Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cmd Malware


  • Please log in to reply
5 replies to this topic

#1 JesusIsMyName

JesusIsMyName

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 September 2014 - 05:54 AM

Hi, when starting up my PC a cmd prompt that is blank quickly pops up and disappeares, it launches Chrome and opens the webpage extendedunlimited.org.


Edited by hamluis, 09 September 2014 - 06:06 AM.
Moved from MRL (no logs) to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 09 September 2014 - 06:19 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 JesusIsMyName

JesusIsMyName
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 September 2014 - 07:12 AM

Scan with FRST:

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by Jesús (administrator) on JESUS on 09-09-2014 14:01:52
Running from C:\Users\Jesús\Desktop
Platform: Windows 8 Pro (X64) OS Language: Español (España, internacional)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Archivos de programas (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\Archivos de programas (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\Run: [Spotify Web Helper] => C:\Users\Jesús\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\Run: [Steam] => D:\Archivos de programas (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2668496 2014-08-29] (Desura Net Pty Ltd)
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1223255647-1115958421-2627241808-1001\...\MountPoints2: {5e845b47-a5e7-11e2-be6a-08606ec356f7} - "F:\setup.exe" 
Startup: C:\Users\Jes£s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Jesús\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.es.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3FA8966999A2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {16332CF5-71D1-47BD-AC5B-9E8E1BD6C92F} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Hosts: 127.0.0.1 api.crashtastic.com 
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jesús\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.es/
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR DefaultSearchKeyword: Default -> 70493D9CE96D251041C6B913AA199CCAF03BCC551ADED7193257BFF8E59ED1ED
CHR DefaultSearchURL: Default -> C786742AB26F525B05AE3577D344AE35253256A4BB4E938FCB5BE7FC9A51D8A6
CHR Profile: C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HTML5 Outliner) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoibpobokebhgfnknfndkgemglggomo [2014-04-03]
CHR Extension: (BetterTTV) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-03]
CHR Extension: (Google Docs) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Adblock Plus) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-03]
CHR Extension: (Búsqueda de Google) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Búsqueda por voz) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2014-04-03]
CHR Extension: (View Thru) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Cuevana Stream (Fixed)) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\phicfmbjmkdipkhlhlkblgjamldaonjd [2014-04-03]
CHR Extension: (Gmail) - C:\Users\Jesús\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-09] () [File not signed]
S2 iWinTrusted; D:\Archivos de programas (x86)\iWin Games\iWinTrusted.exe [179368 2013-10-23] (iWin Inc.)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-16] (DT Soft Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-01-21] ()
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 12:52 - 2014-09-09 12:52 - 00000278 _____ () C:\Users\Jesús\Downloads\fixlist.txt
2014-09-09 11:29 - 2014-09-09 11:29 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 11:14 - 2014-09-09 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jesús\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-09 11:09 - 2014-09-09 11:09 - 01016261 _____ (Thisisu) C:\Users\Jesús\Downloads\JRT.exe
