Jump to content

Recommended Posts

I don't know how, but today I got infected. My Malwarebytes Antimalware was on and so Anit-exploit. I'm using Maxthon and when I run it after about 15second new tab is automatically opened or just during browsing. Url of this new tab is:


And this opens always when I start Maxthon. I found in the web something like this:


At the bottom of the site is number of detects this site as malicious or something like that.

I tried to delete this virus or as I know now, this is java script manually, but I couldn't. Of course Windows cannot operate with this. I attach screen of results of searching.

post-190602-0-35645400-1438017345.png

But when I click right mouse button on this file windows explorer crashes and taskbar disappear and then appear again, you know. I can't delete it. I don't know why, I'm not into stuffs like that. And I ask you for help. For example adding this one culprit to your database that everyone can be protected.

Thanks in advance for reply and help, and sorry for my bad English.

Link to post
Share on other sites

Hello raxxo3, welcome to Malwarebytes forum!
 
My name is Machiavelli. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Corban at 2015-07-27 22:34:11
Running from C:\Users\Corban\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1422476568-587188849-3428881261-500 - Administrator - Disabled)
Corban (S-1-5-21-1422476568-587188849-3428881261-1001 - Administrator - Enabled) => C:\Users\Corban
DefaultAccount (S-1-5-21-1422476568-587188849-3428881261-503 - Limited - Disabled)
Guest (S-1-5-21-1422476568-587188849-3428881261-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1422476568-587188849-3428881261-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc)
CodeBlocks (HKU\S-1-5-21-1422476568-587188849-3428881261-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}) (Version: 2.0.20.159 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.6.2000 - Maxthon International Limited)
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.4.26.10815) (Version: 1.4.29.10845 - MediaFire)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA nView 146.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.33 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Software Informer 1.4.1303.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.5.0.7 - GOG.com)
Testy Bplus 5.1.3.78 (HKLM-x32\...\{81999787-A518-4218-86D5-C5D25E6808F5}_is1) (Version: 5.1.3.78 - Grupa IMAGE sp. z o.o.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422476568-587188849-3428881261-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Corban\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {11E6980E-976F-457E-8CE2-DC60468EE642} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-07-16] (Maxthon International ltd.)
Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {2E439AD8-78D0-4ECF-A29A-58CB22003762} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\Windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {5D077D42-DE86-4988-939A-E28DAC706B46} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-06-26] (Informer Technologies, Inc.)
Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation)
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-15] (Microsoft Corporation)
Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {B2D43CA1-ADFC-4AF2-9323-8704CDBD2C0F} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2015-05-31] (Systweak Inc)
Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation)
Task: {F7AD9197-3D97-4143-BE21-A8F217A04AF6} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => 0x000A0100E2D61C34D2BA464CADFB0400572D158846000001000000003C000A00200000000014730F000000000013040001208021DF0707000300160002003500000091000000370043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0041006400760061006E006300650064002000440072006900760065007200200055007000640061007400650072005C006100640075002E0065007800650000000D002D0075007000640061007400650063006800650063006B00000000000E0057004F004C005600450053005C0043006F007200620061006E0000000000000008000000000000000000010030000000DF07070013000000000000000200350000000000000000000000000002000000010008000000000000000000

