978D-44B71E7F3FF4}) (Version: 14.0.22823 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{55F8616F-FF50-43F4-B8C3-BF5EC69AAF86}) (Version: 1.4.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{C38CF5A7-2301-44C6-BDC2-B9ACCB26D3FF}) (Version: 1.4.3.0 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{9B81D7A3-34D8-D8A5-614F-AE14A396C8BE}) (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{43520E1F-06FE-6D91-2B8A-AF92B30B62E9}) (Version: 10.0.10058 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{209D0AAE-9281-761B-9513-679B83AD68C5}) (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{0D19389F-707A-A013-62AE-752E1C81A726}) (Version: 10.0.10056 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Wajam (HKLM-x32\...\WaIEn) (Version: 1.46.1.2 (i1.0) - Wajam)
WCF Data Services 5.6.2 Runtime (HKLM-x32\...\{F9843E68-4E61-41B0-946E-66989DB35902}) (Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2014 (HKLM-x32\...\{4C117734-3794-4A3C-ABC5-FC79656E0A50}) (Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WeatherApp (HKLM-x32\...\WeatherApp 1.0.0.0) (Version: 1.0.0.0 - Portable WeatherApp)
Windows Driver Package - ASUS (ATP) Mouse  (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3981.74 MB
Available physical RAM: 2182.25 MB
Total Virtual: 5449.29 MB
Available Virtual: 2611.8 MB

========================= Partitions: =====================================

1 Drive c: (ff7disc1) (Fixed) (Total:444.21 GB) (Free:60.68 GB) NTFS

========================= Users: ========================================

User accounts for \\CODYT

Administrator            Cody                     Guest                   

**** End of log ****

 

A slight update is that he has reverted Windows 10 to 8 again but the connection issue prosiest. The error seem to be a wrong file.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 November 2015 - 06:24 AM

Uninstall the following programs please.
  • File Identifier - Unless you use it, but not needed;
  • File Type Advisor;
  • File Viewer Lite - Unless you use it, but not needed;
  • Free Zip 9.20 - Suspicious program, often bundled by 3rd parties. I would suggest using 7-Zip or WinRAR instead;
  • McAfee Security Scan Plus - Useless;
  • Norton Security Scan - Useless;
  • Snap.Do Engine - Browser Hijacker;
  • Wajam - PUP;
Once done or if you have an issue when uninstalling a program, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 02:51 PM

any suggested uninstaller?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 November 2015 - 03:01 PM

No need for a uninstaller for these, you can uninstall them from the Control Panel normally :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 03:43 PM

Well it seem Snap.Do Engine doesn't want to be removed, it doesn't even gives me an option just acts as if I never click on it. While I uninstall Wajam it apparently left some files over, so what we do from here?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 November 2015 - 03:59 PM

We'll remove them with malware removal tools :) Follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 08:01 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 8.1 x64
Ran by Cody (Administrator) on Tue 11/17/2015 at 16:58:24.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 13

Successfully deleted: C:\Program Files (x86)\prefs.js (File)
Successfully deleted: C:\rei (Folder)
Successfully deleted: C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.smartshopping.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Cody\AppData\Local\plutotv (Folder)
Successfully deleted: C:\Users\Cody\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Cody\Appdata\LocalLow\ytd (Folder)
Successfully deleted: C:\Users\Cody\AppData\Roaming\sp_data.sys (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\pluto tv (Folder)
Successfully deleted: C:\Program Files (x86)\techhubbysol (Folder)
Successfully deleted: C:\Program Files\waien (Folder)
Successfully deleted: C:\Users\Cody\AppData\Roaming\appdataFr3.bin (File)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\gfilterdrv (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/17/2015 at 17:06:17.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v5.021 - Logfile created 17/11/2015 at 17:14:23
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Cody - CODYT
# Running from : C:\Users\Cody\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\Users\Cody\AppData\Local\00000011-1430827557-0000-0000-D850E69FF3EA
[-] Folder Deleted : C:\Users\Cody\AppData\Local\00000011-1430827569-0000-0000-D850E69FF3EA

***** [ Files ] *****

[-] File Deleted : C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\searchplugins\bing-lavasoft.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-21-329765677-3726438763-1483127001-1001_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}

***** [ Web browsers ] *****

[-] [C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D111515-A550D1D9DEB&form=CONMHP&conlogo=CT3334507");
[-] [C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.bing.com/?pc=COSP&ptag=D111515-A550D1D9DEB&form=CONMHP&conlogo=CT3334507");
[-] [C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\prefs.js] [Preference] Deleted : user_pref("extensions.newtab.oldnewtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D111515-A550D1D9DEB&form=CONMHP&conlogo=CT3334507");
[-] [C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [2746 bytes] ##########



