Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yesdesktop still remains in google chrome browser


  • Please log in to reply
7 replies to this topic

#1 KostasK

KostasK

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 May 2017 - 08:05 AM

To begin with, after installing a freeware program, my computer was infected with yeadesktop.
For removing yeadesktop the following steps were made:
 
1)I unistalled yesdesktop with revo unistaller
2)after running spy hunter 4,it showed me that yeadesktop was still on my system in the following paths:
 
yeadesktop.com
path:HKLM/software/wow6632node/microsoft/internet explorer/main/featurecontrol/feature_browser_emulation::yeadesktop.exe
 
yeadesktop preferences
path:Users/USER-PC/AppData/Local/Google/Chrome/User Data/Profile 2/Preferences 
Therefore, I deleted both of them.
 
 
3)I used unhackme program to see if there was still on my computer.Turns out, it was still there and unhackme removed it.
 
4)Runned adwcleaner,hitmanpro.Both didn't detect anything.
 
 
Now everytime I tried to install google chrome malwarebytes program detect it as  adware.elex.generic.
After the installation when I click in google chrome icon a message''User/USER NAME/AppData/Local/kemgadeojglibflomicgnfeopkdfflnk pops up  and yeadesktop webpage opens. I can still use chrome browser but everytime it opens the same webpage pops up,
 
 
Windows 7(64bit)


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:12 AM

Posted 03 May 2017 - 10:43 AM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.


Edited by iMacg3, 03 May 2017 - 10:47 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 KostasK

KostasK
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 07 May 2017 - 11:36 AM

Thanks for your response.The thing is that before you post I tried one more time.I used malwarebytes program in safe mode.Since then there was no problem in google chrome.

However, I tried your advice anyway.

Here are the logs:

Mini toolbox farbar log

MiniToolBox by Farbar  Version: 17-06-2016
Ran by USER-PC (administrator) on 04-05-2017 at 19:42:03
Running from "C:\Users\USER-PC\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Pavilion g6 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
127.0.0.1 validation.sls.microsoft.com
========================= IP Configuration: ================================
 
Broadcom 4313 802.11b/g/n = Σύνδεση ασύρματου δικτύου (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Σύνδεση ασύρματου δικτύου 2 (Media disconnected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# η£ © §¨£β«¨ΰ¤ IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
 
 
popd
# ’βΆ¦ ¨η£ © §¨£β«¨ΰ¤ IPv4
 
 
 
η£ © §¨£β«¨ΰ¤ IP «ΰ¤ Windows
 
   ξ¤¦£ ΅¤«¨΅¦η ¬§¦Ά¦ ©«γ . . . . : USER-PC-PC
   „§ε£ ΅η¨ ¦¬ DNS  . . . . . . . : 
   ’秦 ΅ζ£™¦¬. . . . . . . . . . . : “™¨ › ΅ζ
   „¤¨¦§¦ε© ›¨¦£¦Άζ© IP. . . : ξ® 
   „¤¨¦§¦ε© £©¦Άα™© WINS . . : ξ® 
   ε©« ¤γ«© § £α«ΰ¤ DNS . : forthnet.lan
 
¨¦©¨£¦β ©η¨£«¦¬ › ΅«η¦¬ LAN ‘礛© ©η¨£«¦¬ › ΅«η¦¬ 2:
 
   ‰«α©«© £β©¦¬ . . . . . . . . . : λ®  §¦©¬¤›ε
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: 
   ¨ ¨­γ . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   ”¬© ΅γ › 笤©. . . . . . . . . : E0-2A-82-FC-26-BC
   „¤¨¦§¦ε© DHCP. . . . . . . .  :  
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
 
¨¦©¨£¦β ©η¨£«¦¬ › ΅«η¦¬ LAN ‘礛© ©η¨£«¦¬ › ΅«η¦¬:
 
