Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am so confused, I don't know what to do


  • Please log in to reply
10 replies to this topic

#1 freijya

freijya

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 05 March 2016 - 05:53 PM

Hello guys! I seem to be having trouble removing an adware called bdt.femurssculler.com on my laptop. I have tried malwarebytes a couple times, and I googled for solutions and all I can find are bogus software that I could install, but I will not because I know it will cause more problems for me. Please help. I'm not uber tech savvy so I may need a little more guidance. Thanks to whoever will help



BC AdBot (Login to Remove)

 


#2 gaberilde

gaberilde

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 05 March 2016 - 06:02 PM

try adwcleaner 


The Friget spinner is spreading like the WanaCry ransomware!


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 05 March 2016 - 06:24 PM

Hi freijya :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 freijya

freijya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 March 2016 - 03:51 AM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Freijya (administrator) on 06-03-2016 at 00:46:54
Running from "C:\Users\Freijya\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Alienware 17 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Alexander
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 34-E6-D7-19-02-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 48-51-B7-5A-E0-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 48-51-B7-5A-E0-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a123:6cfc:63d5:53e7%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 4, 2016 3:25:17 PM
   Lease Expires . . . . . . . . . . : Monday, March 7, 2016 12:43:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 71848375
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-3D-00-04-34-E6-D7-19-02-04
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 48-51-B7-5A-E0-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9D1B0DAD-342E-42C4-B7CF-1FBA34785915}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:289e:1664:b661:9124(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::289e:1664:b661:9124%17(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-3D-00-04-34-E6-D7-19-02-04
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  www.routerlogin.com
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:807::200e
 172.217.0.14
 
 
Pinging google.com [216.58.219.14] with 32 bytes of data:
Reply from 216.58.219.14: bytes=32 time=18ms TTL=52
Reply from 216.58.219.14: bytes=32 time=18ms TTL=52
 
Ping statistics for 216.58.219.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  www.routerlogin.com
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=32ms TTL=51
Reply from 206.190.36.45: bytes=32 time=31ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 32ms, Average = 31ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...34 e6 d7 19 02 04 ......Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
 10...48 51 b7 5a e0 7a ......Microsoft Wi-Fi Direct Virtual Adapter
 13...48 51 b7 5a e0 79 ......Intel® Dual Band Wireless-AC 7260
  4...48 51 b7 5a e0 7d ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    276
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:9d38:90d7:289e:1664:b661:9124/128
                                    On-link
 13    276 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::289e:1664:b661:9124/128
                                    On-link
 13    276 fe80::a123:6cfc:63d5:53e7/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/05/2016 05:54:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ALEXANDER)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2016 01:53:21 AM) (Source: YSearchUtilSvc) (User: )
Description: YSearchUtilSvc error: The operation completed successfully. (0x0)Could not open service (1060)
 
Error: (03/04/2016 04:08:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157
 
Error: (03/04/2016 04:08:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157
 
 
System errors:
=============
Error: (03/05/2016 02:54:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/05/2016 01:56:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/05/2016 01:48:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (03/05/2016 01:48:43 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/04/2016 04:08:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/04/2016 03:27:58 PM) (Source: DCOM) (User: ALEXANDER)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46121.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server5microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mcaUnavailableUnavailable
 
Error: (03/04/2016 03:27:55 PM) (Source: DCOM) (User: ALEXANDER)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (03/04/2016 03:26:08 PM) (Source: DCOM) (User: ALEXANDER)
Description: CortanaUI.AppXvtawfp8s388m3217mfbq5fa3myj37wpa.mca
 
Error: (03/04/2016 03:26:07 PM) (Source: DCOM) (User: ALEXANDER)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable
 
Error: (03/04/2016 03:25:56 PM) (Source: DCOM) (User: ALEXANDER)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.331Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.3UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2016 05:54:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ALEXANDER)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (03/05/2016 02:54:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (03/05/2016 01:56:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2016 01:53:21 AM) (Source: YSearchUtilSvc)(User: )
Description: YSearchUtilSvc error: The operation completed successfully. (0x0)Could not open service (1060)
 
