Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by Advertise/bdt.femurssculler.com


  • Please log in to reply
14 replies to this topic

#1 Cahira

Cahira

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 01 March 2016 - 01:51 PM

I seem to have some sort of malware that I just cannot get rid of. It only seems to be affecting Chrome as best I can tell. I am running Windows 10arrow-10x10.png.

 

 

 I am getting ad links on random phrases, ad pop ups, and ads opening in new tabs.

 

Example images here: 

 

1.JPG?dl=0  https://www.dropbox.com/s/sn1xhoozkqba50q/1.JPG?dl=0

 

2.JPG?dl=0 https://www.dropbox.com/s/6zlse2i9vyf7mr7/2.JPG?dl=0

 

3.JPG?dl=0 https://www.dropbox.com/s/77g84vihk56io4p/3.JPG?dl=0

 

I have tried Avast, Malware Bytes, AdAware, ADW, Chrome Clean-up Tool & totally uninstalling and reinstalling Chrome. I've checked through my programs and processes and nothing is standing out. The files that I've seen listed as one that bdt.femurssculler usually hides, are not showing up (yes, I did show hidden files before checking). 

 

At this point I am at a bit of a loss on how to fix this. Malware Bytes is blocking whatever it is from opening ads in new tabs now, but I doesn't seem to find the root of the problem.

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 01 March 2016 - 01:52 PM

Hi Cahira :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Cahira

Cahira
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 01 March 2016 - 02:00 PM

Hi. Thank you for the help.

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Shiloh (administrator) on 01-03-2016 at 12:58:14
Running from "C:\Users\Shiloh\Downloads"
Microsoft Windows 10 Home  (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Shiloh-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-DB-3B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2558:562e:fb8d:bd51%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 01, 2016 12:27:20 PM
   Lease Expires . . . . . . . . . . : Wednesday, March 02, 2016 12:27:19 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 249057510
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E4-35-2E-D8-50-E6-DB-3B-62
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{B4934A29-DC8D-46FD-BBA3-5D37D7C27C71}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:28f5:1746:bbf3:995c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::28f5:1746:bbf3:995c%2(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 117440512
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E4-35-2E-D8-50-E6-DB-3B-62
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:807::200e
 216.58.219.46
 
 
Pinging google.com [216.58.219.46] with 32 bytes of data:
Reply from 216.58.219.46: bytes=32 time=46ms TTL=53
Reply from 216.58.219.46: bytes=32 time=47ms TTL=53
 
Ping statistics for 216.58.219.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 46ms, Maximum = 47ms, Average = 46ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=72ms TTL=51
Reply from 206.190.36.45: bytes=32 time=66ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 72ms, Average = 69ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...d8 50 e6 db 3b 62 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    276
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  2    306 2001::/32                On-link
  2    306 2001:0:5ef5:79fd:28f5:1746:bbf3:995c/128
                                    On-link
  5    276 fe80::/64                On-link
  2    306 fe80::/64                On-link
  5    276 fe80::2558:562e:fb8d:bd51/128
                                    On-link
  2    306 fe80::28f5:1746:bbf3:995c/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    276 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/01/2016 10:30:51 AM) (Source: COM) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (03/01/2016 10:30:51 AM) (Source: COM) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (02/29/2016 11:19:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SHILOH-PC)
Description: Package 4DF9E0F8.Netflix_6.6.33.0_x64__mcm4njqhnhss8+Netflix.App was terminated because it took too long to suspend.
 
Error: (02/29/2016 09:39:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SHILOH-PC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (02/29/2016 04:26:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/29/2016 02:48:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: Template.exe, version: 1.0.0.0, time stamp: 0x540eb082
Faulting module name: msvcr120_app.dll, version: 12.0.21005.1, time stamp: 0x524f7cdd
Exception code: 0xc0000409
Fault offset: 0x0004975f
Faulting process id: 0x1d58
Faulting application start time: 0xTemplate.exe0
Faulting application path: Template.exe1
Faulting module path: Template.exe2
Report Id: Template.exe3
Faulting package full name: Template.exe4
Faulting package-relative application ID: Template.exe5
 
Error: (02/28/2016 09:48:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SHILOH-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/28/2016 09:48:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: WinStore.Mobile.exe, version: 2016.27.2.0, time stamp: 0x56b24f75
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x24bc
Faulting application start time: 0xWinStore.Mobile.exe0
Faulting application path: WinStore.Mobile.exe1
Faulting module path: WinStore.Mobile.exe2
Report Id: WinStore.Mobile.exe3
Faulting package full name: WinStore.Mobile.exe4
Faulting package-relative application ID: WinStore.Mobile.exe5
 