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: forthnet.lan
   ¨ ¨­γ . . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
   ”¬© ΅γ › 笤©. . . . . . . . . : E0-2A-82-FC-26-BC
   „¤¨¦§¦ε© DHCP. . . . . . . .  :  
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
   ƒ 笤© IPv6 «¦§ ΅γ ©η¤›© . : fe80::f445:194:7b79:cbe3%15(¨¦« £ι£¤¦) 
   ƒ 笤© IPv4. . . . . . . . . . : 192.168.1.67(¨¦« £ι£¤¦) 
   ‹α©΅ ¬§¦› ΅«η¦¬. . . . . . . . . : 255.255.255.0
   λ¤¨¥ ΅£ε©ΰ©. . . . . . . .  : ⣧«, 4 ‹?¦¬ 2017 7:29:37 ££
   γ¥ ΅£ε©ΰ© . . . . . . . . . : ¨©΅¬γ, 5 ‹?¦¬ 2017 7:41:50 ££
   ¨¦§ Ά£β¤ §ηΆ . . . . . . .  : 192.168.1.1
   ƒ ΅¦£ ©«γ DHCP . . . . . . . .  : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 232794754
   DUID ¬§¦Ά¦ ©«γ-§Άα« DHCPv6 . . : 00-01-00-01-1C-1E-69-D8-E0-2A-82-FC-26-BC
   ƒ ΅¦£ ©«β DNS . . . . . . . . . : 192.168.1.1
   NetBIOS © Tcpip. . . . . . . . . : „¤¨¦§¦ £β¤¦
 
¨¦©¨£¦β Ethernet Local Area Connection:
 
   ‰«α©«© £β©¦¬ . . . . . . . . . : λ®  §¦©¬¤›ε
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: forthnet.lan
   ¨ ¨­γ . . . . . . . . . . . . : Realtek PCIe FE Family Controller
   ”¬© ΅γ › 笤©. . . . . . . . . : 98-4B-E1-A6-9F-AF
   „¤¨¦§¦ε© DHCP. . . . . . . .  :  
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
 
¨¦©¨£¦β Ethernet Bluetooth Network Connection:
 
   ‰«α©«© £β©¦¬ . . . . . . . . . : λ®  §¦©¬¤›ε
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: 
   ¨ ¨­γ . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   ”¬© ΅γ › 笤©. . . . . . . . . : E0-2A-82-D5-B3-5A
   „¤¨¦§¦ε© DHCP. . . . . . . .  :  
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
 
¨¦©¨£¦β › ¦®β«¬© isatap.forthnet.lan:
 
   ‰«α©«© £β©¦¬ . . . . . . . . . : λ®  §¦©¬¤›ε
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: forthnet.lan
   ¨ ¨­γ . . . . . . . . . . . . : ¨¦©¨£¦β Microsoft ISATAP
   ”¬© ΅γ › 笤©. . . . . . . . . : 00-00-00-00-00-00-00-E0
   „¤¨¦§¦ε© DHCP. . . . . . .. . : ξ® 
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
 
¨¦©¨£¦β › ¦®β«¬© isatap.{62B79245-85C4-4DD2-BC1E-422BE05A0BF1}:
 
   ‰«α©«© £β©¦¬ . . . . . . . . . : λ®  §¦©¬¤›ε
   „§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: 
   ¨ ¨­γ . . . . . . . . . . . . : ¨¦©¨£¦β Microsoft ISATAP #3
   ”¬© ΅γ › 笤©. . . . . . . . . : 00-00-00-00-00-00-00-E0
   „¤¨¦§¦ε© DHCP. . . . . . .. . : ξ® 
   €¬«ζ£« ¨η£ © ¤¨γ . . . . . :  
Διακομιστής:  myrouter.forthnet.lan
Address:  192.168.1.1
 
Όνομα:   google.com
Address:  172.217.23.110
 
 
„΅«Άε«   Ά «¦¬¨ε Ping ©«¦ google.com [172.217.23.110] £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 172.217.23.110: bytes=32 ®¨ζ¤¦=109ms TTL=52
€§α¤«© §ζ: 172.217.23.110: bytes=32 ®¨ζ¤¦=109ms TTL=52
 