Error: (03/04/2016 04:08:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157
 
Error: (03/04/2016 04:08:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-03-02 15:49:10.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-01 23:51:17.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-29 17:43:10.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-26 02:18:04.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 02:13:58.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 01:32:06.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 01:26:53.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-20 14:49:50.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-17 23:06:57.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-16 01:28:38.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Alienware)
Alienware Command Center (HKLM\...\{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.11C - ) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.11C - )
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArtRage 4 (HKLM-x32\...\{A87C7329-F20A-42A7-8A3C-67FDEB1B5C2A}) (Version: 4.0.6.0 - Ambient Design) Hidden
ArtRage 4 (HKLM-x32\...\ArtRage 4 4.0.6.0) (Version: 4.0.6.0 - Ambient Design)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Black Mesa (HKLM-x32\...\Steam App 362890) (Version:  - )
Black Mesa Dedicated Server (HKLM-x32\...\Steam App 346680) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
Catalyst Control Center Next Localization BR (HKLM\...\{6CFBF30D-DCAA-A3CD-2882-DC46B2F4DBCF}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{BCAC01F9-ABE3-168A-6E98-6111A0A9EA93}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{3F9EA5DA-F7FB-3A8F-DE31-8CD740D45F46}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{8B6380E1-E539-655A-CDE4-DB98AAC92181}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{C151DCC9-554D-D949-1AC9-B7DFFA7E1533}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{02CD3F20-7499-4949-7A04-E5497EDC6DAA}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F837B991-0186-BC21-8C00-2496D7853934}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{6B99B72D-80AF-29A4-9356-72FFD9CD8DCA}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{46D07CEF-534A-E09B-D3AE-4ADF84BE143E}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B2CEE5CD-8DDE-2A2E-C0FB-B4DFE9375A44}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3351FAE7-F941-0263-73FA-6C233CFC3EFF}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{2ADF7E47-200B-B40A-0874-0BAC87982147}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{B29B2E62-3CD6-2846-6104-42FE47D4B533}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{FF5C55C6-EDC1-2874-49ED-FB29D1568368}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{08EA1F52-9981-0AA4-DBE1-B58E8ACFB5AD}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{EBD900C6-DD20-2795-7230-85A5E32B207F}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B99E2A2D-85E8-6F78-C2B7-110664D85683}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5107B1E4-6750-21E0-5FD5-FC11760AE58B}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{2DE761AA-9248-EEF3-F3E2-E0CAD61E4D64}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{4D04DD17-8083-EBEE-8AE5-4D4E70F9EFD1}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A36C40FE-4F91-6612-E1EE-327C6E0C9B8A}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fear Equation (HKLM-x32\...\Steam App 428350) (Version:  - Screwfly Studios)
Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version:  - Over the Top Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Gotham City Impostors (HKLM-x32\...\Steam App 21170) (Version:  - Monolith Productions)
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Haunt the House: Terrortown (HKLM-x32\...\Steam App 270630) (Version:  - SFB Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Killer is Dead (HKLM-x32\...\Steam App 261110) (Version:  - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Lucius (HKLM-x32\...\Steam App 218640) (Version:  - Shiver Games)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Monitor Calibration Wizard 1.0 (HKLM-x32\...\Monitor Calibration Wizard) (Version:  - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{69C424A3-8863-FF59-FCF3-E3D94AB696FA}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)
Pathologic Classic HD (HKLM-x32\...\Steam App 384110) (Version:  - Ice-pick Lodge)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
Pokémon Trading Card Game Online (HKLM-x32\...\{AC229317-036F-45B9-84CE-08625DCAC217}) (Version: 2.34.1 - The Pokémon Company International)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (HKLM-x32\...\{157B0821-794E-F851-EE61-1C755225B623}) (Version: 1.00.1. - AMD) Hidden
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Safer Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.33 - Safer Technologies, Inc.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.2.0.37 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.58.0 - Samsung Electronics Co., Ltd.)
Sheltered (HKLM-x32\...\Steam App 356040) (Version:  - Unicube)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Spotify (HKCU\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Tharsis (HKLM-x32\...\Steam App 323060) (Version:  - Choice Provisions)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version:  - Croteam)
The Witcher 2 Enhanced Edition version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version:  - Troika Games)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Who's Your Daddy (HKLM-x32\...\Steam App 427730) (Version:  - Joe Williams)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs)
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 8073.02 MB
Available physical RAM: 3016.47 MB
Total Virtual: 11017.02 MB
Available Virtual: 4905.94 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:920.69 GB) (Free:116.56 GB) NTFS
3 Drive g: () (CDROM) (Total:2.9 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\ALEXANDER
 
