Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Internet Explorer processes found on Taskmanager


  • This topic is locked This topic is locked
9 replies to this topic

#1 johndeocera

johndeocera

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 April 2014 - 12:10 PM

Hi there! I kinda new here so I want to say sorry if I'll be committing some mistakes on my post. 

 

http://www.bleepingcomputer.com/forums/t/506468/internet-explorer-opening-multiple-processes-in-task-mgr-when-not-using-ie/

http://www.bleepingcomputer.com/forums/t/505348/internet-explorer-opening-multiple-processes-in-task-mgr-crashing-internet/

http://www.bleepingcomputer.com/forums/t/484738/multiple-internet-explorer-processes-running-in-background/

 

I may have the same problems as these people but I'm way over my head on understanding the troubleshooting. Every time I turn on the computer and starts the taskmanager, I constantly see 4 "iexplorer.exe" on the process tab even though IE is not running. I tried ending the process but it keeps coming back no matter what I do. I have run ESET NOD32 AV to check if there are any viruses causing this problem but I have no luck. And these processes tend to slow down the computer all the time.
I do appreciate it if someone can help me out on this. And again, I apologize if I miss or broke rules while posting this topic. I thank you in advance and more power to bleeping computer. :clapping: 
 


Edited by hamluis, 28 April 2014 - 01:27 PM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:02 PM

Posted 28 April 2014 - 12:14 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 johndeocera

johndeocera
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 April 2014 - 12:22 PM