‘«« ©« ΅α ©«¦ ®ε Ping 172.217.23.110:
    ΅β«: €§©«Ά£β¤ = 2, ­β¤« = 2,
            €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅  § ©«¨¦­γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
    „Άα® ©«¦ = 109ms, ‹β ©«¦ = 109ms, ‹β©¦ 樦 = 109ms
Διακομιστής:  myrouter.forthnet.lan
Address:  192.168.1.1
 
Όνομα:   yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
„΅«Άε«   Ά «¦¬¨ε Ping ©«¦ yahoo.com [206.190.36.45] £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 206.190.36.45: bytes=32 ®¨ζ¤¦=263ms TTL=50
€§α¤«© §ζ: 206.190.36.45: bytes=32 ®¨ζ¤¦=227ms TTL=50
 
‘«« ©« ΅α ©«¦ ®ε Ping 206.190.36.45:
    ΅β«: €§©«Ά£β¤ = 2, ­β¤« = 2,
            €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅  § ©«¨¦­γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
    „Άα® ©«¦ = 227ms, ‹β ©«¦ = 263ms, ‹β©¦ 樦 = 245ms
 
„΅«Άε«   Ά «¦¬¨ε Ping ©«¦ 127.0.0.1 £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128
€§α¤«© §ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128
 
‘«« ©« ΅α ©«¦ ®ε Ping 127.0.0.1:
    ΅β«: €§©«Ά£β¤ = 2, ­β¤« = 2,
            €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅  § ©«¨¦­γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
    „Άα® ©«¦ = 0ms, ‹β ©«¦ = 0ms, ‹β©¦ 樦 = 0ms
===========================================================================
ε©« › ©¬¤›β©ΰ¤
 16...e0 2a 82 fc 26 bc ......Microsoft Virtual WiFi Miniport Adapter #2
 15...e0 2a 82 fc 26 bc ......Broadcom 4313 802.11b/g/n
 13...98 4b e1 a6 9f af ......Realtek PCIe FE Family Controller
 12...e0 2a 82 d5 b3 5a ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 ¨¦©¨£¦β Microsoft ISATAP
 19...00 00 00 00 00 00 00 e0 ¨¦©¨£¦β Microsoft ISATAP #3
===========================================================================
 
IPv4 夡 › ›¨¦£ι¤
===========================================================================
„¤¨β › ›¨¦£β:
ƒ 笤© › ΅«η¦¬    ‹α©΅ › ΅«η¦¬             ηΆ      ƒ ©η¤›©   ‹β«¨¦
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.67     25
        127.0.0.0        255.0.0.0      ‹ ©η¤›©         127.0.0.1    306
        127.0.0.1  255.255.255.255      ‹ ©η¤›©         127.0.0.1    306
  127.255.255.255  255.255.255.255      ‹ ©η¤›©         127.0.0.1    306
      192.168.1.0    255.255.255.0      ‹ ©η¤›©      192.168.1.67    281
     192.168.1.67  255.255.255.255      ‹ ©η¤›©      192.168.1.67    281
    192.168.1.255  255.255.255.255      ‹ ©η¤›©      192.168.1.67    281
        224.0.0.0        240.0.0.0      ‹ ©η¤›©         127.0.0.1    306
        224.0.0.0        240.0.0.0      ‹ ©η¤›©      192.168.1.67    281
  255.255.255.255  255.255.255.255      ‹ ©η¤›©         127.0.0.1    306
  255.255.255.255  255.255.255.255      ‹ ©η¤›©      192.168.1.67    281
===========================================================================
‘¬¤®ε › ›¨¦£β:
  ‰£ε
 
