Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service Host Local System is using up all my memory


  • Please log in to reply
16 replies to this topic

#1 PS3DRA

PS3DRA

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 03:42 AM

Hello

 

I'm having a problem with Service Host Local System. It is using up all my memory. So is there a way to fix this?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 16 February 2016 - 08:41 AM

Hi PS3DRA :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 09:20 AM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by admin (administrator) on 16-02-2016 at 22:19:29
Running from "C:\Users\admin\Pictures\Facebook Bullbleep"
Microsoft Windows 8 Pro  (X64)
Model: Inspiron 3421 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Connected)
avast! SecureLine TAP Adapter v3 = Ethernet 2 (Hardware not present)
Dell Wireless 1704 802.11b/g/n (2.4GHz) = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : user
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 9E-2A-70-D7-F7-29
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Lenovo Easyplus Hotspot
:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 9C-2A-70-D7-F7-29
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1704 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 9C-2A-70-D7-F7-29
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : E0-DB-55-A7-64-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ad0d:747c:81a8:9799%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.254.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 16, 2016 10:16:27 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 17, 2016 10:16:27 PM
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DHCPv6 IAID . . . . . . . . . . . : 266394453
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-FE-CC-93-E0-DB-55-A7-64-B8
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{73DF30EA-4450-4696-AAD4-0F881D1E3069}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  120.28.5.172
 120.28.5.168
 120.28.5.148
 120.28.5.178
 120.28.5.163
 120.28.5.177
 120.28.5.187
 120.28.5.157
 120.28.5.182
 120.28.5.183
 120.28.5.152
 120.28.5.162
 120.28.5.167
 120.28.5.158
 120.28.5.153
 120.28.5.173
 
 
Pinging google.com [120.28.5.148] with 32 bytes of data:
Reply from 120.28.5.148: bytes=32 time=70ms TTL=53
Reply from 120.28.5.148: bytes=32 time=21ms TTL=53
 
Ping statistics for 120.28.5.148:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 70ms, Average = 45ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=263ms TTL=46
Reply from 98.139.183.24: bytes=32 time=264ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 263ms, Maximum = 264ms, Average = 263ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...9e 2a 70 d7 f7 29 ......Microsoft Wi-Fi Direct Virtual Adapter
 17...9c 2a 70 d7 f7 29 ......Microsoft Hosted Network Virtual Adapter
 16...9c 2a 70 d7 f7 29 ......Dell Wireless 1704 802.11b/g/n (2.4GHz)
 12...e0 db 55 a7 64 b8 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254  192.168.254.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link   192.168.254.100    276
  192.168.254.100  255.255.255.255         On-link   192.168.254.100    276
  192.168.254.255  255.255.255.255         On-link   192.168.254.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   192.168.254.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   192.168.254.100    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::ad0d:747c:81a8:9799/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/16/2016 10:18:51 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 10:18:49 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 05:30:23 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 05:30:23 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 04:15:57 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 04:15:54 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15515
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15515
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/16/2016 04:28:48 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
 
System errors:
=============
Error: (02/16/2016 10:16:12 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (02/16/2016 10:16:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:27:57 PM on ‎2/‎16/‎2016 was unexpected.
 
Error: (02/16/2016 05:44:27 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by -57650 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->23.101.187.68:123) is working properly.
 
Error: (02/16/2016 05:27:45 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (02/16/2016 05:24:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (02/16/2016 05:09:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053defragsvcUnavailable{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (02/16/2016 05:09:15 PM) (Source: Service Control Manager) (User: )
Description: The Optimize drives service failed to start due to the following error: 
%%1053
 
Error: (02/16/2016 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimize drives service to connect.
 
Error: (02/16/2016 04:13:13 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (02/16/2016 04:13:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:57:14 AM on ‎2/‎16/‎2016 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (02/16/2016 10:18:51 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 10:18:49 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 05:30:23 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 05:30:23 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 04:15:57 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/16/2016 04:15:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15515
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15515
 