That was a quick response! :) 
Here's the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by USER (administrator) on USER-PC on 29-04-2014 01:18:52
Running from C:\Users\USER\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Sun Broadband\UIExec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) E:\daemon\DAEMON Tools Ultra\DiscSoftBusService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\USER\Downloads\RogueKiller.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4035152 2011-09-23] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7751712 2009-05-07] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-07] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Sun Broadband\UIExec.exe [153424 2011-09-15] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Starter] => C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Google Update] => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Facebook Update] => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-13] (Facebook Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Video Library] => C:\Windows\system32\rundll32.exe C:\Users\USER\AppData\Local\Temp\Rpcqt.dll,Sets <===== ATTENTION
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-04-15] (BitTorrent Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Tango] => C:\Program Files (x86)\Tango\Tango.exe [13489992 2011-11-05] (Tango Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Akamai NetSession Interface] => C:\Users\USER\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415104 2014-04-09] (Google)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [DAEMON Tools Ultra Agent] => E:\daemon\DAEMON Tools Ultra\DTAgent.exe [3123744 2013-05-23] (Disc Soft Ltd)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [765200 2012-12-16] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 2
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Policies\system: [ConsentPromptBehaviorUser] 1
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: {40f95893-e294-11e2-9985-00012e37dbf1} - D:\Setup.exe
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: {9fe146ae-7f1d-11e2-a76a-00012e37dbf1} - D:\AutoRun.exe
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: {9fe146bd-7f1d-11e2-a76a-00012e37dbf1} - D:\AutoRun.exe
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\MountPoints2: {dc03010f-703b-11e3-803f-00012e37dbf1} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Common_Handset_USB_Driver.exe
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7AC6EB99FB62CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
URLSearchHook: HKCU - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {599E070B-E5A8-48F0-8450-AA41DA819819} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {599E070B-E5A8-48F0-8450-AA41DA819819} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {8A51ECCA-43D7-4573-8190-273109550C38} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {AB79D3B4-AEDB-428a-B504-BAC00521A1C7} URL = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - E:\Garena\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\USER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USER\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USER\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\USER\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\searchplugins\GoogleFeed.xml
FF Extension: Search Results Optimizator - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\SearchHelper [2012-09-18]
FF Extension: Yahoo! Toolbar - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-10-04]
FF Extension: uTorrentControl_v2  - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2014-03-26]
FF Extension: Apps Hat - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-11-14]
FF Extension: GoPhotoIt - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\gophoto@gophoto.it.xpi [2012-07-31]
FF Extension: Torntv - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\torntv@torntv.com.xpi [2012-11-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-02]
FF HKCU\...\Firefox\Extensions: [search@helper] - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\extensions\SearchHelper
FF Extension: Search Results Optimizator - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\extensions\SearchHelper [2012-09-18]
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (uTorrentControl_v2) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2014-04-04]
CHR Extension: (Torntv) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf [2014-04-04]
CHR Extension: (Skype Click to Call) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-20]
CHR Extension: (Savings-Slider) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-04]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (GoPhoto.it) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2014-04-04]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-28]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\USER\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-05]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\USER\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx [2012-11-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
CHR StartMenuInternet: Google Chrome - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R3 Disc Soft Bus Service; E:\daemon\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-23] (ESET)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4681584 2014-01-14] (INCA Internet Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S2 UI Assistant Service; C:\Program Files (x86)\Sun Broadband\AssistantServices.exe [270672 2011-09-15] ()
S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-02] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-05] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-05] (ESET)