2014-09-09 11:09 - 2014-09-09 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 11:04 - 2014-09-09 11:04 - 00000308 _____ () C:\Windows\PFRO.log
2014-09-09 11:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 10:55 - 2014-09-09 14:01 - 00012971 _____ () C:\Users\Jesús\Desktop\FRST.txt
2014-09-09 10:55 - 2014-09-09 14:01 - 00000000 ____D () C:\FRST
2014-09-09 10:53 - 2014-09-09 10:54 - 02105344 _____ (Farbar) C:\Users\Jesús\Desktop\FRST64.exe
2014-09-08 16:09 - 2014-09-08 16:09 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Steam
2014-09-07 15:04 - 2014-09-07 15:04 - 00169603 _____ () C:\Users\Jesús\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-04 09:25 - 2014-09-04 09:25 - 00000985 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-04 09:25 - 2014-09-04 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-04 09:18 - 2014-09-04 09:18 - 00001165 _____ () C:\Users\Jesús\Desktop\Origin.exe - Acceso directo.lnk
2014-09-03 19:17 - 2014-09-03 19:17 - 00045189 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.l.torrent
2014-09-02 16:09 - 2014-09-02 16:09 - 00030539 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-08-30 22:20 - 2014-08-30 22:20 - 00000000 ____D () C:\Users\Jesús\Documents\New Star Soccer 5
2014-08-30 21:49 - 2014-08-30 21:52 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Running with rifles
2014-08-30 21:43 - 2014-08-30 21:43 - 00000230 _____ () C:\Users\Jesús\Desktop\RUNNING WITH RIFLES.url
2014-08-29 12:19 - 2014-08-29 12:19 - 00000980 _____ () C:\Users\Jesús\Desktop\The Escapists.lnk
2014-08-29 12:19 - 2014-08-29 12:19 - 00000980 _____ () C:\Users\Administrador\Desktop\The Escapists.lnk
2014-08-29 12:17 - 2014-08-29 12:17 - 00012512 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.escapists.v0.75.early.access.torrent
2014-08-28 12:05 - 2014-08-28 12:05 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\capy
2014-08-28 12:04 - 2014-08-28 12:04 - 00000935 _____ () C:\Users\Jesús\Desktop\STF.lnk
2014-08-28 11:31 - 2014-08-28 11:31 - 00013289 _____ () C:\Users\Jesús\Downloads\[kickass.to]super.time.force.ultra.v1.01.tptb.torrent
2014-08-27 19:10 - 2014-08-27 19:10 - 00000230 _____ () C:\Users\Jesús\Desktop\Lethal League.url
2014-08-27 17:29 - 2014-08-27 17:29 - 00000230 _____ () C:\Users\Jesús\Desktop\Crusader Kings II.url
2014-08-27 01:05 - 2014-08-27 01:07 - 00000000 ____D () C:\Users\Jesús\Documents\Shiner
2014-08-27 01:05 - 2014-08-27 01:05 - 00000000 ____D () C:\Users\Jesús\Documents\Robot Entertainment
2014-08-27 01:05 - 2014-08-27 01:05 - 00000000 ____D () C:\Users\Jesús\AppData\Local\Robot Entertainment
2014-08-26 23:25 - 2014-08-26 23:25 - 00000230 _____ () C:\Users\Jesús\Desktop\Orcs Must Die! 2.url
2014-08-25 22:15 - 2014-08-26 12:40 - 00000000 ____D () C:\Users\Jesús\AppData\Local\nuclearthrone
2014-08-25 22:10 - 2014-08-25 22:10 - 00000230 _____ () C:\Users\Jesús\Desktop\Nuclear Throne.url
2014-08-25 17:08 - 2014-08-25 17:08 - 00000230 _____ () C:\Users\Jesús\Desktop\Broforce.url
2014-08-25 13:19 - 2014-09-05 00:39 - 00004608 ___SH () C:\Users\Jesús\Downloads\Thumbs.db
2014-08-24 01:19 - 2014-08-24 01:19 - 00040443 _____ () C:\Users\Jesús\Downloads\[kickass.to]tony.hawks.underground.2.ost (1).torrent
2014-08-24 01:18 - 2014-08-24 01:18 - 00040443 _____ () C:\Users\Jesús\Downloads\[kickass.to]tony.hawks.underground.2.ost.torrent
2014-08-22 23:52 - 2014-08-22 23:52 - 00007138 _____ () C:\Users\Jesús\Downloads\[kickass.to]mgmt.oracular.spectacular.indie.electronic.2007.torrent
2014-08-22 23:30 - 2014-08-22 23:30 - 00000229 _____ () C:\Users\Jesús\Desktop\Audiosurf.url
2014-08-22 10:47 - 2014-08-22 10:47 - 00000230 _____ () C:\Users\Jesús\Desktop\Hand Of Fate.url
2014-08-21 15:03 - 2014-08-21 15:03 - 00000000 ____D () C:\Users\Jesús\Documents\PVZ Garden Warfare
2014-08-21 02:07 - 2014-08-21 02:07 - 00000230 _____ () C:\Users\Jesús\Desktop\Knightmare Tower.url