Error: (02/16/2016 06:12:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/16/2016 04:28:48 AM) (Source: Winlogon)(User: )
Description: 
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Driver Detective (HKLM-x32\...\DriversHQ.DriverDetective.Client) (Version: 10.1.2.44 - PC Drivers HeadQuarters LP)
DriverPack Solution Updater (HKCU\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution)
DriverToolkit version 8.5.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.5.0.0 - Megaify Software)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KMSpico 4.2 (HKLM\...\KMSpico v4.2_is1) (Version: 4.2 - )
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.9001 - ooVoo LLC.)
PriceSparrow (HKLM-x32\...\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497}) (Version: 1.4.9 - Ciuvo GmbH)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.1.10441 - Skype Technologies S.A.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Sony刷机驱动安装程序 version 1.2 (HKLM-x32\...\{DCF4A01A-4ED7-4E60-8D4B-4B3F59CF3DE0}_is1) (Version: 1.2 - 北京众晶锐驰科技有限公司)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.10 - StepMania)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WARMODE (HKLM-x32\...\Steam App 391460) (Version:  - WARTEAM)
Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 74%
Total physical RAM: 1913.08 MB
Available physical RAM: 491.82 MB
Total Virtual: 5753.08 MB
Available Virtual: 4329.75 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:243.8 GB) (Free:165.5 GB) NTFS
2 Drive d: () (Fixed) (Total:221.62 GB) (Free:204.52 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER
 
admin                    Administrator            Guest                    
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 16 February 2016 - 09:33 AM

Please uninstall the following programs.
  • Acrobat.com - Useless;
  • Adobe Reader 9 - Outdated and vulnerable;
  • Driver Detective - See the warning above;
  • DriverPack Solution Updater - See the warning above;
  • DriverToolkit version 8.5.0.0 - See the warning above;
  • Google Toolbar for Internet Explorer - Useless;
  • Java 8 Update 65 - Outdated and vulnerable;
  • Java 8 Update 66 - Outdated and vulnerable;
  • Java SE Development Kit 8 Update 25 (64-bit) - Outdated and vulnerable;
  • KMSpico 4.2 - Illegal loader for Windows;
  • McAfee Security Scan Plus - Useless;
  • PriceSparrow - Adware;
warning.gifDriver Updater Warning!
I see that you are using a "Driver Updater" program. I strongly advise you to uninstall it/them and to never use such programs again since they can damage your system at a point where a reinstallation of Windows might be needed.
  • Drivers are "middlemen" between your OS (Windows) and your hardware (computer). They control and facilitate the interaction between Windows and hardware components, to deliver a "message", nothing more;
  • Having all of your drivers up to date, all the time, will not improve the performance of your system, nor your computer. You cannot increase the hardware performance of a component over the current capabilities it have;
  • Driver updates are released to fix a bug or an issue with a previous release of that driver. Not everyone with the same drivers will experience the issue, so if you are having no problems with the drivers you are running, you don't need to update them. "If it's not broken, don't fix it";
  • You can download drivers for free from your computer/laptop manufacturers website, or from the hardware component manufacturers website. You don't need to pay for any of them, if you are being asked to pay for drivers it is likely a scam;
  • Only drivers from the computer/laptop manufacturers website, or the hardware component manufacturers website are considered official (legitimate and working). You should not download drivers from anywhere else;
  • Driver Updaters are a scam, they try to convince you that you need these programs in order to make your system perform well, which is false;
  • It has been tested and proven that these programs will detect outdated drivers on a system that have the most updated drivers from the manufacturer, which shows that they don't work and/or they try to make you install "newer" suspicious drivers;
  • The goal of the distributors of such programs is to make money by making you buy their useless product, or install additional software (PUPs) when you install their program. Your system will perform worse with these programs installed than without;
This being said, such programs could be seen as "pure scam" and should be avoided at all cost.

Here's some articles that talks about Driver Updater programs and why they shouldn't be used:I suspect that your current copy of Windows is counterfeit, due to the presence of KMSpico on your system. BleepingComputer doesn't condone piracy or any other ways of defeating current copyright measures in order to illegally use a software. Therefore, I'll ask you to uninstall it if you want to continue being assisted here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 10:13 AM

I originally got this laptop from my dad so i don't know what kind of stuff he did. For the programs that you said i uninstalled all of them except for Acrobat. It won't uninstall for some reason



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 16 February 2016 - 10:15 AM

Acrobat.com? All god, we can leave it be for now.