S3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2012-04-05] (GEAR Software Inc.)
S3 npkcrypt; C:\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys [21442 2012-03-09] (INCA Internet Co., Ltd.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-26] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-21] (Research in Motion Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408704 2010-11-30] (Etron)
S3 dump_wmimmc; \??\C:\Program Files (x86)\Level Up Games\Ragnarok Online\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\E:\Garena\Garena Plus\Room\safedrv.sys [X]
S3 npkycryp; \??\C:\Program Files (x86)\Level Up Games\Ragnarok Online\npkycryp.sys [X]
S3 slb; \??\C:\AeriaGames\Downloader\avital\scarlb64.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-29 01:18 - 2014-04-29 01:19 - 00024912 _____ () C:\Users\USER\Downloads\FRST.txt
2014-04-29 01:18 - 2014-04-29 01:18 - 02061824 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-04-29 01:18 - 2014-04-29 01:18 - 00000000 ____D () C:\FRST
2014-04-29 00:50 - 2014-04-29 00:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\USER\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 00:49 - 2014-04-29 00:49 - 00006341 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04292014_004918.txt
2014-04-29 00:47 - 2014-04-29 00:47 - 00006117 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04292014_004734.txt
2014-04-29 00:43 - 2014-04-29 01:19 - 00000000 ____D () C:\Users\USER\Desktop\RK_Quarantine
2014-04-29 00:42 - 2014-04-29 00:43 - 03972608 _____ () C:\Users\USER\Downloads\RogueKiller.exe
2014-04-29 00:42 - 2014-04-16 08:16 - 00000426 _____ () C:\AVScanner.ini
2014-04-28 12:15 - 2014-04-28 12:16 - 06438912 _____ () C:\Users\USER\Downloads\processblocker64.msi
2014-04-27 22:25 - 2014-04-27 22:25 - 00000222 _____ () C:\Users\USER\Desktop\City of Steam Arkadia.url
2014-04-27 13:03 - 2014-04-27 13:03 - 00262144 ____N () C:\Windows\Minidump\042714-30328-01.dmp
2014-04-26 11:02 - 2014-04-26 11:02 - 00015278 _____ () C:\Users\USER\Downloads\[kickass.to]colombiana.2011.720p.brrip.x264.700mb.yify.torrent
2014-04-22 00:44 - 2014-04-22 00:44 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Oracle
2014-04-22 00:43 - 2014-04-22 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 00:43 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-22 00:43 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-22 00:43 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-22 00:43 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-22 00:42 - 2014-04-22 00:43 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 08:41 - 2014-04-20 08:41 - 00029075 _____ () C:\Users\USER\Downloads\[kickass.to]apocalypse.pompeii.2014.webrip.xvid.aqos.torrent
2014-04-20 08:33 - 2014-04-20 08:33 - 00010513 _____ () C:\Users\USER\Downloads\[kickass.to]the.lone.ranger.2013.720p.brrip.x264.yify.torrent
2014-04-19 03:46 - 2014-04-19 03:50 - 00000000 ____D () C:\Users\USER\Desktop\New folder
2014-04-19 02:47 - 2014-04-19 04:01 - 00003193 _____ () C:\Users\USER\Desktop\Selling items Valk.txt
2014-04-19 01:16 - 2014-04-19 01:16 - 01316844 _____ () C:\Users\USER\Downloads\valexedual.rar
2014-04-17 13:40 - 2014-04-17 13:40 - 00014782 _____ () C:\Users\USER\Downloads\[kickass.to]punch.drunk.love.2002.720p.hdtv.x264.anoxmous.torrent
2014-04-17 13:31 - 2014-04-17 13:31 - 00236912 _____ () C:\Users\USER\Downloads\Girl-Boy-Bakla-Tomboy-2013-DVDRip-XviD-AQOS_downloader-3b7hvulU.exe
2014-04-17 07:09 - 2014-04-17 07:09 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 07:09 - 2014-04-17 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-17 07:08 - 2014-04-17 07:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 07:08 - 2014-04-17 07:09 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 07:08 - 2014-04-17 07:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-17 07:08 - 2014-04-17 07:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-15 11:07 - 2014-04-15 11:07 - 00022609 _____ () C:\Users\USER\Downloads\[kickass.to]red.alert.3.pc.eng.iso.full.game.torrent
2014-04-15 11:01 - 2014-04-15 11:01 - 00000591 _____ () C:\Users\USER\Desktop\Counter-Strike 1.6.lnk
2014-04-15 11:01 - 2014-04-15 11:01 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-04-15 11:01 - 2014-04-15 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-04-15 09:19 - 2014-04-15 09:19 - 00019885 _____ () C:\Users\USER\Downloads\[kickass.to]counter.strike.1.6.torrent
2014-04-09 14:14 - 2014-04-09 14:14 - 00106649 _____ () C:\Users\USER\Downloads\[kickass.to]microsoft.office.2010.x86.x64.no.key.needed.torrent
2014-04-09 12:07 - 2014-04-09 12:07 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-09 12:02 - 2014-04-09 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-04-09 11:34 - 2014-04-09 11:34 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Philips
2014-04-09 11:25 - 2014-04-09 11:26 - 00000000 ____D () C:\Users\USER\AppData\Local\Philips-Songbird
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Philips-Songbird
2014-04-09 11:22 - 2014-04-09 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-04-09 11:21 - 2014-04-09 11:22 - 00005326 _____ () C:\Windows\DPINST.LOG
2014-04-09 11:20 - 2014-04-09 11:20 - 00001229 _____ () C:\Users\Public\Desktop\Philips Songbird.lnk
2014-04-09 11:20 - 2014-04-09 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
2014-04-09 11:20 - 2014-04-09 11:20 - 00000000 ____D () C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-04-09 11:20 - 2012-04-05 06:29 - 00015664 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys
2014-04-09 11:19 - 2014-04-09 11:20 - 00000000 ____D () C:\Program Files (x86)\Philips
2014-04-09 11:04 - 2014-04-09 11:18 - 104907746 _____ (Koninklijke Philips Electronics N.V.) C:\Users\USER\Downloads\sa2ara08k_37_psb_aen.exe
 