2014-08-20 21:38 - 2014-08-20 21:38 - 00000230 _____ () C:\Users\Jesús\Desktop\Rodina.url
2014-08-20 19:25 - 2014-08-20 19:25 - 00025286 _____ () C:\Users\Jesús\Downloads\[kickass.to]family.feud.2010.edition.torrent
2014-08-20 02:04 - 2014-08-20 02:04 - 00001682 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodina.lnk
2014-08-20 01:26 - 2014-08-20 01:26 - 00170058 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.king.of.fighters.xiii.reloaded.torrent
2014-08-20 00:54 - 2014-08-20 00:54 - 00020528 _____ () C:\Users\Jesús\Downloads\RodinaSetup.torrent
2014-08-17 20:51 - 2014-08-17 20:51 - 00023915 _____ () C:\Users\Jesús\Downloads\Little.Kings.Story%28PAL-MULTI5%29.c5247.torrent
2014-08-16 17:18 - 2014-08-16 17:18 - 00000738 _____ () C:\Users\Public\Desktop\Crawl.lnk
2014-08-14 21:28 - 2014-08-14 21:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-14 21:28 - 2014-08-14 21:28 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-08-12 19:42 - 2014-09-05 09:45 - 00000000 ____D () C:\Users\Jesús\Documents\WBFS Manager Covers
2014-08-12 19:42 - 2014-08-12 19:42 - 00000952 _____ () C:\Users\Jesús\Desktop\WBFS Manager 3.0.lnk
2014-08-12 19:42 - 2014-08-12 19:42 - 00000000 ____D () C:\Users\Jesús\AppData\Local\WBFSManager
2014-08-12 19:42 - 2014-08-12 19:42 - 00000000 ____D () C:\Program Files\WBFS
2014-08-12 19:41 - 2014-08-12 19:41 - 00000000 ____D () C:\Users\Jesús\Downloads\WBFSManager3.0.1-RTW-x64
2014-08-12 04:22 - 2014-08-12 04:22 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jesús\Downloads\Shockwave_Installer_Slim.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 14:01 - 2014-09-09 10:55 - 00012971 _____ () C:\Users\Jesús\Desktop\FRST.txt
2014-09-09 14:01 - 2014-09-09 10:55 - 00000000 ____D () C:\FRST
2014-09-09 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-09 13:44 - 2013-04-15 15:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 13:21 - 2013-04-15 17:09 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 12:52 - 2014-09-09 12:52 - 00000278 _____ () C:\Users\Jesús\Downloads\fixlist.txt
2014-09-09 11:44 - 2013-04-15 15:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:36 - 2014-03-29 19:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 11:30 - 2013-11-26 13:39 - 01191080 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 11:29 - 2014-09-09 11:29 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 11:29 - 2014-03-29 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 11:29 - 2014-03-29 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 11:16 - 2014-09-09 11:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jesús\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-09 11:09 - 2014-09-09 11:09 - 01016261 _____ (Thisisu) C:\Users\Jesús\Downloads\JRT.exe
2014-09-09 11:09 - 2014-09-09 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 11:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:04 - 2014-09-09 11:04 - 00000308 _____ () C:\Windows\PFRO.log
2014-09-09 11:04 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-09 11:04 - 2012-07-26 07:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-09-09 11:03 - 2014-08-02 12:15 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-09 11:03 - 2014-08-02 12:15 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-09 11:03 - 2014-08-02 12:15 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-09 11:03 - 2014-08-02 12:15 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-09 11:02 - 2014-01-28 19:43 - 00000000 ____D () C:\AdwCleaner
2014-09-09 10:54 - 2014-09-09 10:53 - 02105344 _____ (Farbar) C:\Users\Jesús\Desktop\FRST64.exe
2014-09-09 01:08 - 2013-04-22 21:14 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Spotify
2014-09-08 21:13 - 2013-10-01 22:47 - 00000000 ____D () C:\Users\Jesús\AppData\Local\PMB Files