IPv6 夡 › ›¨¦£ι¤
===========================================================================
„¤¨β › ›¨¦£β:
 ƒ 笤© › ΅«η¦¬ £«¨ ΅γ If    ηΆ
  1    306 ::1/128                  ‹ ©η¤›©
 15    281 fe80::/64                ‹ ©η¤›©
 15    281 fe80::f445:194:7b79:cbe3/128
                                    ‹ ©η¤›©
  1    306 ff00::/8                 ‹ ©η¤›©
 15    281 ff00::/8                 ‹ ©η¤›©
===========================================================================
‘¬¤®ε › ›¨¦£β:
  ‰£ε
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/04/2017 07:41:37 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής McTkSchedulerService.exe, έκδοση 4.12.108.0, χρονική σήμανση 0x586ebc3e
Όνομα ελαττωματικής λειτουργικής μονάδας unknown, έκδοση 0.0.0.0, χρονική σήμανση 0x00000000
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000007fe7cc55fd4
Αναγνωριστικό ελαττωματικής διεργασίας: 0x13f0
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xMcTkSchedulerService.exe0
Διαδρομή ελαττωματικής εφαρμογής: McTkSchedulerService.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:McTkSchedulerService.exe2
Αναγνωριστικό αναφοράς:McTkSchedulerService.exe3
 
Error: (05/04/2017 07:41:36 PM) (Source: .NET Runtime) (User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:40:19 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής McTkSchedulerService.exe, έκδοση 4.12.108.0, χρονική σήμανση 0x586ebc3e
Όνομα ελαττωματικής λειτουργικής μονάδας unknown, έκδοση 0.0.0.0, χρονική σήμανση 0x00000000
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000007fe7e575fd4
Αναγνωριστικό ελαττωματικής διεργασίας: 0x128c
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xMcTkSchedulerService.exe0
Διαδρομή ελαττωματικής εφαρμογής: McTkSchedulerService.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:McTkSchedulerService.exe2
Αναγνωριστικό αναφοράς:McTkSchedulerService.exe3
 
Error: (05/04/2017 07:40:19 PM) (Source: .NET Runtime) (User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:39:03 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής McTkSchedulerService.exe, έκδοση 4.12.108.0, χρονική σήμανση 0x586ebc3e
Όνομα ελαττωματικής λειτουργικής μονάδας unknown, έκδοση 0.0.0.0, χρονική σήμανση 0x00000000
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000007fe80ef5fd4
Αναγνωριστικό ελαττωματικής διεργασίας: 0x1238
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xMcTkSchedulerService.exe0
Διαδρομή ελαττωματικής εφαρμογής: McTkSchedulerService.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:McTkSchedulerService.exe2
Αναγνωριστικό αναφοράς:McTkSchedulerService.exe3
 
Error: (05/04/2017 07:39:01 PM) (Source: .NET Runtime) (User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:37:44 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής McTkSchedulerService.exe, έκδοση 4.12.108.0, χρονική σήμανση 0x586ebc3e
Όνομα ελαττωματικής λειτουργικής μονάδας unknown, έκδοση 0.0.0.0, χρονική σήμανση 0x00000000
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000007fe836c5fd4
Αναγνωριστικό ελαττωματικής διεργασίας: 0xf0
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xMcTkSchedulerService.exe0
Διαδρομή ελαττωματικής εφαρμογής: McTkSchedulerService.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:McTkSchedulerService.exe2
Αναγνωριστικό αναφοράς:McTkSchedulerService.exe3
 
Error: (05/04/2017 07:37:44 PM) (Source: .NET Runtime) (User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:36:29 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής McTkSchedulerService.exe, έκδοση 4.12.108.0, χρονική σήμανση 0x586ebc3e
Όνομα ελαττωματικής λειτουργικής μονάδας unknown, έκδοση 0.0.0.0, χρονική σήμανση 0x00000000
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000007fe82d45fd4
Αναγνωριστικό ελαττωματικής διεργασίας: 0xf48
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xMcTkSchedulerService.exe0
Διαδρομή ελαττωματικής εφαρμογής: McTkSchedulerService.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:McTkSchedulerService.exe2
Αναγνωριστικό αναφοράς:McTkSchedulerService.exe3
 
Error: (05/04/2017 07:36:28 PM) (Source: .NET Runtime) (User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
 
System errors:
=============
Error: (05/04/2017 07:41:39 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:40:21 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:37:46 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:36:31 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:35:14 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:33:58 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:31:58 PM) (Source: Service Control Manager) (User: )
Description: Η υπηρεσία Intel Security True Key Scheduler τερματίστηκε απροσδόκητα.  Αυτό έχει συμβεί 1 φορές.  Θα εκτελεστεί η ακόλουθη διορθωτική κίνηση σε 60000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.
 