==================== One Month Modified Files and Folders =======
 
2014-04-29 01:19 - 2014-04-29 01:18 - 00024912 _____ () C:\Users\USER\Downloads\FRST.txt
2014-04-29 01:19 - 2014-04-29 00:43 - 00000000 ____D () C:\Users\USER\Desktop\RK_Quarantine
2014-04-29 01:18 - 2014-04-29 01:18 - 02061824 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-04-29 01:18 - 2014-04-29 01:18 - 00000000 ____D () C:\FRST
2014-04-29 01:05 - 2012-07-03 06:47 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA.job
2014-04-29 00:51 - 2014-04-29 00:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\USER\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 00:51 - 2012-07-03 10:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 00:49 - 2014-04-29 00:49 - 00006341 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04292014_004918.txt
2014-04-29 00:47 - 2014-04-29 00:47 - 00006117 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04292014_004734.txt
2014-04-29 00:44 - 2013-04-09 20:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 00:43 - 2014-04-29 00:42 - 03972608 _____ () C:\Users\USER\Downloads\RogueKiller.exe
2014-04-29 00:42 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 00:41 - 2013-08-05 16:10 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-29 00:19 - 2012-07-02 03:37 - 02168755 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 23:59 - 2012-09-18 23:18 - 00000000 ____D () C:\Users\USER\AppData\Roaming\uTorrent
2014-04-28 23:58 - 2013-04-09 21:01 - 00000000 ___RD () C:\Users\USER\Google Drive
2014-04-28 23:56 - 2013-04-09 20:56 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 23:56 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 23:55 - 2009-07-14 12:51 - 01141891 _____ () C:\Windows\setupact.log
2014-04-28 23:22 - 2013-03-18 15:02 - 00000000 ____D () C:\Users\USER\AppData\Local\Akamai
2014-04-28 21:07 - 2012-07-15 04:54 - 00000000 ____D () C:\Users\USER\AppData\Roaming\vlc
2014-04-28 19:42 - 2012-07-29 13:09 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA.job
2014-04-28 19:42 - 2012-07-29 13:09 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core.job
2014-04-28 18:07 - 2010-11-21 11:47 - 00125990 _____ () C:\Windows\PFRO.log
2014-04-28 14:04 - 2013-02-19 03:57 - 00000000 ____D () C:\Users\USER\Documents\DragonNest
2014-04-28 12:16 - 2014-04-28 12:15 - 06438912 _____ () C:\Users\USER\Downloads\processblocker64.msi
2014-04-27 22:25 - 2014-04-27 22:25 - 00000222 _____ () C:\Users\USER\Desktop\City of Steam Arkadia.url
2014-04-27 13:03 - 2014-04-27 13:03 - 00262144 ____N () C:\Windows\Minidump\042714-30328-01.dmp
2014-04-27 13:03 - 2013-08-27 06:20 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 18:05 - 2012-07-03 06:47 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core.job
2014-04-26 11:02 - 2014-04-26 11:02 - 00015278 _____ () C:\Users\USER\Downloads\[kickass.to]colombiana.2011.720p.brrip.x264.700mb.yify.torrent
2014-04-24 08:52 - 2013-09-23 10:48 - 00002670 _____ () C:\Windows\Sandboxie.ini
2014-04-22 19:12 - 2012-07-02 14:40 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Mozilla
2014-04-22 00:44 - 2014-04-22 00:44 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Oracle
2014-04-22 00:43 - 2014-04-22 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 00:43 - 2014-04-22 00:42 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 00:43 - 2013-10-17 22:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-22 00:43 - 2013-06-23 12:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-20 08:41 - 2014-04-20 08:41 - 00029075 _____ () C:\Users\USER\Downloads\[kickass.to]apocalypse.pompeii.2014.webrip.xvid.aqos.torrent
2014-04-20 08:33 - 2014-04-20 08:33 - 00010513 _____ () C:\Users\USER\Downloads\[kickass.to]the.lone.ranger.2013.720p.brrip.x264.yify.torrent
2014-04-19 04:01 - 2014-04-19 02:47 - 00003193 _____ () C:\Users\USER\Desktop\Selling items Valk.txt
2014-04-19 03:50 - 2014-04-19 03:46 - 00000000 ____D () C:\Users\USER\Desktop\New folder
2014-04-19 03:08 - 2012-12-26 03:54 - 00022729 _____ () C:\Windows\SysWOW64\patchVALK.txt
2014-04-19 01:16 - 2014-04-19 01:16 - 01316844 _____ () C:\Users\USER\Downloads\valexedual.rar
2014-04-18 18:20 - 2013-04-09 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-17 13:40 - 2014-04-17 13:40 - 00014782 _____ () C:\Users\USER\Downloads\[kickass.to]punch.drunk.love.2002.720p.hdtv.x264.anoxmous.torrent
2014-04-17 13:31 - 2014-04-17 13:31 - 00236912 _____ () C:\Users\USER\Downloads\Girl-Boy-Bakla-Tomboy-2013-DVDRip-XviD-AQOS_downloader-3b7hvulU.exe
2014-04-17 07:09 - 2014-04-17 07:09 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 07:09 - 2014-04-17 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-17 07:09 - 2014-04-17 07:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 07:09 - 2014-04-17 07:08 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 07:09 - 2014-04-17 07:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-17 07:08 - 2014-04-17 07:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-17 07:04 - 2012-08-22 14:29 - 00000000 ____D () C:\ProgramData\Apple