==================== Loaded Modules (Whitelisted) ==============

2015-07-19 02:31 - 2015-07-15 03:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-19 02:16 - 2015-07-27 08:42 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-19 02:31 - 2015-07-11 02:22 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-07-19 14:53 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2015-07-20 19:47 - 2015-07-18 06:19 - 02498808 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-20 19:47 - 2015-07-18 06:19 - 02498808 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-07-19 02:17 - 2015-07-27 20:20 - 00714048 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-26 01:55 - 2015-07-23 03:13 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-19 02:10 - 2015-07-19 02:10 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-22 21:25 - 2015-07-22 21:25 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.721.12350.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-07-22 21:25 - 2015-07-22 21:25 - 11279872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.721.12350.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 14:34 - 2015-07-10 14:34 - 07897088 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
2015-07-24 19:02 - 2015-07-24 19:02 - 07812096 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-07-24 19:02 - 2015-07-24 19:02 - 02060800 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-07-21 19:30 - 2015-07-21 19:30 - 03633664 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1507.15010.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-07-22 21:25 - 2015-07-22 21:25 - 00006656 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_7.7.21024.0_x64__8wekyb3d8bbwe\XboxApp.exe
2015-07-22 21:25 - 2015-07-22 21:25 - 25150464 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_7.7.21024.0_x64__8wekyb3d8bbwe\XboxApp.dll
2015-07-19 03:12 - 2015-07-19 03:12 - 03130368 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_7.7.21024.0_x64__8wekyb3d8bbwe\Avatars.dll
2015-07-19 03:12 - 2015-07-19 03:12 - 04627456 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_7.7.21024.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.dll
2015-07-19 03:12 - 2015-07-19 03:12 - 03943936 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_7.7.21024.0_x64__8wekyb3d8bbwe\XboxNano.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 00083808 _____ () C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Helper.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 00060416 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll
2015-07-24 05:00 - 2015-07-22 04:44 - 06576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-24 05:00 - 2015-07-22 04:43 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-24 05:00 - 2015-07-22 04:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:28 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-07-19 02:16 - 2015-07-27 08:42 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-19 02:19 - 2015-07-16 12:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2015-07-19 02:19 - 2015-07-16 12:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2015-07-19 02:19 - 2015-07-16 12:30 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2015-07-19 02:19 - 2015-07-16 12:31 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2015-07-19 02:19 - 2015-07-16 12:31 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll
2015-07-19 02:19 - 2015-07-16 12:31 - 02128152 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll
2015-07-19 02:19 - 2015-07-16 12:31 - 04055504 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\pdf.dll
2015-07-19 02:19 - 2015-07-16 12:31 - 16843952 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1422476568-587188849-3428881261-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Wallpapers\6814700-vintage-uk-flag-wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{02388768-55D7-40FB-8106-4CA66C323EA1}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75E02A73-501B-4317-9853-001B553D2D69}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC48C56C-D3AA-4F89-82CD-D7DDE740458B}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB877D74-E19A-4762-A6B7-38FB8C8BDE66}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA381F34-A7FD-449B-9B53-0EA6DD40B6A9}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{781677E9-F415-4F87-B670-BA8BBF57221F}] => (Allow) C:\Users\Corban\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8098AEAC-0BA3-4566-AE2A-CC3CD73E606B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DB4B65-43BB-4CF1-8446-61A788081150}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{0BE387DA-1435-4B98-A1DD-A683FEEBC6C7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{7687A563-C013-43BF-846D-5F386C14A219}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{A9ABC025-8D50-4922-A494-D6FB9007929F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

==================== Faulty Device Manager Devices =============

Name: NVIDIA NVS 4200M  
Description: NVIDIA NVS 4200M  
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.

Name: DW5550
Description: DW5550
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2015 10:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Testy.exe version 5.1.3.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: c64

Start Time: 01d0c8b3762b0553

Termination Time: 11

Application Path: C:\Program Files (x86)\Grupa IMAGE\Testy Bplus\Testy.exe

Report Id: e83ba784-34a6-11e5-9be5-d0df9ab13655

Faulting package full name:

Faulting package-relative application ID:

Error: (07/27/2015 10:09:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 888

Start Time: 01d0c8b07a53a3c2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exe

Report Id: c44a3666-34a3-11e5-9be5-d0df9ab13655

Faulting package full name: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/27/2015 10:09:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Package Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/27/2015 08:55:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1d28

Start Time: 01d0c8a62fbca326

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exe

Report Id: 7ac1153b-3499-11e5-9be5-d0df9ab13655

Faulting package full name: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/27/2015 08:55:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Package Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/27/2015 07:35:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 17b0