Error: (02/28/2016 06:59:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x0000000000281e52
Faulting process id: 0xc84
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (02/26/2016 09:48:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: RelicMatch.Windows.exe, version: 0.0.0.0, time stamp: 0x56cba14b
Faulting module name: libcocos2d.dll, version: 0.0.0.0, time stamp: 0x56cba146
Exception code: 0xc0000005
Fault offset: 0x00022e98
Faulting process id: 0x2170
Faulting application start time: 0xRelicMatch.Windows.exe0
Faulting application path: RelicMatch.Windows.exe1
Faulting module path: RelicMatch.Windows.exe2
Report Id: RelicMatch.Windows.exe3
Faulting package full name: RelicMatch.Windows.exe4
Faulting package-relative application ID: RelicMatch.Windows.exe5
 
 
System errors:
=============
Error: (03/01/2016 12:27:40 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (03/01/2016 12:26:15 PM) (Source: DCOM) (User: SHILOH-PC)
Description: {E844CD23-864D-4921-B18B-ED60A150E112}
 
Error: (03/01/2016 12:26:11 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_607b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/01/2016 12:26:11 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_607b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/01/2016 12:26:11 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_607b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/01/2016 12:26:11 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_607b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/01/2016 11:30:35 AM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (03/01/2016 11:29:01 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/01/2016 11:28:59 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_5ee8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/01/2016 11:28:59 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_5ee8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2016 10:30:51 AM) (Source: COM)(User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (03/01/2016 10:30:51 AM) (Source: COM)(User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (02/29/2016 11:19:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SHILOH-PC)
Description: 4DF9E0F8.Netflix_6.6.33.0_x64__mcm4njqhnhss8+Netflix.App
 
Error: (02/29/2016 09:39:13 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SHILOH-PC)
Description: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App
 
Error: (02/29/2016 04:26:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (02/29/2016 02:48:13 AM) (Source: Application Error)(User: )
Description: Template.exe1.0.0.0540eb082msvcr120_app.dll12.0.21005.1524f7cddc00004090004975f1d5801d172cd62ce846aC:\Program Files\WindowsApps\51395KleomenisKakkalos.SpellingSpells_1.1.0.2_x86__r714cc911em5y\Template.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcr120_app.dll3c183db0-ae1c-4044-b4c3-4bf124b6f06851395KleomenisKakkalos.SpellingSpells_1.1.0.2_x86__r714cc911em5yApp
 
Error: (02/28/2016 09:48:15 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SHILOH-PC)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023170
 
Error: (02/28/2016 09:48:13 PM) (Source: Application Error)(User: )
Description: WinStore.Mobile.exe2016.27.2.056b24f75unknown0.0.0.000000000e0464645000000000000000024bc01d170fc48b5774cC:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exeunknown160a8872-256b-4bce-96ea-025411bbe6cbMicrosoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbweApp
 
Error: (02/28/2016 06:59:43 PM) (Source: Application Error)(User: )
Description: SearchUI.exe10.0.10586.63568b1fdcWindows.UI.Xaml.dll10.0.10586.715699d8e0c000027b0000000000281e52c8401d17110b7d0646fC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\System32\Windows.UI.Xaml.dlla2b608ea-7176-4c0a-8e25-1aef1110b08cMicrosoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyCortanaUI
 
