Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Script Host error


  • Please log in to reply
19 replies to this topic

#1 yahfz

yahfz

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 April 2016 - 08:47 AM

I'm getting a pop-up error every 5mins of an error called Windows script host Error saying "file not found C:\\Windows\Temp\sys.vbs

I ran autoruns and i found lots of yellow and red lines. 

Theres also something else, i can't move any icons on my start menu, and the ones that are already i cant pin out or pin anything in.

I am running Windows 10 x64 Build 10586.164



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 15 April 2016 - 09:03 AM

Hi yahfz :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 April 2016 - 11:13 AM

Hi Aura, thanks for helping me out!

MiniToolBox log:
 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Yahfz (administrator) on 15-04-2016 at 13:09:18
Running from "C:\Users\Yahfz\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
LogMeIn Hamachi Virtual Ethernet Adapter = Hamachi (Connected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet 5 (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Ethernet 5" address=10.3.0.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : YahfzPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 7A-79-19-74-CA-42
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1974:ca42(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::69be:a07e:a0aa:7205%13(Preferred) 
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 84037874
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-01-83-FB-1C-6F-65-C1-40-46
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 5:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 94-DE-80-64-DA-83
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c984:b99c:475d:78f5%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.50(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, April 14, 2016 6:24:04 PM
   Lease Expires . . . . . . . . . . : Monday, May 22, 2152 7:37:34 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 328523392
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-01-83-FB-1C-6F-65-C1-40-46
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  2800:3f0:4001:802::200e
 
 
Pinging google.com [216.58.202.14] with 32 bytes of data:
Reply from 216.58.202.14: bytes=32 time=30ms TTL=56
Reply from 216.58.202.14: bytes=32 time=20ms TTL=56
 
Ping statistics for 216.58.202.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 30ms, Average = 25ms
Server:  UnKnown
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=245ms TTL=49
Reply from 206.190.36.45: bytes=32 time=229ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 229ms, Maximum = 245ms, Average = 237ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...7a 79 19 74 ca 42 ......LogMeIn Hamachi Virtual Ethernet Adapter #2
  7...94 de 80 64 da 83 ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.50     20
          0.0.0.0          0.0.0.0         25.0.0.1                d   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.50    276
     192.168.0.50  255.255.255.255         On-link      192.168.0.50    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.50    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.50    276
        224.0.0.0        240.0.0.0         On-link                 d   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.50    276
  255.255.255.255  255.255.255.255         On-link                 d   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13   9005 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 13    261 2620:9b::/64             On-link
 13    261 2620:9b::/96             On-link
 13    261 2620:9b::1974:ca42/128   On-link
  7    276 fe80::/64                On-link
 13    261 fe80::/64                On-link
 13    261 fe80::69be:a07e:a0aa:7205/128
                                    On-link
  7    276 fe80::c984:b99c:475d:78f5/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    276 ff00::/8                 On-link
 13    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/15/2016 10:50:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: Windows.Gaming.Input.dll, version: 10.0.10586.0, time stamp: 0x5632da39
Exception code: 0xc0000005
Fault offset: 0x000000000000eee8
Faulting process id: 0xa430
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5
 
Error: (04/14/2016 06:02:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: blackops3.exe, version: 0.0.0.0, time stamp: 0x56fdc940
Faulting module name: blackops3.exe, version: 0.0.0.0, time stamp: 0x56fdc940
Exception code: 0xc0000005
Fault offset: 0x0000000000736d85
Faulting process id: 0x1878
Faulting application start time: 0xblackops3.exe0
Faulting application path: blackops3.exe1
Faulting module path: blackops3.exe2
Report Id: blackops3.exe3
Faulting package full name: blackops3.exe4
Faulting package-relative application ID: blackops3.exe5
 
Error: (04/14/2016 05:26:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 16.0.0.625, time stamp: 0x55b134f0
Faulting module name: libeay32.dll, version: 1.0.1.16, time stamp: 0x55a8eff0
Exception code: 0x80000003
Fault offset: 0x000a373b
Faulting process id: 0x6d0
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3
Faulting package full name: avp.exe4
Faulting package-relative application ID: avp.exe5
 
Error: (04/14/2016 05:26:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: CINEBENCH Windows 64 Bit.exe, version: 15.0.3.7, time stamp: 0x522d683a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1664
Faulting application start time: 0xCINEBENCH Windows 64 Bit.exe0
Faulting application path: CINEBENCH Windows 64 Bit.exe1
Faulting module path: CINEBENCH Windows 64 Bit.exe2
Report Id: CINEBENCH Windows 64 Bit.exe3
Faulting package full name: CINEBENCH Windows 64 Bit.exe4
Faulting package-relative application ID: CINEBENCH Windows 64 Bit.exe5
 