2014-04-16 08:16 - 2014-04-29 00:42 - 00000426 _____ () C:\AVScanner.ini
2014-04-15 23:49 - 2012-07-03 10:10 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2014-04-15 23:17 - 2009-07-14 13:13 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 11:07 - 2014-04-15 11:07 - 00022609 _____ () C:\Users\USER\Downloads\[kickass.to]red.alert.3.pc.eng.iso.full.game.torrent
2014-04-15 11:01 - 2014-04-15 11:01 - 00000591 _____ () C:\Users\USER\Desktop\Counter-Strike 1.6.lnk
2014-04-15 11:01 - 2014-04-15 11:01 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-04-15 11:01 - 2014-04-15 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-04-15 09:19 - 2014-04-15 09:19 - 00019885 _____ () C:\Users\USER\Downloads\[kickass.to]counter.strike.1.6.torrent
2014-04-14 20:13 - 2014-04-22 00:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-22 00:43 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-22 00:43 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-22 00:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 22:18 - 2013-11-14 06:15 - 00000000 ____D () C:\Program Files (x86)\Minibar
2014-04-11 08:14 - 2013-06-30 21:13 - 00000000 ____D () C:\Users\USER\AppData\Local\Adobe
2014-04-11 08:14 - 2012-07-03 10:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 08:14 - 2012-07-03 10:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 08:14 - 2012-07-02 10:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-09 22:51 - 2012-08-22 14:33 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Apple Computer
2014-04-09 14:14 - 2014-04-09 14:14 - 00106649 _____ () C:\Users\USER\Downloads\[kickass.to]microsoft.office.2010.x86.x64.no.key.needed.torrent
2014-04-09 12:07 - 2014-04-09 12:07 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-09 12:02 - 2014-04-09 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-04-09 12:01 - 2012-08-22 14:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-09 11:34 - 2014-04-09 11:34 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Philips
2014-04-09 11:26 - 2014-04-09 11:25 - 00000000 ____D () C:\Users\USER\AppData\Local\Philips-Songbird
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Philips-Songbird
2014-04-09 11:22 - 2014-04-09 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-04-09 11:22 - 2014-04-09 11:21 - 00005326 _____ () C:\Windows\DPINST.LOG
2014-04-09 11:20 - 2014-04-09 11:20 - 00001229 _____ () C:\Users\Public\Desktop\Philips Songbird.lnk
2014-04-09 11:20 - 2014-04-09 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
2014-04-09 11:20 - 2014-04-09 11:20 - 00000000 ____D () C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-04-09 11:20 - 2014-04-09 11:19 - 00000000 ____D () C:\Program Files (x86)\Philips
2014-04-09 11:18 - 2014-04-09 11:04 - 104907746 _____ (Koninklijke Philips Electronics N.V.) C:\Users\USER\Downloads\sa2ara08k_37_psb_aen.exe
2014-04-04 20:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-30 18:00 - 2012-07-03 06:47 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA
2014-03-30 18:00 - 2012-07-03 06:47 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\AcDeltree.exe
C:\Users\USER\AppData\Local\Temp\appshat-distribution.exe
C:\Users\USER\AppData\Local\Temp\AskSLib.dll
C:\Users\USER\AppData\Local\Temp\AutoUI.exe
C:\Users\USER\AppData\Local\Temp\CH.dll
C:\Users\USER\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\USER\AppData\Local\Temp\contentDATs.exe
C:\Users\USER\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\USER\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\USER\AppData\Local\Temp\drm_dialogs.dll
C:\Users\USER\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\USER\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\USER\AppData\Local\Temp\Foxit Updater.exe
C:\Users\USER\AppData\Local\Temp\htmlayout.dll
C:\Users\USER\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\USER\AppData\Local\Temp\lowproc.exe
C:\Users\USER\AppData\Local\Temp\ntdll_dump.dll
C:\Users\USER\AppData\Local\Temp\ose00000.exe
C:\Users\USER\AppData\Local\Temp\patchw32.dll
C:\Users\USER\AppData\Local\Temp\patch_2061800.exe
C:\Users\USER\AppData\Local\Temp\ResetDevice.exe
C:\Users\USER\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\USER\AppData\Local\Temp\SkypeSetup.exe
C:\Users\USER\AppData\Local\Temp\stubhelper.dll
C:\Users\USER\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\USER\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\USER\AppData\Local\Temp\tbedrs.dll
C:\Users\USER\AppData\Local\Temp\TB_6B88.exe
C:\Users\USER\AppData\Local\Temp\tmp2612.exe
C:\Users\USER\AppData\Local\Temp\tmp384D.exe
C:\Users\USER\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\USER\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\USER\AppData\Local\Temp\winsvc.exe
C:\Users\USER\AppData\Local\Temp\WinWord_Kill.exe
C:\Users\USER\AppData\Local\Temp\{DD61DEA3-F657-4413-B521-35FFB2C7604A}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 07:58
 
