Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ividi search malware


  • This topic is locked This topic is locked
41 replies to this topic

#1 jxt

jxt

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 17 November 2013 - 07:36 AM

A friend of mine recently did something a bit idiotic while trying to get a torrent off a torrent website. She clicked the fake download banner instead of the actual torrent file and actually ran the file. It took over the browser and search engine redirecting it to ividi search instead of Google. I helped fix that issue but now there is a popup that keeps occurring "A third party application tried to change your search provider". Can't seem to figure out what it is. Hope I can get some help soon.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 18 November 2013 - 05:05 PM

Hello jxt, and welcome to Bleeping Computer!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

First, I must warn you about P2P programs including BitTorrent:

Going over your logs I noticed that you have BitComet installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitComet, however that choice is up to you. If you choose to remove these programs, you can do so via Computer > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

==========

Step :step1:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Step :step2:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

==========

Please post both requested logs in your next reply!

bloopie



#3 jxt

jxt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 19 November 2013 - 07:06 AM

Here is the AdwCleaner[R0] txt and I also attached the combofix report.

 

# AdwCleaner v3.012 - Report created 19/11/2013 at 22:50:50
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Kitty - KITTY-PC
# Running from : C:\Users\Kitty\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files\NCH Software
Folder Found C:\Program Files\sweetpacks bundle uninstaller
Folder Found C:\ProgramData\NCH Software
Folder Found C:\Users\Kitty\AppData\Roaming\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\NCH Software
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\NCH Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\8kkmywmg.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1626 octets] - [19/11/2013 22:50:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1686 octets] ##########
 

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 19 November 2013 - 11:42 AM

Hello again,
 
Okay, let's run these next:

Step :step1:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

==========

Step :step2:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========

Step :step3:

Update your Malwarebytes Antimalware (aka MBAM), run a Quick Scan (removing anything it finds), and post the resultant log for me.

==========

In addition to the requested logs, please let me know how the machine is running now! Still getting the popup?

bloopie


Edited by bloopie, 04 January 2014 - 03:40 PM.
updated instructions


#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 23 November 2013 - 03:44 PM

Hello again,

Are you still with me? :)

This is a Topic Bump! It has been several days since my last post...If you still wish to receive help, please follow the instructions in my previous post. If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#6 jxt

jxt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 November 2013 - 05:39 AM

Sorry, my friend recently moved to a new place and has no internet. I told her what you said should be done but I cannot yet post those log files.



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 24 November 2013 - 08:55 AM

Hello again, and thanks for letting me know! Please post the logfiles when possible, and I'll bump the topic again in a few days if I don't hear from you.

 

Has your friend mentioned if the original problem is still occurring?

 

bloopie



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 29 November 2013 - 06:24 PM

Hello again,
 
Any word on the situation??

If you do not respond within another 48 hours I will be forced to close this topic!

bloopie



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 07 December 2013 - 07:59 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 01 January 2014 - 09:30 AM

Hello again, good morning, and Happy New Year! :)

 

It's nice to see you again! :thumbup2:
 
This topic is now reopened. Since some time has passed from when we've run some scans, we may have to do some automatic scans over again, this is to be expected.

But first, I'd like to get an idea of the state of the machine right now and we'll do that by getting a log from Farbar Recovery Scan Tool (aka FRST) with the below instruction:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need the 32-bit version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

==========

 

Once we get the two logs from FRST, we'll go from there! :wink:

bloopie



#11 jxt

jxt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 04 January 2014 - 06:31 AM