Error: (04/14/2016 04:48:00 PM) (Source: Application Hang) (User: )
Description: The program hp6.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1080
 
Start Time: 01d196862aea84d2
 
Termination Time: 4294967295
 
Application Path: D:\Games\Harry potter and the half blood prince\pc\hp6.exe
 
Report Id: ca903ec4-0279-11e6-9c5b-94de8064da83
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/14/2016 04:39:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: CINEBENCH Windows 64 Bit.exe, version: 15.0.3.7, time stamp: 0x522d683a
Faulting module name: CINEBENCH Windows 64 Bit.exe, version: 15.0.3.7, time stamp: 0x522d683a
Exception code: 0x80000003
Fault offset: 0x0000000000675d8b
Faulting process id: 0xc84
Faulting application start time: 0xCINEBENCH Windows 64 Bit.exe0
Faulting application path: CINEBENCH Windows 64 Bit.exe1
Faulting module path: CINEBENCH Windows 64 Bit.exe2
Report Id: CINEBENCH Windows 64 Bit.exe3
Faulting package full name: CINEBENCH Windows 64 Bit.exe4
Faulting package-relative application ID: CINEBENCH Windows 64 Bit.exe5
 
Error: (04/14/2016 04:17:51 PM) (Source: KMS-QAD) (User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:12:26 PM) (Source: KMS-QAD) (User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:09:14 PM) (Source: KMS-QAD) (User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:07:18 PM) (Source: KMS-QAD) (User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
 
System errors:
=============
Error: (04/15/2016 10:50:11 AM) (Source: DCOM) (User: YAHFZPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (04/15/2016 10:50:11 AM) (Source: DCOM) (User: YAHFZPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (04/15/2016 10:50:11 AM) (Source: DCOM) (User: YAHFZPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (04/15/2016 10:50:07 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_620e216 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/15/2016 10:50:07 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_620e216 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/15/2016 10:50:07 AM) (Source: Service Control Manager) (User: )
Description: The Contact Data_620e216 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/15/2016 10:50:07 AM) (Source: Service Control Manager) (User: )
Description: The Sync Host_620e216 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/15/2016 10:50:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/15/2016 03:55:01 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_49d2d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/15/2016 03:55:01 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_49d2d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/15/2016 10:50:11 AM) (Source: Application Error)(User: )
Description: dwm.exe10.0.10586.05632d756Windows.Gaming.Input.dll10.0.10586.05632da39c0000005000000000000eee8a43001d196e3bb3ca368C:\WINDOWS\System32\dwm.exeC:\Windows\System32\Windows.Gaming.Input.dll6f5f91d1-4b41-45db-bf96-e170d80eb842
 
Error: (04/14/2016 06:02:40 PM) (Source: Application Error)(User: )
Description: blackops3.exe0.0.0.056fdc940blackops3.exe0.0.0.056fdc940c00000050000000000736d85187801d19690fafde730D:\Steam Games\steamapps\common\Call of Duty Black Ops III\blackops3.exeD:\Steam Games\steamapps\common\Call of Duty Black Ops III\blackops3.exeeac8e5be-b8de-4d64-9f47-266acecd7f7d
 
Error: (04/14/2016 05:26:56 PM) (Source: Application Error)(User: )
Description: avp.exe16.0.0.62555b134f0libeay32.dll1.0.1.1655a8eff080000003000a373b6d001d1968bb20e6ce9C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\libeay32.dll35859099-b2dd-4078-9073-75f9588a345c
 
Error: (04/14/2016 05:26:48 PM) (Source: Application Error)(User: )
Description: CINEBENCH Windows 64 Bit.exe15.0.3.7522d683aunknown0.0.0.000000000c00000050000000000000000166401d1968bedf3fe9aD:\Backup\Programas\Cinebench\CINEBENCH Windows 64 Bit.exeunknown47dca8cd-b5c8-40cd-9f55-319aefa237fa
 
Error: (04/14/2016 04:48:00 PM) (Source: Application Hang)(User: )
Description: hp6.exe1.0.0.1108001d196862aea84d24294967295D:\Games\Harry potter and the half blood prince\pc\hp6.execa903ec4-0279-11e6-9c5b-94de8064da83
 