#10 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 08:04 PM

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/11/17 17:25:30 -0600</date>
<logfile>mbam-log-2015-11-17 (17-25-30).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2015.11.08.05</malware-database>
<rootkit-database>v2015.11.04.02</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>CODYT</hostname>
<ip>192.168.56.1</ip>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Cody</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>449444</objects>
<time>3868</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Cody\Downloads\DirectX Setup.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>c0d5b1caa1eaa1958bf58914d52c728e</hash></file>
<file><path>C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi</path><vendor>PUP.Optional.WinYahoo</vendor><action>success</action><hash>860f0279dbb0a195f3a288107b886c94</hash></file>
</items>
</mbam-log>

 

"malewarebytes could not connect to it's server" in short I couldn't update it but hopefully we got what we want anyway.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 November 2015 - 08:06 PM

The databases are too old.
<malware-database>v2015.11.08.05</malware-database>
<rootkit-database>v2015.11.04.02</rootkit-database>
Can you uninstall Malwarebytes, reinstall it and run a new scan?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 09:43 PM

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/11/17 20:34:45 -0600</date>
<logfile>mbam-log-2015-11-17 (19-25-09).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>0.0.0.0000</version>
<malware-database>v2015.11.18.01</malware-database>
<rootkit-database>v2015.11.14.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>CODYT</hostname>
<ip>10.0.0.2, 192.168.56.1</ip>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Cody</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>451374</objects>
<time>4127</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 November 2015 - 09:52 PM

Alright, better :) Let's run a last scan with ESET Online Scanner for remnants.

cvMlKv6.pngESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  • Once you're done, click on the Back button;
  • Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 19 November 2015 - 09:30 PM