Error: (05/04/2017 07:30:29 PM) (Source: Service Control Manager) (User: )
Description: Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας Intel Security True Key εξαιτίας του ακόλουθου σφάλματος: 
%%1053 = Η υπηρεσία δεν αποκρίθηκε στην αίτηση εκκίνησης ή ελέγχου μέσα σε εύλογο χρόνο.
 
 
Error: (05/04/2017 07:30:29 PM) (Source: Service Control Manager) (User: )
Description: Το χρονικό όριο αναμονής ξεπεράστηκε (30000 χιλιοστά του δευτερολέπτου) κατά την αναμονή για τη σύνδεση της υπηρεσίας Intel Security True Key.
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2017 07:41:37 PM) (Source: Application Error)(User: )
Description: McTkSchedulerService.exe4.12.108.0586ebc3eunknown0.0.0.000000000c0000005000007fe7cc55fd413f001d2c4f54294eeafC:\Program Files\TrueKey\McTkSchedulerService.exeunknown8a0ba15a-30e8-11e7-bd86-e02a82d5b35a
 
Error: (05/04/2017 07:41:36 PM) (Source: .NET Runtime)(User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:40:19 PM) (Source: Application Error)(User: )
Description: McTkSchedulerService.exe4.12.108.0586ebc3eunknown0.0.0.000000000c0000005000007fe7e575fd4128c01d2c4f51583b660C:\Program Files\TrueKey\McTkSchedulerService.exeunknown5b8353ee-30e8-11e7-bd86-e02a82d5b35a
 
Error: (05/04/2017 07:40:19 PM) (Source: .NET Runtime)(User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:39:03 PM) (Source: Application Error)(User: )
Description: McTkSchedulerService.exe4.12.108.0586ebc3eunknown0.0.0.000000000c0000005000007fe80ef5fd4123801d2c4f4e6810709C:\Program Files\TrueKey\McTkSchedulerService.exeunknown2e639c79-30e8-11e7-bd86-e02a82d5b35a
 
Error: (05/04/2017 07:39:01 PM) (Source: .NET Runtime)(User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:37:44 PM) (Source: Application Error)(User: )
Description: McTkSchedulerService.exe4.12.108.0586ebc3eunknown0.0.0.000000000c0000005000007fe836c5fd4f001d2c4f4b997065dC:\Program Files\TrueKey\McTkSchedulerService.exeunknownff28772e-30e7-11e7-bd86-e02a82d5b35a
 
Error: (05/04/2017 07:37:44 PM) (Source: .NET Runtime)(User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
Error: (05/04/2017 07:36:29 PM) (Source: Application Error)(User: )
Description: McTkSchedulerService.exe4.12.108.0586ebc3eunknown0.0.0.000000000c0000005000007fe82d45fd4f4801d2c4f48beabc8bC:\Program Files\TrueKey\McTkSchedulerService.exeunknownd2a10295-30e7-11e7-bd86-e02a82d5b35a
 