Error: (04/14/2016 04:39:52 PM) (Source: Application Error)(User: )
Description: CINEBENCH Windows 64 Bit.exe15.0.3.7522d683aCINEBENCH Windows 64 Bit.exe15.0.3.7522d683a800000030000000000675d8bc8401d19685468dbd35D:\Backup\Programas\Cinebench\CINEBENCH Windows 64 Bit.exeD:\Backup\Programas\Cinebench\CINEBENCH Windows 64 Bit.exe29feb07c-f28d-40e8-a3b5-7ef173e9e5e9
 
Error: (04/14/2016 04:17:51 PM) (Source: KMS-QAD)(User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:12:26 PM) (Source: KMS-QAD)(User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:09:14 PM) (Source: KMS-QAD)(User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
Error: (04/14/2016 04:07:18 PM) (Source: KMS-QAD)(User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-04-15 06:42:22.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-14 09:32:26.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-06 15:37:19.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-06 06:35:22.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-30 07:23:05.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-24 14:11:19.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-24 11:29:33.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-24 11:21:19.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 13:50:16.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-24 22:39:15.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version:  - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.11.160129 - )
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
Darksiders (HKLM\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version:  - Gunfire Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKCU\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dying Light v.1.10 (HKLM-x32\...\Dying Light_is1) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FINAL FANTASY IX (HKLM-x32\...\FINAL FANTASY IX_is1) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{AEDB19D7-A2E9-4896-8780-1CD0F05DD0D6}) (Version: 4.42.579.0 - Futuremark)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
Harry Potter and the Half-Blood Prince™ (HKLM-x32\...\{FD1B1980-8CAB-4474-89F8-1245AF657AD1}) (Version: 1.0.0.0 - Electronic Arts)
IdleMaster (HKCU\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Intel® Chipset Device Software (HKLM-x32\...\{619e726e-d2b4-4e28-9568-c964fd81ee6c}) (Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.4 (HKLM-x32\...\{B731F5C4-E304-4DFA-9C84-F67FF849B408}) (Version: 2.4.0.15 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Product Improvement Program (HKLM-x32\...\{E954D7C1-36FA-4FE8-8927-97DBDEB5A15F}) (Version: 2.1.27.3 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
League of Legends (HKLM-x32\...\{BCCDE721-9F4D-4396-9592-92DD865D965E}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\{446B150E-993B-4D5B-BA82-3C496B5F62D5}) (Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 45.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pt-BR)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NARUTO SHIPPUDEN Ultimate Ninja STORM 4 (HKLM-x32\...\NARUTO SHIPPUDEN Ultimate Ninja STORM 4_is1) (Version:  - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) Hidden
Pro Evolution Soccer 2016 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNg==_is1) (Version: 1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Resident Evil 5 / Biohazard 5 (HKLM-x32\...\Steam App 21690) (Version:  - Capcom)
Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version:  - Crystal Dynamics)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Ryse: Son of Rome (HKLM\...\Steam App 302510) (Version:  - Crytek)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.2.1 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Uso remoto do PS4 (HKLM-x32\...\{0603D5A3-CE1B-4613-AED6-486F0E64F0CA}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 8113.55 MB
Available physical RAM: 5851.64 MB
Total Virtual: 9393.55 MB
Available Virtual: 7011.39 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:110.86 GB) (Free:15.27 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:89.14 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\YAHFZPC
 
Administrator            ASPNET                   DefaultAccount           
Guest                    Yahfz                    
 
 
**** End of log ****

Edited by yahfz, 15 April 2016 - 11:14 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 15 April 2016 - 12:06 PM

It looks to me like you're using KMS to illegally activate Windows and/or other Microsoft programs on your system.
Error: (04/14/2016 04:12:26 PM) (Source: KMS-QAD)(User: )
Description: Failed to start KMSEmulator service (ServiceName: KMS-R@1n) due to the following reason(s).
 * Invalid KeyManagementServicePort! Use a number between 1 and 65535.
I'll ask you to please remove it, otherwise you might be refused assistance here as BleepingComputer doesn't condone piracy.

You current version of Java (Java 8 Update 71) is outdated and vulnerable. I suggest you to uninstall it and install the latest version.

Launch Autoruns with Admin Rights, and delete the entries below (to delete an entry, right-click on it and select Delete).