Here is FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Kitty (administrator) on KITTY-PC on 04-01-2014 21:14:37
Running from C:\Users\Kitty\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer USA Ltd) C:\Program Files\Razer\Lachesis 5600\LachesisSysTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
() C:\Users\Kitty\AppData\Local\Guard\Guard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
(CyberLink) C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Razer Lachesis Driver] - C:\Program Files\Razer\Lachesis 5600\LachesisSysTray.exe [837008 2011-03-10] (Razer USA Ltd)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1823656 2013-12-12] (Valve Corporation)
HKCU\...\Run: [Guard] - C:\Users\Kitty\AppData\Local\Guard\Guard.exe [1651712 2013-11-09] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {6D338F90-4B74-11E3-8B27-00238BC21A12} URL = 
SearchScopes: HKCU - {6D338F90-4B74-11E3-8B27-00238BC21A12} URL = 
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\8kkmywmg.default
FF DefaultSearchEngine: ividi search
FF SelectedSearchEngine: ividi search
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @raidcall.en/RCplugin - C:\Users\Kitty\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\8kkmywmg.default\searchplugins\search.xml.old
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: 
CHR DefaultSearchProvider: 
CHR DefaultSearchURL: 
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0
CHR Extension: (Google Wallet) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-09-26] (Perfect World Entertainment Inc)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [29168 2010-07-31] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7530736 2013-07-25] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-14] (Avira GmbH)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx86.sys [43344 2013-07-26] ()
S3 catchme; \??\C:\Users\Kitty\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-04 21:14 - 2014-01-04 21:15 - 00013299 _____ C:\Users\Kitty\Desktop\FRST.txt
2014-01-04 21:13 - 2014-01-04 21:13 - 00000000 ____D C:\FRST
2014-01-04 21:10 - 2014-01-04 21:10 - 01064761 _____ (Farbar) C:\Users\Kitty\Desktop\FRST.exe
2014-01-04 09:38 - 2014-01-04 09:38 - 00000213 _____ C:\Users\Kitty\Desktop\Left 4 Dead 2.url
2014-01-03 12:41 - 2014-01-03 12:42 - 00329752 _____ C:\Windows\Minidump\010314-21418-01.dmp
2014-01-01 15:56 - 2014-01-01 15:56 - 00001724 _____ C:\Users\Public\Desktop\Ragnarok Online Classic Server.lnk
2014-01-01 15:56 - 2014-01-01 15:56 - 00001719 _____ C:\Users\Public\Desktop\Ragnarok Online.lnk
2014-01-01 15:40 - 2014-01-01 15:42 - 100299223 _____ C:\Users\Kitty\Downloads\0904_Manual_Patch.zip
2014-01-01 10:21 - 2014-01-01 12:28 - 1930567256 _____ (Gravity Interactive, Inc.) C:\Users\Kitty\Downloads\Ragnarok_Installer-09272013.exe
2013-12-28 13:29 - 2013-12-28 13:29 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 13:28 - 2013-12-28 13:29 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 13:28 - 2013-12-28 13:29 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 13:28 - 2013-12-28 13:28 - 00000000 ____D C:\Program Files\iPod
2013-12-25 23:05 - 2013-12-25 23:05 - 02174481 _____ C:\Users\Kitty\Downloads\IMG_0217 %282%29.jpeg
2013-12-24 12:10 - 2013-12-30 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-13 19:14 - 2013-12-13 19:14 - 00281888 _____ C:\Windows\Minidump\121313-22136-01.dmp
2013-12-12 14:15 - 2013-12-12 14:15 - 00000633 _____ C:\Users\Kitty\Desktop\Kitty - Shortcut.lnk
2013-12-12 13:50 - 2013-12-12 13:50 - 00282952 _____ C:\Windows\Minidump\121213-25334-01.dmp
2013-12-12 12:23 - 2013-11-26 20:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 12:23 - 2013-11-26 19:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 12:23 - 2013-11-26 19:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 12:23 - 2013-11-26 18:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 12:23 - 2013-11-26 18:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 12:23 - 2013-11-26 18:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 12:23 - 2013-11-26 18:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 12:23 - 2013-11-26 18:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 12:23 - 2013-11-26 18:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 12:23 - 2013-11-26 18:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 12:23 - 2013-11-26 18:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 12:23 - 2013-11-26 18:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 12:23 - 2013-11-26 18:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 12:23 - 2013-11-26 18:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 12:23 - 2013-11-26 17:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 12:23 - 2013-11-26 17:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 12:23 - 2013-11-26 16:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 12:23 - 2013-11-26 16:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 12:23 - 2013-11-26 16:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 12:17 - 2013-05-10 14:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 12:17 - 2013-05-10 14:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 