Administrator            DefaultAccount           Freijya                  
Guest                    
 
 
**** End of log ****
 


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 06 March 2016 - 09:30 AM

You can uninstall Bonjour and Java 8 Update 66. Once done, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 freijya

freijya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 March 2016 - 05:29 PM

# AdwCleaner v5.100 - Logfile created 06/03/2016 at 14:16:33
# Updated 06/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Freijya - ALEXANDER
# Running from : C:\Users\Freijya\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : WinDivert64
[-] Service Deleted : Shell&ServicesEngine
[-] Service Deleted : Shell&ServicesEngine_updater_service
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Freijya\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\SysNative\drivers\WinDivert64.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : [x64] HKLM\SOFTWARE\adwareROI
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://astromenda.com/?f=7&a=ast_ir_14_41_ch&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCtCyC0F0AyE0Bzy0C0DtN0D0Tzu0StCtDtCtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtDtBzyyCyBzztGyEyC0DyCtGtB0FtDzytG0E0BtBtBtGyD0C0F0A0Dzy0ByCyD0D0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzyyB0EyD0BtBtGtByDyEtBtGyEtA0D0FtG0BtDtA0CtGzy0EtBtAzy0A0CyE0F0FyE0F2Q&cr=521998975&ir=
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2086 bytes] - [06/03/2016 14:16:33]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2127 bytes] - [06/03/2016 14:10:22]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2272 bytes] ##########
 


#7 freijya

freijya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 March 2016 - 05:34 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Freijya (Administrator) on Sun 03/06/2016 at 14:30:42.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\safer technologies (Folder) 
Successfully deleted: C:\Users\Freijya\AppData\Roaming\Mozilla\Firefox\Profiles\e7i0x3ej.default\user.js (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4BD7DA393AA10DA34C2CBA4229071A9D (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/06/2016 at 14:33:42.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#8 freijya

freijya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 March 2016 - 06:40 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/6/2016
Scan Time: 2:37 PM
Logfile: mw.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.06.04
Rootkit Database: v2016.02.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Freijya
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370707
Time Elapsed: 22 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, Quarantined, [2963ceb68d0ca096006abdbb8c78ac54], 
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Freijya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, Quarantined, [fa92b8cce3b687afe189bcbcdb29fe02], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 06 March 2016 - 07:07 PM

Are you still gettings the ads and/or redirects in your web browser now?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 freijya

freijya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 March 2016 - 01:16 AM

I had to wait a little while to see if the ads would pop back. Now it's safe to say it is really gone. Thank you so much for your help! Is there anyway I can help support you guys on this website?



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 07 March 2016 - 06:24 AM

No problem freijya, you're welcome :)

BleepingComputer doesn't take donations, instead we encourage you to give to a local charity of your choice if you feel like it :) However, right now, BleepingComputer needs help as Enigma Software Group USA, LLC filled a lawsuit against the website in response of a "negative review" of one of their products, SpyHunter, that was posted here, and the website is currently crowdfunding the defence. You can read more about this in the article below.

http://www.bleepingcomputer.com/announcement/frivolous-lawsuits/help-bleepingcomputer-defend-freedom-of-speech/

Any help is appreciated :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users