Error: (05/04/2017 07:36:28 PM) (Source: .NET Runtime)(User: )
Description: Εφαρμογή: McTkSchedulerService.exe
Έκδοση Framework: v4.0.30319
Περιγραφή: Η διεργασία τερματίστηκε λόγω μιας εξαίρεσης που δεν αντιμετωπίστηκε.
Πληροφορίες εξαίρεσης: System.NullReferenceException
   σε SchedulerTasksHelper.SchedulerMgr.OOBEWait()
   σε SchedulerTasksHelper.SchedulerMgr.Initialize()
   σε SchedulerService.Service1.SchedulerThreadWork()
   σε System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   σε System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   σε System.Threading.ThreadHelper.ThreadStart()
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-07-05 23:49:32.367
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-05 23:49:32.304
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-19 15:43:21.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-19 12:25:05.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-19 12:25:05.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-19 12:25:05.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{70F55D70-7E5F-6291-4924-2F7640F19BFE}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800C6F92052D}) (Version: 1.1.0.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.0.0 - Autodesk)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Counter-Strike Global Offensive έκδοση 1.35.2.7 (HKLM\...\{BD051FE3-1575-4CD6-81ED-E905FA94720B}_is1) (Version: 1.35.2.7 - Strogino CS Portal)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5120 - CyberLink Corp.)
Driver Easy 5.1.6 (HKLM\...\DriverEasy_is1) (Version: 5.1.6 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Antivirus License Finder (MiNODLogin) (HKLM-x32\...\MiNODLogin) (Version: 4.0.2.66 - GuillerSoft)
ESET NOD32 Antivirus (HKLM\...\{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 7.24.0.5636 (HKCU\...\GoToMeeting) (Version: 7.24.0.5636 - CitrixOnline)
Gramblr (HKLM\...\Gramblr) (Version: 2.8.1 - Gramblr Team)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{83B88C8C-30E6-4811-86A1-3EB8E3C091CD}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{78886952-078B-44A3-83EF-2E7613D6881E}) (Version: 12.5.32.37 - HP)
HP Wireless Assistant (HKLM\...\{F052A833-CBDE-4CAE-9C94-C8FCC5782F4F}) (Version: 4.0.10.0 - Hewlett-Packard)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Software Updater (HKLM-x32\...\{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Greek/Ελληνικά (HKLM-x32\...\Office14.OMUI.el-gr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobiKin Doctor for Android (HKCU\...\MobiKin Doctor for Android) (Version: 1.0.0.11 - MobiKin)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version:  - Greatis Software, LLC.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0408-0000-0000000FF1CE}_Office14.OMUI.el-gr_{3A75628F-649E-466A-ADA1-AF61121D383C}) (Version:  - Microsoft)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
UnHackMe 8.80 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Απεγκατάσταση εκτυπωτή EPSON BX300F Series (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
 
========================= Devices: ================================
 
Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\8&254E360E&0&000000000000_00000000
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&254E360E&0&000000000000_00000000
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Προσαρμογέας διοχέτευσης Microsoft Teredo
Description: Προσαρμογέας διοχέτευσης Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\NET\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Device ID: ROOT\LEGACY_ZAM\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Device ID: ROOT\LEGACY_ZAM_GUARD\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&254E360E&0&000000000000_00000000
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 72%
Total physical RAM: 2933.86 MB
Available physical RAM: 803.66 MB
Total Virtual: 2932.04 MB
Available Virtual: 603.86 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:2.26 GB) NTFS
 
========================= Users: ========================================
 
¦¨ ©£¦ε User \\USER-PC-PC
 
Administrator            Guest                    USER-PC                  
† ¤«¦Άγ ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.
 
========================= Restore Points ==================================
 
 
**** End of log ****
 
 
 
 
Secirity check log

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 5.2   
Malwarebytes               
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 111  
 Java version 32-bit out of Date!
 Adobe Flash Player 25.0.0.148  
 Google Chrome (58.0.3029.96) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Kaspersky Lab Kaspersky Security Scan kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Rkill log

kill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/04/2017 11:04:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 validation.sls.microsoft.com
 
Program finished at: 05/04/2017 11:13:58 PM
Execution time: 0 hours(s), 9 minute(s), and 53 seconds(s)
 
 
Junkware removal tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by USER-PC (Administrator) on £ 04/05/2017 at 23:28:36,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\Users\USER-PC\AppData\Roaming\wyupdate au (Folder) 
Successfully deleted: C:\Users\USER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KWV9JLU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU7XFEY8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVHHMQ5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLB21TDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KWV9JLU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU7XFEY8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVHHMQ5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLB21TDQ (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on £ 04/05/2017 at 23:37:12,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by KostasK, 07 May 2017 - 11:45 AM.