12:12 - 2013-11-24 04:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 12:12 - 2013-11-12 12:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 12:12 - 2013-10-30 12:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 12:12 - 2013-10-30 11:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 12:12 - 2013-10-19 11:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 12:12 - 2013-10-12 12:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 12:12 - 2013-10-12 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 12:12 - 2013-10-12 11:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 12:12 - 2013-10-12 11:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 12:12 - 2013-10-04 11:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 12:12 - 2013-10-04 11:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 01:17 - 2013-12-12 01:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-04 21:15 - 2014-01-04 21:14 - 00013299 _____ C:\Users\Kitty\Desktop\FRST.txt
2014-01-04 21:13 - 2014-01-04 21:13 - 00000000 ____D C:\FRST
2014-01-04 21:12 - 2013-07-17 13:39 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Skype
2014-01-04 21:10 - 2014-01-04 21:10 - 01064761 _____ (Farbar) C:\Users\Kitty\Desktop\FRST.exe
2014-01-04 20:50 - 2013-06-14 10:18 - 01569687 _____ C:\Windows\WindowsUpdate.log
2014-01-04 20:49 - 2013-06-02 07:17 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 20:17 - 2013-07-10 15:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 17:57 - 2009-07-14 14:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 17:57 - 2009-07-14 14:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 17:49 - 2013-09-12 14:21 - 00000000 ____D C:\Program Files\Steam
2014-01-04 17:49 - 2013-06-02 07:17 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 17:49 - 2009-07-14 14:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 17:49 - 2009-07-14 14:39 - 00075309 _____ C:\Windows\setupact.log
2014-01-04 17:46 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 09:38 - 2014-01-04 09:38 - 00000213 _____ C:\Users\Kitty\Desktop\Left 4 Dead 2.url
2014-01-03 22:20 - 2010-11-21 07:01 - 00782922 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 12:42 - 2014-01-03 12:41 - 00329752 _____ C:\Windows\Minidump\010314-21418-01.dmp
2014-01-03 12:41 - 2013-07-23 07:54 - 201145866 _____ C:\Windows\MEMORY.DMP
2014-01-03 12:41 - 2013-07-23 07:54 - 00000000 ____D C:\Windows\Minidump
2014-01-01 15:56 - 2014-01-01 15:56 - 00001724 _____ C:\Users\Public\Desktop\Ragnarok Online Classic Server.lnk
2014-01-01 15:56 - 2014-01-01 15:56 - 00001719 _____ C:\Users\Public\Desktop\Ragnarok Online.lnk
2014-01-01 15:51 - 2013-08-17 23:52 - 00000000 ____D C:\gravity
2014-01-01 15:42 - 2014-01-01 15:40 - 100299223 _____ C:\Users\Kitty\Downloads\0904_Manual_Patch.zip
2014-01-01 12:28 - 2014-01-01 10:21 - 1930567256 _____ (Gravity Interactive, Inc.) C:\Users\Kitty\Downloads\Ragnarok_Installer-09272013.exe
2013-12-30 16:24 - 2013-12-24 12:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-28 13:29 - 2013-12-28 13:29 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 13:29 - 2013-12-28 13:28 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 13:29 - 2013-12-28 13:28 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 13:28 - 2013-12-28 13:28 - 00000000 ____D C:\Program Files\iPod
2013-12-28 13:28 - 2013-09-11 03:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-27 01:47 - 2013-06-14 12:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-25 23:05 - 2013-12-25 23:05 - 02174481 _____ C:\Users\Kitty\Downloads\IMG_0217 %282%29.jpeg
2013-12-17 22:11 - 2013-06-14 10:09 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-17 22:11 - 2013-06-14 10:07 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 22:11 - 2013-06-14 10:07 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 16:51 - 2009-07-14 14:53 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-13 19:14 - 2013-12-13 19:14 - 00281888 _____ C:\Windows\Minidump\121313-22136-01.dmp
2013-12-13 14:22 - 2013-07-17 13:38 - 00000000 ___RD C:\Program Files\Skype
2013-12-13 14:22 - 2013-07-17 13:38 - 00000000 ____D C:\ProgramData\Skype
2013-12-12 17:12 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 14:22 - 2013-09-16 01:08 - 25366904 _____ C:\Users\Kitty\ari.psd
2013-12-12 14:22 - 2013-06-01 18:09 - 00000000 ____D C:\Users\Kitty
2013-12-12 14:15 - 2013-12-12 14:15 - 00000633 _____ C:\Users\Kitty\Desktop\Kitty - Shortcut.lnk
2013-12-12 13:50 - 2013-12-12 13:50 - 00282952 _____ C:\Windows\Minidump\121213-25334-01.dmp
2013-12-12 12:35 - 2009-07-14 14:33 - 03805672 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 12:21 - 2013-06-14 08:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 12:03 - 2013-07-29 07:31 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 12:00 - 2013-06-02 06:06 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 01:17 - 2013-12-12 01:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 01:17 - 2013-07-10 15:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 21:03 - 2013-06-02 07:18 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Kitty\AppData\Local\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 12:09
 