Error: (02/26/2016 09:48:54 PM) (Source: Application Error)(User: )
Description: RelicMatch.Windows.exe0.0.0.056cba14blibcocos2d.dll0.0.0.056cba146c000000500022e98217001d171063747a91cC:\Program Files\WindowsApps\RolltowerStudios.MysterySocietyRelicMatch_1.1.0.13_x86__gjx78g1qv1y2c\RelicMatch.Windows.exeC:\Program Files\WindowsApps\RolltowerStudios.MysterySocietyRelicMatch_1.1.0.13_x86__gjx78g1qv1y2c\libcocos2d.dll8a1c70f0-4513-4306-ace2-3a20fbc7c370RolltowerStudios.MysterySocietyRelicMatch_1.1.0.13_x86__gjx78g1qv1y2cApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-29 22:31:29.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-29 22:31:29.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-29 21:46:44.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-29 21:46:44.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 12:22:53.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-25 01:30:03.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-24 19:26:32.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-24 06:31:07.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-22 21:46:16.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-22 21:46:15.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
100% Orange Juice (HKLM-x32\...\Steam App 282800) (Version:  - Orange_Juice)
3CXPhone for Windows (HKLM-x32\...\{0F47B502-C989-4812-B88E-1B1A552305EA}) (Version: 14.0.45826.228 - 3CX) Hidden
3CXPhone for Windows (HKLM-x32\...\3CXPhone for Windows 14.0.45826.228) (Version: 14.0.45826.228 - 3CX)
Abbaye_des_morts (HKCU\...\Abbaye_des_morts) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (HKLM\...\{2B24CCAA-5C9B-4A10-8285-3AC1B3986952}) (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}) (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Age of Conan - Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (HKLM\...\{B6547F83-398A-4E22-BB5A-DC6A9F013796}) (Version: 3.0.99.0 - Lavasoft) Hidden
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Azure RemoteApp (HKCU\...\8b53dffd52ff902f) (Version: 1.10267.1201.1500 - Microsoft Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.3.40101 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Demigod (HKLM-x32\...\Steam App 202710) (Version:  - Gas Powered Games)
Desktop Module 14 (HKLM-x32\...\{36E97403-CB96-4393-9EE8-5BCD5E98A173}) (Version: 14.5.0003 - Nuance Communications, Inc.)
DesktopDeliveryPSP 11 (HKLM-x32\...\{83D99866-948A-4547-B25C-E1EE72578195}) (Version: 11.5 - Nuance Communications, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.1 - EVE IPH)
EVE Online (HKCU\...\{669e2686-66e1-47c3-b7e0-bcd440d2232e}) (Version: 1.0.0 - CCP)
EVE Online (HKLM-x32\...\{17BD17E3-3B35-48B8-93FD-60C837277854}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{46D98890-5B6C-4FB7-829F-E54D0CFBF90D}) (Version: 3.0.0 - CCP Games Ltd.)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 2.2.1 - battleclinic.com)
EverQuest II (HKCU\...\SOE-EverQuest II) (Version: 1.0.3.183 - Sony Online Entertainment)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Far Cry 4 Update v1.8 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Killing Floor Mod: Defence Alliance 2 (HKLM-x32\...\Steam App 35420) (Version:  - Defence Alliance Team)
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Legends of Norrath (HKCU\...\SOE-LegendsOfNorrath) (Version:  - Sony Online Entertainment)
LogMeIn (HKLM-x32\...\{13D18F35-D634-4E6E-9C14-819C5FBEE6B4}) (Version: 4.1.7060 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{E35E56F6-3CE5-469B-952C-E5E2B3C79E6C}) (Version: 1.3.1835 - LogMeIn, Inc.)
LOOT version 0.8.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.0 - LOOT Team)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.12 (HKLM-x32\...\{F726A594-D506-4CE4-813C-5A260A243620}) (Version: 1.2.12 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Module 19 (HKLM-x32\...\{6803090A-4E3F-4CC4-8F4E-BBC8A53D7105}) (Version: 19.11.0000 - Nuance Communications, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{AD689F13-54BB-425B-ACEE-333FA8DF61D9}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Converter Module 8 (HKLM\...\{D804F410-09BC-4E27-AFAA-28DA794905CF}) (Version: 8.20.6383 - Nuance Communications, Inc.)
PDF Converter Module 8 (HKLM-x32\...\{D804F410-09BC-4E27-AFAA-28DA794905CF}) (Version: 8.20.6383 - Nuance Communications, Inc.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Pokémon Trading Card Game Online (HKLM-x32\...\{E46A5439-C642-43B5-A639-107662FF9A49}) (Version: 2.25.0 - The Pokémon Company International)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PriceForce 2.0.0 (HKLM-x32\...\{F1D730B8-86C1-48B2-A615-936E9C407D17}}_is1) (Version:  - Neopost Hasler)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
RealSpeak Solo (HKLM-x32\...\{B9FD64C5-C176-49BE-A4CC-4D5BC3053A36}) (Version: 1.00.0002 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RoboForm 7-9-17-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-17-5 - Siber Systems)
SafeZone Stable 1.48.2066.44 (HKLM-x32\...\SafeZone 1.48.2066.44) (Version: 1.48.2066.44 - Avast Software) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Galaxies (HKLM-x32\...\{88038160-9BCB-47BE-A5C3-5CE2DC115509}) (Version: 1.00.000 - )
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SWGEmu Launchpad (HKLM-x32\...\{37A10E4F-B984-462D-A33E-6C3D74CB1299}) (Version: 0.22 - SWGEmu)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Magic Circle Demo (HKLM-x32\...\Steam App 377020) (Version:  - Question)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tom Clancy's Ghost Recon: Advanced Warfighter 2 (HKLM-x32\...\Steam App 13510) (Version:  - Ubisoft)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Villagers and Heroes (HKLM-x32\...\Steam App 263540) (Version:  - Mad Otter Games)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic Entertainment)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 38%
Total physical RAM: 8089.44 MB
Available physical RAM: 4977.64 MB
Total Virtual: 16281.44 MB
Available Virtual: 12487.2 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:930.97 GB) (Free:173.45 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SHILOH-PC
 