==================== End Of Log ============================

And here's Addition.txt:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by USER at 2014-04-29 01:19:34
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.12.2732) (Version: 1.12.2732 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.12.2732 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.12.2732 - Aeria Games & Entertainment) Hidden
Air Assault 2 (HKLM-x32\...\Air Assault 2_is1) (Version: 1.0 - Media Contact LLC)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppsHat Mobile Apps (HKCU\...\AppsHat Mobile Apps) (Version: 1.0.0.0 - Somoto Ltd.) <==== ATTENTION
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.43 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.43 - Research In Motion Ltd.) Hidden
Bomber Mario (HKLM-x32\...\Bomber Mario_is1) (Version: 1.0 - Media Contact LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Cabal Episode 8 (HKLM-x32\...\Cabal Episode 8) (Version: Episode 8 - EliteKingdoms)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chikka Messenger (HKCU\...\Chikka Messenger) (Version:  - )
City of Steam: Arkadia (HKLM-x32\...\Steam App 266070) (Version:  - Mechanist Games)
Condition Zero 3 (HKLM-x32\...\Condition_Zero_3) (Version:  - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6) (Version:  - )
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.1.0.0101 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DownTango (HKLM-x32\...\DownTango) (Version: 1.0.716 - Red Sky Sp. z o.o.) <==== ATTENTION
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.97.0000 - Shanda Games International)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
ESET NOD32 Antivirus (HKLM\...\{8646190D-4E70-471A-8956-C8BEB67B22CF}) (Version: 5.0.95.0 - ESET, spol. s r.o.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fast Search (HKLM-x32\...\Surf Canyon) (Version: 5.0.1 - Surf Canyon)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free YouTube Download version 3.1.34.825 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.34.825 - DVDVideoSoft Ltd.)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Globe Broadband (HKLM-x32\...\Globe Broadband) (Version: 11.300.05.06.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{84B981C8-D6E4-473F-8062-63F14F44183E}) (Version: 1.15.6464.228 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LINE (HKLM-x32\...\LINE) (Version: 3.4.0.21 - LINE Corporation)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Mario Forever v 2.16 ! (HKLM-x32\...\Mario Forever v 2.16 !) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
Mozilla Firefox 15.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0 (x86 en-US)) (Version: 15.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0 - Mozilla)
MyRO V8 (HKLM-x32\...\MyRO V8) (Version:  - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickWordtoPDF (HKLM-x32\...\QuickWordtoPDF) (Version:  - QuickWordtoPDF)
Ragnarok Online (HKLM-x32\...\{8B88AF6D-27A7-4B4C-BD1B-81158CC546EF}) (Version: 1.0.0 - Level Up Games)
Ragnarok Online2 (HKLM-x32\...\{3C6A9286-2A4B-43DF-A322-01ABFFDCD248}) (Version: 2.00.0000 - Gravity)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5845 - Realtek Semiconductor Corp.)
Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sun Broadband (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Tango (HKCU\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.14.0.28 - uTorrentControl_v2) <==== ATTENTION
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.20.0.0b (HKLM-x32\...\Warkeys) (Version: 1.20.0.0b - )
Web Camera (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.5 - ETRON)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YTD Toolbar v6.9 (HKLM-x32\...\{C7B1C030-8B9F-48A2-91E3-6999FC624AE5}) (Version: 6.9 - Spigot, Inc.)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)
 
==================== Restore Points  =========================
 
27-04-2014 11:52:11 Windows Backup
28-04-2014 04:16:51 Installed Process Blocker 1.0.4.0
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02F364BC-A2E7-4249-9A96-330CC4088FF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {1A0BDE4E-30B0-4824-AF82-D3066BEE7A3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09] (Google Inc.)
Task: {39953A01-05DE-4CD8-AFA1-F477C3232CA1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {60ED293E-0AA9-4329-B55C-F16AF5A753AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {7566FA19-295C-49DD-8098-4A3E19461ED7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1946396020-3047694934-3240006012-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {91235C78-2353-4CC2-9F77-5F5F7F0E67BF} - System32\Tasks\{2657B9B7-E11F-4B34-B7C6-5AB23BF00374} => C:\Program Files (x86)\Tango\Tango.exe [2011-11-05] (Tango Inc.)
Task: {9B3B1ED2-CFC9-4C31-89F9-C2B90E8862E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13] (Facebook Inc.)
Task: {DA97462E-5436-4DBE-8048-F3F14E7FFA01} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1946396020-3047694934-3240006012-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DE34B813-5EC8-4078-9510-96C4AE487EDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {E0883300-4BD4-437C-AC1D-0BE0C4AF88E0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13] (Facebook Inc.)
Task: {F8C99F66-E6F1-4E05-AC8F-2FA65D8EDA59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09] (Google Inc.)
Task: {F970172E-889D-455F-B550-29CCD86AA3D8} - System32\Tasks\gg_uac_daemon_USER => Rundll32.exe "E:\Garena\Garena Plus\ggspawn.dll",rundll_entry -p 0
Task: {FA354088-39E9-406C-9B72-05C7233A37D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1946396020-3047694934-3240006012-1000UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-01 18:57 - 2014-02-01 18:57 - 02487808 _____ () C:\Program Files\Sandboxie\Security\Manager\SecurityManager.dll
2014-04-28 23:57 - 2014-04-28 23:57 - 02173440 ____N () C:\Program Files\Sandboxie\Security\Manager\BingDesktopCore.dll
2012-07-02 14:34 - 2011-09-15 03:47 - 00153424 _____ () C:\Program Files (x86)\Sun Broadband\UIExec.exe
2014-04-29 00:42 - 2014-04-29 00:43 - 03972608 _____ () C:\Users\USER\Downloads\RogueKiller.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 16:40 - 2013-02-28 17:17 - 00188208 _____ () E:\Garena\Garena Plus\ggspawn.dll
2014-01-08 17:52 - 2014-04-22 06:55 - 00340480 _____ () E:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 07:19 - 2014-04-22 06:55 - 00471552 _____ () E:\Program Files (x86)\Steam\libavutil-53.dll
2013-07-01 08:20 - 2014-04-01 06:09 - 00754688 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 14:46 - 2014-04-24 06:01 - 01092288 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 14:32 - 2014-03-04 03:15 - 20626624 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 07:49 - 01100800 _____ () E:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 07:49 - 00124416 _____ () E:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 07:49 - 00192000 _____ () E:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-05 19:45 - 2014-03-05 19:45 - 00799744 _____ () C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 00065352 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 00674632 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 00093000 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 04081480 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 00390472 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 01647432 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-26 09:21 - 2014-04-24 08:33 - 13692232 _____ () C:\Users\USER\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2014 11:57:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/28/2014 11:57:25 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe
 