==================== End Of Log ============================
 
Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Kitty at 2014-01-04 21:15:44
Running from C:\Users\Kitty\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (Version:  - )
7Zip Bundle by Fileparade.com (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Arc (Version: 1.0.0.5510 - Perfect World Entertainment)
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVerMedia TV Tuner Card 1.0.0.4 (Version: 1.0.0.4 - AVerMedia TECHNOLOGIES, Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
BitComet 1.36 (Version: 1.36 - CometNetwork)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.18.12 - Broadcom Corporation)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (Version: 2009.0702.1239.20840 - ATI) Hidden
ccc-utility (Version: 2009.0702.1239.20840 - ATI) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
ENE CIR Receiver Driver (Version: 2.7.4.0 - ENE)
ForsakenRO All-In-One (Version:  - )
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Guard (Version: 0.0.1.1 - )
HP MediaSmart Webcam (Version: 4.1.3130 - Hewlett-Packard)
HP MediaSmart Webcam (Version: 4.1.3130 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (Version: 6.50.12.1 - Hewlett-Packard)
IDT Audio (Version: 1.0.6225.0 - IDT)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (Version: 1.0.32.1 - JMicron Technology Corp.)
League of Legends (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (Version:  - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 2.1.121.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MixPad (Version:  - NCH Software)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Ragnarok Online (Version: 14.2.1 - Gravity Interactive, Inc.)
Ragnarok Online 2 (Version: 1.2.0 - Gravity Interactive, Inc.)
RaidCall (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Razer Lachesis 5600 (Version: 3.00.08 - Razer USA Ltd.)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (Version: 6.12.13601 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Starcraft (Version:  - )
Steam (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (Version: 3.0.12 - TeamSpeak Systems GmbH)
Trine 2 (Version:  - Frozenbyte)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Validity Sensors software (Version: 2.8.120 - Validity Sensors, Inc.)
Voxal Voice Changer (Version:  - NCH Software)
WavePad Sound Editor (Version: 5.48 - NCH Software)
 
==================== Restore Points  =========================
 
20-11-2013 09:29:58 Scheduled Checkpoint
27-11-2013 18:04:46 Scheduled Checkpoint
30-11-2013 16:00:16 Windows Update
01-12-2013 16:00:14 Windows Update
08-12-2013 16:01:13 Scheduled Checkpoint
12-12-2013 01:57:32 Windows Update
12-12-2013 02:14:40 Windows Update
19-12-2013 15:49:08 Scheduled Checkpoint
26-12-2013 16:25:26 Scheduled Checkpoint
01-01-2014 05:50:21 Installed Ragnarok Online
 
==================== Hosts content: ==========================
 
2009-07-14 12:04 - 2013-11-19 21:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {35709F52-406D-4CDF-A2EC-4F2E011121D8} - System32\Tasks\MirageAgent => C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-07-31] (CyberLink)
Task: {5708B0C8-0288-4D89-B617-5B30C22D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: {9A208853-1321-4D95-B297-85B6C810E1DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {AE79602B-8EC0-4232-83E3-62D080DAC1BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F8F90CC3-735E-4757-BE18-BE8E78CCA2C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 08:45 - 2010-10-21 08:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-07-08 04:56 - 2009-07-08 04:56 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-06-01 19:18 - 2013-06-01 19:18 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-21 14:18 - 2013-11-07 07:48 - 00691200 _____ () C:\Program Files\Steam\SDL2.dll
2013-09-06 12:55 - 2013-12-12 05:40 - 01135016 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2013-11-07 07:48 - 20625832 _____ () C:\Program Files\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/04/2014 05:50:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2014 04:50:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2014 08:44:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 10:15:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 00:54:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 00:43:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 11:14:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2014 11:27:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 3.15.0.255, time stamp: 0x52abb394
Faulting module name: League of Legends.exe, version: 3.15.0.255, time stamp: 0x52abb394
Exception code: 0xc0000005
Fault offset: 0x0042c6b0
Faulting process id: 0x11d0
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
 
Error: (01/02/2014 10:35:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 3.15.0.255, time stamp: 0x52abb394
Faulting module name: League of Legends.exe, version: 3.15.0.255, time stamp: 0x52abb394
Exception code: 0xc0000005
Fault offset: 0x0042c6b0
Faulting process id: 0x16f4
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
 
Error: (01/02/2014 09:27:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 3.15.0.255, time stamp: 0x52abb394
Faulting module name: cgD3D9.dll, version: 3.0.0.16, time stamp: 0x4d55a06f
Exception code: 0xc0000005
Fault offset: 0x000b6539
Faulting process id: 0x1088
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
 
 
System errors:
=============
Error: (01/03/2014 00:52:46 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:46:46 PM on ‎1/‎3/‎2014 was unexpected.
 