Administrator            DefaultAccount           Guest                    
Shiloh                   
 
 
**** End of log ****


#4 furetto

furetto

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 03 March 2016 - 10:31 AM

Hi there, i have the same problem! 



#5 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:40 PM

Posted 03 March 2016 - 11:20 AM

Hi there, i have the same problem!


Please make a new topic if you need assistance and you're not the original poster of the thread.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#6 furetto

furetto

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 03 March 2016 - 11:50 AM

 

Hi there, i have the same problem!


Please make a new topic if you need assistance and you're not the original poster of the thread.

 

Sorry me but i didn't open cause it's really the same problem but i will follow your quote as you write! sorry again



#7 furetto

furetto

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 08 March 2016 - 07:14 AM

Hi Cahira, have you solved the problem?

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 08 March 2016 - 07:40 AM

Cahira didn't reply to my last post yet, so we don't know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Cahira

Cahira
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 March 2016 - 03:33 PM

I'm slightly confused. I posted the requested information and have not seen anything else from you Aura. Did I miss something?



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 08 March 2016 - 03:49 PM

That's my mistake Cahira, I completely missed your MiniToolBox reply. Sorry about that.

Uninstall the following programs please.
  • Adobe AIR - Outdated and vulnerable;
  • Java 8 Update 45 (64-bit) - Outdated and vulnerable;
  • Java 8 Update 66 - Outdated and vulnerable;
  • KMSnano 24 - Illegal Microsoft products loader;
Do you know this program: PriceForce 2.0.0?

Once done, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Cahira

Cahira
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 March 2016 - 11:31 PM

Yes, I know what Priceforce is. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT Report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Shiloh (Administrator) on Tue 03/08/2016 at 22:47:09.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage (File) 
Successfully deleted: C:\WINDOWS\system32\REN2199.tmp (File) 
Successfully deleted: C:\WINDOWS\system32\REN889D.tmp (File) 
Successfully deleted: C:\WINDOWS\system32\REN9CA5.tmp (File) 
Successfully deleted: C:\WINDOWS\system32\RENB8D1.tmp (File) 
Successfully deleted: C:\WINDOWS\system32\RENBA85.tmp (File) 
Successfully deleted: C:\WINDOWS\system32\RENEDCA.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/08/2016 at 22:53:24.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW Report

 

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 23:00:08

# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Shiloh - SHILOH-PC
# Running from : C:\Users\Shiloh\Downloads\adwcleaner_5.101.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://mysearch.avg.com?cid={77FF08ED-CEE1-43D7-B5FA-96E14921EF2C}&mid=3aa8448efe9347d2a36e0919a03fd291-aea4e84567f78a706edec1b4db4fad4c3d7e2fb6&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-24 18:54:04&v=3.0.0.2&pid=wtu&sg=&sap=hp
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1385 bytes] - [08/03/2016 23:00:08]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1464 bytes] - [08/03/2016 22:56:01]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1571 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malware Bytes Report

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/8/2016
Scan Time: 11:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.09.01
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Shiloh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416300
Time Elapsed: 18 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 09 March 2016 - 06:25 AM

Alright, good :) Follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
After that, make sure that you are logged in Google Chrome with your Google account and that the sync is enabled, then reset it to its default settings.

https://support.google.com/chrome/answer/3296214?hl=en

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Cahira

Cahira
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 09 March 2016 - 10:46 PM

Okay, I did that. Still having the same problem. 



#14 Cahira

Cahira
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 09 March 2016 - 10:49 PM

I take that back, it looks like it may all be cleared up now. Malwarebytes had popped up another warning, but that was the only one, where it was doing it with everything. I haven't seen any more, nor any of the linked ads from words. Thank you so much for the help :)



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 10 March 2016 - 06:21 AM

No problem Cahira, you're welcome :) Glad to see that your issue has been solved!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users