2014-09-08 20:00 - 2013-10-01 22:47 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-08 16:09 - 2014-09-08 16:09 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Steam
2014-09-08 16:09 - 2013-04-22 22:32 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\uTorrent
2014-09-08 16:09 - 2013-04-16 19:47 - 00000000 ____D () C:\Users\Jesús\Documents\My Games
2014-09-08 11:27 - 2013-04-22 21:15 - 00000000 ____D () C:\Users\Jesús\AppData\Local\Spotify
2014-09-07 15:04 - 2014-09-07 15:04 - 00169603 _____ () C:\Users\Jesús\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-07 12:25 - 2013-07-13 11:36 - 00000000 ____D () C:\Users\Jesús\AppData\Local\Adobe
2014-09-07 12:08 - 2013-04-15 17:09 - 00003726 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-05 21:14 - 2013-04-15 17:50 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 09:45 - 2014-08-12 19:42 - 00000000 ____D () C:\Users\Jesús\Documents\WBFS Manager Covers
2014-09-05 09:45 - 2012-07-26 13:20 - 00798038 _____ () C:\Windows\system32\perfh00A.dat
2014-09-05 09:45 - 2012-07-26 13:20 - 00162850 _____ () C:\Windows\system32\perfc00A.dat
2014-09-05 09:45 - 2012-07-26 09:28 - 01798556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 04:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-05 00:39 - 2014-08-25 13:19 - 00004608 ___SH () C:\Users\Jesús\Downloads\Thumbs.db
2014-09-04 12:21 - 2013-04-15 19:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-04 09:35 - 2013-12-19 20:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 09:25 - 2014-09-04 09:25 - 00000985 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-04 09:25 - 2014-09-04 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-04 09:18 - 2014-09-04 09:18 - 00001165 _____ () C:\Users\Jesús\Desktop\Origin.exe - Acceso directo.lnk
2014-09-03 23:40 - 2013-04-15 12:43 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1223255647-1115958421-2627241808-1001
2014-09-03 22:13 - 2014-07-02 13:43 - 00000000 ____D () C:\Users\Jesús\Documents\FIFA 14
2014-09-03 21:17 - 2013-04-15 17:52 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Origin
2014-09-03 19:17 - 2014-09-03 19:17 - 00045189 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.l.torrent
2014-09-02 16:09 - 2014-09-02 16:09 - 00030539 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-09-01 16:11 - 2014-08-02 12:15 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 16:11 - 2014-08-02 12:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-30 22:20 - 2014-08-30 22:20 - 00000000 ____D () C:\Users\Jesús\Documents\New Star Soccer 5
2014-08-30 21:52 - 2014-08-30 21:49 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Running with rifles
2014-08-30 21:43 - 2014-08-30 21:43 - 00000230 _____ () C:\Users\Jesús\Desktop\RUNNING WITH RIFLES.url
2014-08-30 12:47 - 2013-05-16 03:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2014-08-29 17:03 - 2014-05-04 04:29 - 00168570 _____ () C:\Windows\DirectX.log
2014-08-29 16:48 - 2013-10-16 09:49 - 00000000 ____D () C:\Program Files (x86)\Desura
2014-08-29 12:19 - 2014-08-29 12:19 - 00000980 _____ () C:\Users\Jesús\Desktop\The Escapists.lnk
2014-08-29 12:19 - 2014-08-29 12:19 - 00000980 _____ () C:\Users\Administrador\Desktop\The Escapists.lnk
2014-08-29 12:17 - 2014-08-29 12:17 - 00012512 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.escapists.v0.75.early.access.torrent
2014-08-28 15:11 - 2014-04-07 12:15 - 00000000 ____D () C:\Users\Jesús\Documents\Mis juegos
2014-08-28 12:05 - 2014-08-28 12:05 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\capy
2014-08-28 12:04 - 2014-08-28 12:04 - 00000935 _____ () C:\Users\Jesús\Desktop\STF.lnk
2014-08-28 11:31 - 2014-08-28 11:31 - 00013289 _____ () C:\Users\Jesús\Downloads\[kickass.to]super.time.force.ultra.v1.01.tptb.torrent
2014-08-27 19:10 - 2014-08-27 19:10 - 00000230 _____ () C:\Users\Jesús\Desktop\Lethal League.url
2014-08-27 17:29 - 2014-08-27 17:29 - 00000230 _____ () C:\Users\Jesús\Desktop\Crusader Kings II.url