#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:12 AM

Posted 07 May 2017 - 12:25 PM

The tools seem to have deleted some adware.

 

Are you still having the YesDesktop problem?


Edited by iMacg3, 07 May 2017 - 12:25 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 KostasK

KostasK
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 08 May 2017 - 08:47 AM

No I don't.

 

Here is the malwarebytes log before I use the tools you mentioned.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/3/17
Scan Time: 6:37 PM
Logfile: malware scan results.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1861
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER-PC-PC\USER-PC
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337417
Time Elapsed: 12 min, 57 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Adware.InstallMonster, HKU\S-1-5-21-2364873656-1161596208-391720990-1000\SOFTWARE\InstallMonster, No Action By User, [141], [392548],1.0.1861
 
Registry Value: 1
PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{29D2B1E0-70FB-47B9-B202-52FA23617A29}, No Action By User, [683], [392933],1.0.1861
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
Adware.IStartSurf, C:\USERS\USER-PC\DOWNLOADS\SMART PC FIXER 52 LICENSE KEY .ZIP, No Action By User, [783], [394434],1.0.1861
PUP.Optional.SpyHunter, C:\USERS\USER-PC\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [1326], [345850],1.0.1861
PUP.Optional.SpyHunter, C:\USERS\USER-PC\DOWNLOADS\SPYHUNTER-INSTALLER (2).EXE, No Action By User, [1326], [345850],1.0.1861
Trojan.WMIHijacker.ClnShrt, C:\USERS\USER-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES, No Action By User, [2187], [394152],1.0.1861
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by KostasK, 08 May 2017 - 08:49 AM.


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:12 AM

Posted 08 May 2017 - 08:58 AM

If YesDesktop is gone, your computer is clean of malware.

 

Download Xplode Delfix and save it to your desktop.

 

  1. Run the Delfix file you downloaded.

  2. Make sure that Remove disinfecton tools is selected and that nothing else is checked. This will remove all the tools we used to clean up the malware.

  3. Click OK and paste the log file for Delfix into a post.

  4. Once finished running Delfix, your computer is clean.

 


Edited by iMacg3, 08 May 2017 - 09:04 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 KostasK

KostasK
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 08 May 2017 - 09:31 AM

Yes, apparently it's free of malware.I just posted the malwarebytes log because I used it before the tools you suggested.Thanks again for your help.
 
 
# DelFix v1.010 - Logfile created 08/05/2017 at 17:23:26
# Updated 26/04/2015 by Xplode
# Username : USER-PC - USER-PC-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.1.0.12_11.11.2016_22.33.42_log.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-02-02-145628.log
Deleted : C:\Users\USER-PC\Desktop\adwcleaner_6.046.exe
Deleted : C:\Users\USER-PC\Desktop\JRT.exe
Deleted : C:\Users\USER-PC\Desktop\JRT.txt
Deleted : C:\Users\USER-PC\Desktop\MiniToolBox.exe
Deleted : C:\Users\USER-PC\Desktop\Rkill.txt
Deleted : C:\Users\USER-PC\Desktop\SecurityCheck.exe
Deleted : C:\Users\USER-PC\Desktop\zoek.exe
Deleted : C:\Users\USER-PC\Downloads\Addition.txt
Deleted : C:\Users\USER-PC\Downloads\[kickass.so]insidious.chapter.2.2013.1080p.brrip.x264.yify.torrent
Deleted : C:\Users\USER-PC\Downloads\rkill.com
Deleted : C:\Users\USER-PC\Downloads\rkill64.com
Deleted : C:\Users\USER-PC\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
########## - EOF - ##########


#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:12 AM

Posted 08 May 2017 - 10:32 AM

Thanks for using Bleeping Computer!

 

Good luck and happy computing!


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users