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\pastaleads\PastaLeads Client\pastaleadss(60).exe.vir a variant of Win64/Adware.PastaLeads.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FileViewPro\FileViewPro.exe.vir MSIL/Solvusoft.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\pcreg\pcreg.exe.vir Win32/Conduit.SearchProtect.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\garrus.dll.vir a variant of Win32/Toolbar.Perion.Q potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\gcpum.dll.vir Win32/Fingprint.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\mseff32.dll.vir a variant of Win32/Toolbar.Perion.T potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\mseff64.dll.vir a variant of Win64/Toolbar.Perion.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\nseven.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\tsoni64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe.vir a variant of Win32/Systweak potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Edu App\ohmbecafcaibfjhnijfoibgdpljmoghh.crx.vir Win32/BrowseFox.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\GamesBotSvc.exe.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\alzm.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\Base.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\brs.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\cmd.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\inws.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\ists.dll.vir a variant of Win32/GigaClicks.AN potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\sipc.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\ups.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Games Bot\Modules\wdm.dll.vir a variant of Win32/GigaClicks.AV potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\uninstall.exe.vir a variant of Win32/InstallCore.ADB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\BRS\brs.exe.vir a variant of Win32/AdWare.Agent.NNW application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ebmahbfknaoookgjeoddngbgjfbccfcb\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gjcekcmgfpbmababdlojodjcmbpogdph\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ohadnemieodanfgfddbpbcklpfhollll\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Local\Games Bot\Data\ResPack6.bin.vir SWF/Agent.H trojan deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\00000011-1430845372-0000-0000-D850E69FF3EA\vnsk4CAE.tmp.vir a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\1H1Q1V1N1N1O1R\Minecraft Packages\uninstaller.exe.vir Win32/InstallCore.PC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\BEHelper.exe.vir a variant of Win32/Toolbar.Widgi.L potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\Button.exe.vir Win32/Toolbar.Widgi.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\Button64.exe.vir Win64/Toolbar.Widgi.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\ButtonWrap.dll.vir Win32/Toolbar.Widgi.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\ButtonWrap64.dll.vir Win64/Toolbar.Widgi.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\coupons.xpi.vir JS/Adware.Spigot.B application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\Coupons64.dll.vir a variant of Win64/Toolbar.Widgi.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\saebay.xpi.vir JS/Adware.Spigot.B application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\BrowserExtensions\Uninstall.exe.vir Win32/Toolbar.Widgi.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\dll-files.com\Fixer\Version 1.0\productSetup_Setup_10_7_2014.exe.vir a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5d06k2se.default\Extensions\bSfLg@JeUmRb.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cody\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.U potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\Avalanche GUI v2.0.8.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined
C:\Games\Final Fantasy VII\Bootleg.exe a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Games\Final Fantasy VII\FacePalmerpart01.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 BarCorrectionPatch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 Load Saved Games By Kranmer.exe a variant of Win32/GameHack.AES potentially unsafe application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 Trainer 0.7.1v4 By Kranmer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
C:\temp\t.msi multiple threats deleted - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\E6RVXM95\smt[1].exe Win32/WebDevAZ.C potentially unwanted application deleted - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\FEF32I3N\Setup[1].exe a variant of Win32/GigaClicks.AN potentially unwanted application deleted - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\FV2YUK5W\cmmdWriter[1].exe Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\O24NCSAG\ciwr[1].exe a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\O24NCSAG\SearchUpdater[1].exe a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\R40ETUQQ\rvwr[1].exe a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Microsoft\Windows\INetCache\IE\ZIRARZA2\policyname[1].exe a variant of Win32/Adware.ConvertAd.QR application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsaBFD5.tmp a variant of Win32/Adware.ConvertAd.QI application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsb5EC7.tmp a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsh3BC6.tmp a variant of Win32/Adware.ConvertAd.QI application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsj6670.tmp a variant of Win32/Adware.ConvertAd.QI application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsr1431.tmp a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nst3FC5.tmp a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\nsy8989.tmp a variant of Win32/Adware.ConvertAd.QI application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\158D.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\3C8F.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\409D.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\41F2.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\44BB.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\8248.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\9CCD.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\AB0C.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\B719.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\BFB9.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\Bootleg_Setup\Final Fantasy VII\FF7 Load Saved Games By Kranmer.exe a variant of Win32/GameHack.AES potentially unsafe application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\Bootleg_Setup\Sprinkles.7z\Sprinkles\FF7\FF7 Load Saved Games By Kranmer.exe a variant of Win32/GameHack.AES potentially unsafe application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\Bootleg_Setup\Sprinkles.7z\Sprinkles\FF7\FF7 Trainer 0.7.1v4 By Kranmer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\D5F3.tmp\Sprinkles.7z a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Users\Cody\AppData\Local\Temp\is351588084\0A057F1C_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\is765589038\3BBDD4AE_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\is765589038\414D3F96_stp\CreateShortCut.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\is765589038\414D3F96_stp\TaskScheduler.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Local\Temp\{278E4C56-1BB6-4068-A5FF-BDB0E5D84FEC}\{89E66C25-6DF0-4E66-B0C5-698F55FA0CCB}\Default\Extensions\aejmahcjmphcbnhglpmfmmibkiajmeof\1.0_0\data\flash\detector4.swf SWF/Agent.H trojan deleted - quarantined
C:\Users\Cody\AppData\Roaming\Plarium\Uninstaller.exe a variant of Win32/InstallCore.ADB potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Cody\Downloads\dffsetup-msvcp110.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\Cody\Downloads\epm.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Cody\Downloads\Setup_FileViewPro_[2015].exe Win32/Solvusoft.A potentially unwanted application deleted - quarantined
C:\Users\Cody\Videos\game\n64\setup Project64 2.1.exe Win32/Somoto.Q potentially unwanted application deleted - quarantined
C:\WINDOWS\Installer\1a1db.msi multiple threats deleted - quarantined
C:\WINDOWS\Installer\383e4d66.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\WINDOWS\Temp\2214.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\2A10.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\4BAD.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\5135.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\761D.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\8625.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\9EEE.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\9F24.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\A1A1.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\A1D8.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\A48E.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\A72C.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\ABC4.tmp.exe a variant of Win32/Adware.ConvertAd.MM application cleaned by deleting - quarantined
C:\WINDOWS\Temp\B98F.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\BB31.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\C0C6.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\D93A.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\DB81.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
C:\WINDOWS\Temp\F033.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\F7D4.tmp.exe a variant of Win32/Adware.ConvertAd.OB.gen application cleaned by deleting - quarantined
C:\WINDOWS\Temp\F7F4.tmp.exe Win32/Adware.ConvertAd.OB application cleaned by deleting - quarantined
 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 19 November 2015 - 10:25 PM

Your Final Fantasy might not be working anymore.
C:\Games\Final Fantasy VII\Avalanche GUI v2.0.8.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined
C:\Games\Final Fantasy VII\Bootleg.exe a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
C:\Games\Final Fantasy VII\FacePalmerpart01.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 BarCorrectionPatch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 Load Saved Games By Kranmer.exe a variant of Win32/GameHack.AES potentially unsafe application cleaned by deleting - quarantined
C:\Games\Final Fantasy VII\FF7 Trainer 0.7.1v4 By Kranmer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
So you should check that. Once done, follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users