2014-08-27 01:07 - 2014-08-27 01:05 - 00000000 ____D () C:\Users\Jesús\Documents\Shiner
2014-08-27 01:05 - 2014-08-27 01:05 - 00000000 ____D () C:\Users\Jesús\Documents\Robot Entertainment
2014-08-27 01:05 - 2014-08-27 01:05 - 00000000 ____D () C:\Users\Jesús\AppData\Local\Robot Entertainment
2014-08-26 23:25 - 2014-08-26 23:25 - 00000230 _____ () C:\Users\Jesús\Desktop\Orcs Must Die! 2.url
2014-08-26 12:40 - 2014-08-25 22:15 - 00000000 ____D () C:\Users\Jesús\AppData\Local\nuclearthrone
2014-08-25 22:10 - 2014-08-25 22:10 - 00000230 _____ () C:\Users\Jesús\Desktop\Nuclear Throne.url
2014-08-25 17:08 - 2014-08-25 17:08 - 00000230 _____ () C:\Users\Jesús\Desktop\Broforce.url
2014-08-24 01:19 - 2014-08-24 01:19 - 00040443 _____ () C:\Users\Jesús\Downloads\[kickass.to]tony.hawks.underground.2.ost (1).torrent
2014-08-24 01:18 - 2014-08-24 01:18 - 00040443 _____ () C:\Users\Jesús\Downloads\[kickass.to]tony.hawks.underground.2.ost.torrent
2014-08-22 23:52 - 2014-08-22 23:52 - 00007138 _____ () C:\Users\Jesús\Downloads\[kickass.to]mgmt.oracular.spectacular.indie.electronic.2007.torrent
2014-08-22 23:30 - 2014-08-22 23:30 - 00000229 _____ () C:\Users\Jesús\Desktop\Audiosurf.url
2014-08-22 10:47 - 2014-08-22 10:47 - 00000230 _____ () C:\Users\Jesús\Desktop\Hand Of Fate.url
2014-08-21 15:03 - 2014-08-21 15:03 - 00000000 ____D () C:\Users\Jesús\Documents\PVZ Garden Warfare
2014-08-21 02:07 - 2014-08-21 02:07 - 00000230 _____ () C:\Users\Jesús\Desktop\Knightmare Tower.url
2014-08-20 21:38 - 2014-08-20 21:38 - 00000230 _____ () C:\Users\Jesús\Desktop\Rodina.url
2014-08-20 19:43 - 2013-11-26 02:37 - 00000000 ____D () C:\Users\Jesús\AppData\Roaming\Ludia
2014-08-20 19:25 - 2014-08-20 19:25 - 00025286 _____ () C:\Users\Jesús\Downloads\[kickass.to]family.feud.2010.edition.torrent
2014-08-20 02:04 - 2014-08-20 02:04 - 00001682 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodina.lnk
2014-08-20 01:26 - 2014-08-20 01:26 - 00170058 _____ () C:\Users\Jesús\Downloads\[kickass.to]the.king.of.fighters.xiii.reloaded.torrent
2014-08-20 00:54 - 2014-08-20 00:54 - 00020528 _____ () C:\Users\Jesús\Downloads\RodinaSetup.torrent
2014-08-19 15:36 - 2013-10-31 10:45 - 00000000 ____D () C:\Users\Jesús\AppData\Local\Battle.net
2014-08-18 11:00 - 2013-10-23 10:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-18 10:59 - 2014-04-28 19:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 10:59 - 2014-04-28 19:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 10:59 - 2014-04-28 19:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 10:59 - 2013-06-28 17:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 10:59 - 2013-06-28 17:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 20:51 - 2014-08-17 20:51 - 00023915 _____ () C:\Users\Jesús\Downloads\Little.Kings.Story%28PAL-MULTI5%29.c5247.torrent
2014-08-17 13:09 - 2013-10-31 10:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-16 17:18 - 2014-08-16 17:18 - 00000738 _____ () C:\Users\Public\Desktop\Crawl.lnk
2014-08-14 21:28 - 2014-08-14 21:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-14 21:28 - 2014-08-14 21:28 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-08-13 14:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-12 19:42 - 2014-08-12 19:42 - 00000952 _____ () C:\Users\Jesús\Desktop\WBFS Manager 3.0.lnk
2014-08-12 19:42 - 2014-08-12 19:42 - 00000000 ____D () C:\Users\Jesús\AppData\Local\WBFSManager
2014-08-12 19:42 - 2014-08-12 19:42 - 00000000 ____D () C:\Program Files\WBFS
2014-08-12 19:41 - 2014-08-12 19:41 - 00000000 ____D () C:\Users\Jesús\Downloads\WBFSManager3.0.1-RTW-x64
2014-08-12 04:22 - 2014-08-12 04:22 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jesús\Downloads\Shockwave_Installer_Slim.exe
2014-08-11 19:23 - 2013-04-16 11:04 - 00000000 ____D () C:\Program Files (x86)\JDownloader
 