Start Time: 01d0c89ae88d910e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exe

Report Id: 35dbbae2-348e-11e5-9be4-d0df9ab13655

Faulting package full name: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/27/2015 07:35:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Package Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/27/2015 07:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10240.16404, time stamp: 0x55b31b71
Faulting module name: SHELL32.dll, version: 10.0.10240.16399, time stamp: 0x55b04f5f
Exception code: 0xc0000005
Fault offset: 0x00000000000fc314
Faulting process id: 0x19b8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (07/27/2015 06:48:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10240.16404, time stamp: 0x55b31b71
Faulting module name: SHELL32.dll, version: 10.0.10240.16399, time stamp: 0x55b04f5f
Exception code: 0xc0000005
Fault offset: 0x00000000000fc314
Faulting process id: 0x1f3c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (07/27/2015 06:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10240.16404, time stamp: 0x55b31b71
Faulting module name: SHELL32.dll, version: 10.0.10240.16399, time stamp: 0x55b04f5f
Exception code: 0xc0000005
Fault offset: 0x00000000000fc314
Faulting process id: 0x1370
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

System errors:
=============
Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (07/27/2015 07:58:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (07/27/2015 07:47:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.203.605.0).

Error: (07/27/2015 07:39:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (07/27/2015 07:39:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Microsoft Office:
=========================
Error: (07/27/2015 10:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Testy.exe5.1.3.99c6401d0c8b3762b055311C:\Program Files (x86)\Grupa IMAGE\Testy Bplus\Testy.exee83ba784-34a6-11e5-9be5-d0df9ab13655

Error: (07/27/2015 10:09:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.088801d0c8b07a53a3c24294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exec44a3666-34a3-11e5-9be5-d0df9ab13655Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbweApp

Error: (07/27/2015 10:09:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App

Error: (07/27/2015 08:55:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.01d2801d0c8a62fbca3264294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exe7ac1153b-3499-11e5-9be5-d0df9ab13655Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbweApp

Error: (07/27/2015 08:55:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App

Error: (07/27/2015 07:35:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.017b001d0c89ae88d910e4294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe\Solitaire.exe35dbbae2-348e-11e5-9be4-d0df9ab13655Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbweApp

Error: (07/27/2015 07:35:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: WOLVES)
Description: Microsoft.MicrosoftSolitaireCollection_3.2.7240.0_x64__8wekyb3d8bbwe+App

Error: (07/27/2015 07:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe10.0.10240.1640455b31b71SHELL32.dll10.0.10240.1639955b04f5fc000000500000000000fc31419b801d0c894757540cbC:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll7d6a534c-abe3-4fe7-b9d1-5eae95868130

Error: (07/27/2015 06:48:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe10.0.10240.1640455b31b71SHELL32.dll10.0.10240.1639955b04f5fc000000500000000000fc3141f3c01d0c892dd043445C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll0d1c72c8-24f7-4cf8-96d3-6bd6c862de1c

Error: (07/27/2015 06:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe10.0.10240.1640455b31b71SHELL32.dll10.0.10240.1639955b04f5fc000000500000000000fc314137001d0c88d1124f2b1C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll5ba6293b-78a5-4472-bdbe-a6f87a1626df

==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 70%
Total physical RAM: 3977.05 MB
Available physical RAM: 1169.13 MB
Total Virtual: 4681.05 MB
Available Virtual: 1172.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.82 GB) (Free:59.98 GB) NTFS
Drive d: () (Fixed) (Total:30.31 GB) (Free:6.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 0779F470)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

It's weird because at the moment this 'issue' isn't here. Yet an hour before it stll was auto opening new tab but now, it's not. Yesterday I used CCleaner but it didn't help, yesterday after using this problem was still on and I also reinstalled Maxthon and then this problem was also on, but now, for about 15mins it's gone and everything is ok. I didn't do anything now but it looks like it works properly. I hope it's not only temporal and this problem won't come back. And I HOPE I won't jinx by saying that.... ;_;

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.