Now follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 10:31 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8 Pro x64 
Ran by admin (Administrator) on Tue 02/16/2016 at 23:20:13.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 21 
 
Successfully deleted: C:\ProgramData\apn (Folder) 
Successfully deleted: C:\Users\admin\AppData\Local\drivertoolkit (Folder) 
Successfully deleted: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljkanaekoongefljnjbghkgjjocmikm (Folder) 
Successfully deleted: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\goodgame empire.lnk (Shortcut) 
Successfully deleted: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\goodgame empire.lnk (Shortcut) 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\Tasks\DriverToolkit Autorun.job (Task) 
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28BTGVG5 (Folder) 
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKGED7R4 (Folder) 
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0MTGGZ2 (Folder) 
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAR31USI (Folder) 
Successfully deleted: C:\Windows\prefetch\DRIVERDETECTIVE.EXE-EF84FEAB.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERDETECTIVE.EXE-F830B033.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERSHQ.DRIVERDETECTIVE.CLI-31FD6DC2.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKIT.EXE-5E299CDC.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.EXE-7939AF8E.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-A42507C3.pf (File) 
Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-B5ABCBCD.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-E499780F.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\Windows\system32\REN3716.tmp (File) 
 
user_pref(browser.newtabpage.pinned, [{\url\:\hxxps://www.facebook.com/\,\title\:\(2) Facebook\,\frecency\:38200,\lastVisitDate\:1428534054941000,\type\:\his
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\AddonsHelper (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/16/2016 at 23:28:29.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Hold on a moment for the other 2 logs


#8 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 10:37 AM

# AdwCleaner v5.033 - Logfile created 16/02/2016 at 23:34:31
# Updated 07/02/2016 by Xplode
# Database : 2016-02-15.1 [Server]
# Operating system : Windows 8 Pro  (x64)
# Username : admin - USER
# Running from : C:\Users\admin\Pictures\Facebook Bullbleep\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : AddonsHelper
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\DNSErrorHelper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\RHEng
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\2fbg5ar5.default\Extensions\extension@pricesparrow.com.xpi
[-] File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\2fbg5ar5.default\foxydeal.sqlite
[-] File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\2fbg5ar5-2.default\Extensions\extension@pricesparrow.com.xpi
[-] File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\2fbg5ar5-2.default\foxydeal.sqlite
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
 
***** [ Web browsers ] *****
 
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kljkanaekoongefljnjbghkgjjocmikm
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2179 bytes] ##########


#9 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 16 February 2016 - 11:43 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/16/2016
Scan Time: 11:40 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.16.04
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369294
Time Elapsed: 1 hr, 2 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject, Quarantined, [d58ff1701683ef4722772d6d36ccdd23], 
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject.1, Quarantined, [3c28ec751881f343c8d1900ad230f907], 
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject, Quarantined, [3c28ec751881f343c8d1900ad230f907], 
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject.1, Quarantined, [3c28ec751881f343c8d1900ad230f907], 
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject, Quarantined, [3c28ec751881f343c8d1900ad230f907], 
PUP.Optional.DNSErrorHelper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject.1, Quarantined, [3c28ec751881f343c8d1900ad230f907], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 5
PUP.Optional.OpenCandy, C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe, Quarantined, [ee76412011881b1bc4b22bda8e7223dd], 
PUP.Optional.APNToolBar, C:\Users\admin\AppData\Local\Temp\utt63CC.tmp.exe, Quarantined, [3e26d38e9aff3cfa3f5a181e6c9514ec], 
PUP.Optional.SofTonic, C:\Users\admin\Downloads\SoftonicDownloader_for_starship-troopers.exe, Quarantined, [e084025ff5a487afd147ae7d837d9f61], 
PUP.Optional.InstallIQ, C:\Users\admin\Downloads\WiFiHotSpotCreatorSetup.exe, Quarantined, [78ec83ded7c2f442ba14e0c61ce453ad], 
PUP.Optional.OpenCandy, C:\Users\admin\Downloads\uTorrent.exe, Quarantined, [2e362140e6b32313b2c4aa5b15eb6898], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 16 February 2016 - 11:48 AM

Good :) Let's run Emsisoft Emergency Kit to take care of remnants, followed by TFC.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 17 February 2016 - 03:34 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 2/17/2016 4:18:13 PM
User account: user\admin
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2/17/2016 4:19:34 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
 
Scanned 86579
Found 4
 
Scan end: 2/17/2016 4:33:11 PM
Scan time: 0:13:37
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO Application.AdReg (A)
 
Quarantined 2


#12 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 17 February 2016 - 03:47 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 2/17/2016 4:18:13 PM
User account: user\admin
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2/17/2016 4:19:34 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
 
Scanned 86579
Found 4
 
Scan end: 2/17/2016 4:33:11 PM
Scan time: 0:13:37
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO Application.AdReg (A)
 
Quarantined 2


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 17 February 2016 - 06:17 AM

Did you run TFC after running Emsisoft Emergency Kit?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 PS3DRA

PS3DRA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 17 February 2016 - 06:46 AM

Yes



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 17 February 2016 - 08:00 AM

Alright. Is your svchost.exe still using all your RAM?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users