Error: (04/28/2014 11:56:06 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (04/28/2014 11:22:48 PM) (Source: MsiInstaller) (User: USER-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\USER\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (04/28/2014 11:22:06 PM) (Source: MsiInstaller) (User: USER-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\USER\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (04/28/2014 11:20:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/28/2014 11:19:51 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe
 
Error: (04/28/2014 11:18:24 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (04/28/2014 06:12:39 PM) (Source: MsiInstaller) (User: USER-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\USER\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (04/28/2014 06:11:55 PM) (Source: MsiInstaller) (User: USER-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\USER\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (04/28/2014 11:57:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/28/2014 11:56:53 PM) (Source: Service Control Manager) (User: )
Description: The UI Assistant Service service failed to start due to the following error: 
%%1053
 
Error: (04/28/2014 11:56:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UI Assistant Service service to connect.
 
Error: (04/28/2014 11:19:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/28/2014 11:19:10 PM) (Source: Service Control Manager) (User: )
Description: The UI Assistant Service service failed to start due to the following error: 
%%1053
 
Error: (04/28/2014 11:19:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UI Assistant Service service to connect.
 
Error: (04/28/2014 06:08:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/28/2014 06:08:36 PM) (Source: Service Control Manager) (User: )
Description: The UI Assistant Service service failed to start due to the following error: 
%%1053
 
Error: (04/28/2014 06:08:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UI Assistant Service service to connect.
 
Error: (04/28/2014 03:17:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 51.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-26 08:54:02.637
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-26 08:54:02.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-26 08:54:01.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-26 08:54:01.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:36.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:36.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:36.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:36.085
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:17.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 09:32:17.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Level Up Games\Ragnarok Online\npkcrypt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 4095.24 MB
Available physical RAM: 1899.78 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 5290.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:76.24 GB) (Free:15.41 GB) NTFS
Drive e: () (Fixed) (Total:465.66 GB) (Free:40.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 11F7E14E)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 76 GB) (Disk ID: 866E866E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:02 PM

Posted 28 April 2014 - 12:39 PM

Hello,

 

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

 

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select the following program from the list:

 

AppsHat Mobile Apps
Bundled software uninstaller
DownTango
uTorrentControl_v2 Toolbar

 

and press the Uninstall button for each of them.

 

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also can you please go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.
After that please delete the zip files you just created...

 

 

Let me know if the problem still exists! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#5 johndeocera

johndeocera
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 April 2014 - 01:02 PM

I was able to uninstall the first 3 programs. But utorrentcontrol_v2 toolbar doesn't really do anything when I hit uninstall. Should I leave it at that and run FRST?



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:02 PM

Posted 28 April 2014 - 01:12 PM

Try to uninstall it using this tool:

http://support.microsoft.com/mats/program_install_and_uninstall/en

 

if no joy try this:

Please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select uTorrentControl_v2 Toolbar
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.
Let me know about the results.