Error: (01/03/2014 00:42:10 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x00000004, 0x00000258, 0x850c0a70, 0x82d42b24)C:\Windows\MEMORY.DMP010314-21418-01
 
Error: (01/01/2014 03:46:34 PM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service hung on starting.
 
Error: (01/01/2014 03:43:18 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (01/01/2014 09:38:16 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:26:05 AM on ‎1/‎1/‎2014 was unexpected.
 
Error: (12/30/2013 02:36:46 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:34:58 PM on ‎12/‎30/‎2013 was unexpected.
 
Error: (12/28/2013 10:26:29 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (12/27/2013 01:49:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (12/27/2013 01:49:28 AM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/27/2013 01:49:25 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (01/04/2014 05:50:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2014 04:50:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2014 08:44:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 10:15:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 00:54:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 00:43:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/03/2014 11:14:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2014 11:27:05 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.25552abb394League of Legends.exe3.15.0.25552abb394c00000050042c6b011d001cf07b8aa58a3d7C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe91e13428-73b1-11e3-b88b-00238bc21a12
 
Error: (01/02/2014 10:35:40 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.25552abb394League of Legends.exe3.15.0.25552abb394c00000050042c6b016f401cf07af65ea77cbC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe634b0991-73aa-11e3-b88b-00238bc21a12
 
Error: (01/02/2014 09:27:42 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.25552abb394cgD3D9.dll3.0.0.164d55a06fc0000005000b6539108801cf07ad74145dbeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\cgD3D9.dlle49afcc5-73a0-11e3-b88b-00238bc21a12
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2045.19 MB
Available physical RAM: 1014.28 MB
Total Pagefile: 4090.38 MB
Available Pagefile: 2579.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.09 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:286.86 GB) (Free:155.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.23 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C528C690)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 04 January 2014 - 03:41 PM

Hello again and thanks for the logs! :)

Okay, we must still proceed with the instructions I gave in Post #4 above. Please now run those three scans with the instructions provided, post me the resultant logs and let me know how the machine is running afterwards!

 

Still having the same issue?

 

bloopie



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 07 January 2014 - 09:05 PM

Hello again,

This is a 3-Day Bump! If you still wish to receive help, please follow the instructions in my previous post. If you do not respond in another 48 hours, I will be forced to close this topic again!

==========

>>This has been the recurring theme since this thread began. I would like to help you clean this machine, but I need you to try and stay active just for a couple of days, so that we could get this machine fixed and you can be on your way...can you do that for me? :)

A lot can happen with a computer in three days, and the more time that passes between my fixes and your posts, will ultimately keep us here indefinitely if this continues as it's going. I don't mean to rush you at all, but I just want you to be aware of the situation. I am happy to help you, but please help me, help you.

Please try to stay active while we are working together and we'll get this machine cleaned in just a couple of days more. If you need time to contact the owner of the machine after each fix post, it may be best to have the owner register here at BC and I can work with them directly?

==========

Let me know what's going on and I will certainly work with you in whatever path that best suits your situation! Can you do that for me? It will work best for both of us that way. :)

bloopie



#14 jxt

jxt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 January 2014 - 12:27 AM

I apologize for the slow response. I have two of the logs but waiting for the malwarebytes log.

 

Here is adw log:

# AdwCleaner v3.016 - Report created 07/01/2014 at 18:00:03
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Kitty - KITTY-PC
# Running from : C:\Users\Kitty\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\Kitty\AppData\Roaming\NCH Software
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\8kkmywmg.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1766 octets] - [19/11/2013 21:50:50]
AdwCleaner[R1].txt - [1877 octets] - [07/01/2014 17:56:55]
AdwCleaner[S0].txt - [1834 octets] - [07/01/2014 18:00:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1894 octets] ##########
 
JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Ultimate x86
Ran by Kitty on Tue 01/07/2014 at 18:05:12.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Kitty\AppData\Roaming\mozilla\firefox\profiles\8kkmywmg.default\minidumps [28 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/07/2014 at 18:08:03.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:20 PM

Posted 08 January 2014 - 06:50 PM

Hello again,

 

Thanks for those two logs! Next please update and run MBAM in quick scan mode and post the resultant log as instructed earlier.

 

Also, let me know how the machine is doing now and weather the original problem is still occurring!

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users