UsanAJh.png
UpR1LyR.png
1vbgUf6.png

Once done, follow the instructions below.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 April 2016 - 01:12 PM

Junkware removal Log:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Pro x64 
Ran by Yahfz (Administrator) on Fri 04/15/2016 at 14:14:15.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Failed to delete: C:\ProgramData\420258 (Folder) 
Failed to delete: C:\ProgramData\868075 (Folder) 
Successfully deleted: C:\ProgramData\420158 (Folder) 
Successfully deleted: C:\ProgramData\867975 (Folder) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/15/2016 at 14:15:15.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleaner log: 

# AdwCleaner v5.036 - Logfile created 22/02/2016 at 14:41:58
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Yahfz - YAHFZPC
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[#] Folder Deleted : C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[#] Folder Deleted : C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[#] Folder Deleted : C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tv-newtabsearch.com_0.localstorage
[-] File Deleted : C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tv-newtabsearch.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\distromatic
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEpB3EpAn4nB0..&v=20160121&uid=1AD17FF8242094EE34FF24F341B99C1A&ptid=sto&mode=ffsengext");
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEpB3EpAn4nB0..&uid=1AD17FF8242094EE34FF24F341B99C1A&v=20160121");
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEpB3EpAn4nB0..&uid=1AD17FF8242094EE34FF24F341B99C1A&v=20160121");
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEpB3EpAn4nB0..&v=20160121&uid=1AD17FF8242094EE34FF24F341B99C1A&ptid=sto&mode=ffsengext");
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEpB3EpAn4nB0..&uid=1AD17FF8242094EE34FF24F341B99C1A&v=20160121");
[-] [C:\Users\Yahfz\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEpB3EpAn4nB0..&uid=1AD17FF8242094EE34FF24F341B99C1A&v=20160121");
[-] [C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [8867 bytes] - [20/01/2016 13:53:53]
C:\AdwCleaner\AdwCleaner[C2].txt - [3682 bytes] - [22/02/2016 14:41:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [8202 bytes] - [19/12/2015 15:28:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [4512 bytes] - [23/12/2015 04:28:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [637 bytes] - [24/12/2015 03:28:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [668 bytes] - [20/01/2016 13:51:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4045 bytes] ##########
# AdwCleaner v5.111 - Logfile created 15/04/2016 at 14:18:29
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Yahfz - YAHFZPC
# Running from : C:\Users\Yahfz\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [10640 bytes] - [20/01/2016 13:53:53]
C:\AdwCleaner\AdwCleaner[C2].txt - [5175 bytes] - [22/02/2016 14:41:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [9854 bytes] - [19/12/2015 15:28:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [5905 bytes] - [23/12/2015 04:28:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1743 bytes] - [24/12/2015 03:28:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [668 bytes] - [20/01/2016 13:51:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5539 bytes] ##########

 

Antimalwarebytes had no threads/results.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 15 April 2016 - 01:14 PM

Are you able to run JRT again? I want to see if it'll be able to delete these two folders.
Failed to delete: C:\ProgramData\420258 (Folder) 
Failed to delete: C:\ProgramData\868075 (Folder) 

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 April 2016 - 01:22 PM

I just ran JRT again and :
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Pro x64 
Ran by Yahfz (Administrator) on Fri 04/15/2016 at 15:21:01.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Failed to delete: C:\ProgramData\420258 (Folder) 
Failed to delete: C:\ProgramData\868075 (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/15/2016 at 15:21:49.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 15 April 2016 - 02:09 PM

If you go in the ProgramData folder, are you able to manually delete these two folders?
420258
868075

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 April 2016 - 02:16 PM

I can't, it says i need Yahfz-PC Permission to do that.. weird, since i'm the administrator.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 16 April 2016 - 08:40 AM

Are there any files in these folders?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 16 April 2016 - 03:13 PM

Yes, there are two files inside the folder. Not sure what they are tho, the description just say "file"

The first file is called "1" and has 0 bytes.
The second file is called "420258P" and has 340KB.


Edited by yahfz, 16 April 2016 - 03:14 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 17 April 2016 - 09:16 AM

Download the 64-bit version of GrantPerms and save it on your Desktop. Then, right-click on it and select Run as Administrator. Copy/paste the following in the text area.
C:\ProgramData\420258
C:\ProgramData\868075
Once done, click on the Unlock button. You should receive a prompt saying Unlock operation completed. After that, try to delete these two folders.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 April 2016 - 12:36 PM

It worked, thank you.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 17 April 2016 - 12:43 PM

No problem :) Alright, follow the instructions below please.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 April 2016 - 01:09 PM

No suspicious files were detected.

 

Emsisoft Emergency Kit - Version 11.0
Last update: 4/17/2016 3:04:01 PM
User account: YAHFZPC\Yahfz
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/17/2016 3:04:57 PM
 
Scanned 81937
Found 0
 
Scan end: 4/17/2016 3:05:18 PM
Scan time: 0:00:21





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users