 

Then proceed with the next step.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 johndeocera

johndeocera
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 April 2014 - 02:02 PM

It worked! Here's Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by USER at 2014-04-29 02:39:36 Run:2
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
2014-03-05 19:45 - 2014-03-05 19:45 - 00799744 _____ () C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.dll
C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.dll
Folder: C:\Users\USER\AppData\Local\Idmzsoft
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Run: [Video Library] => C:\Windows\system32\rundll32.exe C:\Users\USER\AppData\Local\Temp\Rpcqt.dll,Sets <===== ATTENTION
C:\Users\USER\AppData\Local\Temp\Rpcqt.dll
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\...\Policies\Explorer: [] 
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
URLSearchHook: HKCU - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll No File
SearchScopes: HKCU - {8A51ECCA-43D7-4573-8190-273109550C38} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {AB79D3B4-AEDB-428a-B504-BAC00521A1C7} URL = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo1.dll No File
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
FF Extension: Search Results Optimizator - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\SearchHelper [2012-09-18]
FF Extension: uTorrentControl_v2  - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2014-03-26]
FF Extension: Apps Hat - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-11-14]
FF Extension: GoPhotoIt - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\gophoto@gophoto.it.xpi [2012-07-31]
FF Extension: Torntv - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\torntv@torntv.com.xpi [2012-11-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-23]
FF HKCU\...\Firefox\Extensions: [search@helper] - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\extensions\SearchHelper
FF Extension: Search Results Optimizator - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\extensions\SearchHelper [2012-09-18]
CHR Extension: (uTorrentControl_v2) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2014-04-04]
CHR Extension: (Torntv) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf [2014-04-04]
CHR Extension: (Savings-Slider) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-04]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-04-04]
CHR Extension: (GoPhoto.it) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2014-04-04]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\USER\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx [2012-11-28]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]
C:\Users\USER\AppData\Local\Temp
end
*****************
 
"C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.dll" => File/Directory not found.
"C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.dll" => File/Directory not found.
 
========================= Folder: C:\Users\USER\AppData\Local\Idmzsoft ========================
 
2014-02-19 19:47 - 2014-02-19 19:47 - 0233492 _____ () C:\Users\USER\AppData\Local\Idmzsoft\AdobeLinguistic.3
2014-03-05 19:45 - 2014-03-05 19:45 - 0233492 _____ () C:\Users\USER\AppData\Local\Idmzsoft\dwcjid.3
2014-02-11 19:23 - 2014-02-11 19:23 - 0233492 _____ () C:\Users\USER\AppData\Local\Idmzsoft\prepro.3
 
====== End of Folder: ======
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library => Value not found.
"C:\Users\USER\AppData\Local\Temp\Rpcqt.dll" => File/Directory not found.
HKU\S-1-5-21-1946396020-3047694934-3240006012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{539F76FD-084E-4858-86D5-62F02F54AE86} => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A51ECCA-43D7-4573-8190-273109550C38} => Key not found.
HKCR\CLSID\{8A51ECCA-43D7-4573-8190-273109550C38} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7} => Key not found.
HKCR\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKCR\Wow6432Node\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Value not found.
HKCR\Wow6432Node\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Value not found.
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\SearchHelper not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\gophoto@gophoto.it.xpi not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\torntv@torntv.com.xpi not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi not found.
HKCU\Software\Mozilla\Firefox\Extensions\\search@helper => Value not found.
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\oxqcyycz.default\extensions\SearchHelper not found.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda directory not found.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf directory not found.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk directory not found.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp directory not found.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key not found.
"C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp => Key not found.
"C:\Users\USER\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key not found.
"C:\Users\USER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf => Key not found.
"C:\Program Files (x86)\TornTV.com\torn10.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk => Key not found.
"C:\Program Files (x86)\Gophoto.it\gophotoit14.crx" => File/Directory not found.
Application Updater => Service not found.
 
"C:\Users\USER\AppData\Local\Temp" directory move:
 
Could not move "C:\Users\USER\AppData\Local\Temp\etilqs_A7DQmq3PLttf6zg" => Scheduled to move on reboot.
C:\Users\USER\AppData\Local\Temp\RPR_Patch_Repair.txt => Moved successfully.
C:\Users\USER\AppData\Local\Temp\MATS-Temp\Results\Program Install and Uninstall troubleshooter_result.cab => Moved successfully.
Could not move "C:\Users\USER\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-29 02:42:06)<=
 
C:\Users\USER\AppData\Local\Temp\etilqs_A7DQmq3PLttf6zg => Is moved successfully.
C:\Users\USER\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====


#8 johndeocera

johndeocera
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 April 2014 - 02:20 PM

The iexplorer.exe is not there anymore, and my computer is working smoothly now. Thanks a lot Georgi! And also I tried uploading the quarantined folder, but the website says "This webpage is not available." I appreciate every bit of help you offered to me.:) God bless!



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:02 PM

Posted 28 April 2014 - 03:07 PM

Hello,

 

Can you please upload the folder here => http://zippyshare.com/ and send me the download link via PM?

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:02 PM

Posted 15 May 2014 - 05:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users