Some content of TEMP:
====================
C:\Users\Jesús\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jesús\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jesús\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jesús\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jesús\AppData\Local\Temp\Quarantine.exe
C:\Users\Jesús\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jesús\AppData\Local\Temp\raptr_stub.exe
C:\Users\Jesús\AppData\Local\Temp\SRLDetectionLibrary6272711585308290798.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-04 10:06
 
==================== End Of Log ============================


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 09 September 2014 - 07:39 AM

I need the addition.txt and the aswmbr result as well


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 JesusIsMyName

JesusIsMyName
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 September 2014 - 07:58 AM

Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Jesús at 2014-09-09 10:56:29
Running from C:\Users\Jesús\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.1 - Futuremark)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Wonders III (HKLM-x32\...\QWdlb2ZXb25kZXJzSUlJ_is1) (Version: 1 - )
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Arcadecraft (HKLM-x32\...\{74A65C50-0C54-438E-839D-66549C914D5F}) (Version: 0.7.0 - Firebase Industries)
Arcane Worlds (HKLM-x32\...\Steam App 269610) (Version:  - Ranmantaru Games)
Are You Smarter Than A 5th Grader (HKLM-x32\...\Are You Smarter Than A 5th Grader) (Version: 1.2.0.1 - iWin.com)
Ascendant (HKLM-x32\...\GOGPACKASCENDANT_is1) (Version: 2.0.0.1 - GOG.com)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Bird Assassin (HKLM-x32\...\{B226C3AC-B034-42DB-85F4-8E7680D3F4DB}) (Version: 2.0.0.4 - Social Loner Studios)
Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
BurnInTest v7.1 Pro (HKLM\...\BurnInTest_is1) (Version: 7.1 - Passmark Software)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Cabela's Big Game Hunter Pro Hunts (HKLM-x32\...\Q2FiZWxhc0JpZ0dhbWVIdW50ZXJQcm9IdW50cw==_is1) (Version: 1 - )
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cloudberry Kingdom (HKLM-x32\...\Q2xvdWRiZXJyeUtpbmdkb20=_is1) (Version: 1 - )
Coin Crypt (HKLM-x32\...\Steam App 264690) (Version:  - Dumb and Fat Games)
ControlMK 0.232 (HKLM-x32\...\ControlMK) (Version: 0.232 - Redcl0ud)
Cook, Serve, Delicious! v2.61 (HKCU\...\Cook, Serve, Delicious! v2.61) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crawl version 0.01 (Giant Spider) (HKLM-x32\...\{3C15BB31-5051-4A4F-8E78-4F2FF38CB335}_is1) (Version: 0.01 (Giant Spider) - Powerhoof)
Creeper World 3 Arc Eternal (HKLM-x32\...\Q3JlZXBlcldvcmxkM0FyY0V0ZXJuYWw=_is1) (Version: 1 - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Deadly 30 (HKLM-x32\...\Steam App 264730) (Version:  - Ignatus Zuk and Gonzalo Villagomez)
Delver's Drop PAX East++ versión 0.7.5 (HKLM-x32\...\{1A4C387F-EF49-4CD7-A163-7ACDA8267246}_is1) (Version: 0.7.5 - Pixelscopic LLC)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version:  - QCF Design)
Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
Desura: Bleed (HKLM-x32\...\Desura_92221537779744) (Version: Full - BootdiskRevolution)
Desura: Dino Run SE (HKLM-x32\...\Desura_77588584202272) (Version: Full - pixeljam)
Desura: Epic Inventor (HKLM-x32\...\Desura_69831873265696) (Version: Full - Pixel Prone)
Desura: Omegalodon (HKLM-x32\...\Desura_72632191942688) (Version: Full - North of Earth)
Desura: Potatoman Seeks The Troof (HKLM-x32\...\Desura_90851443212320) (Version: Full - pixeljam)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Desura: Running with Rifles (HKLM-x32\...\Desura_70806830841888) (Version: Beta - Modulaatio Games)
Desura: Snake Blocks (HKLM-x32\...\Desura_112931870081056) (Version: Full - Spooky Cat)
Desura: Super Amazing Wagon Adventure (HKLM-x32\...\Desura_79040283148320) (Version: Full - sparsevector)
Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Draw A Stickman - EPIC (HKLM-x32\...\Draw A Stickman - EPICv1.0.0.0) (Version: v1.0.0.0 - Hitcents)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Eldritch version 0.0.0.9 (HKLM-x32\...\Eldritch_is1) (Version: 0.0.0.9 - WaLMaRT)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
Game Dev Tycoon versión 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Geeks3D.com FurMark 1.10.6 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.92 - )
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017F0}) (Version: 7.0.170 - Oracle)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kingdom Rush (HKLM-x32\...\S2luZ2RvbVJ1c2g=_is1) (Version: 1 - )
Knightmare Tower (HKLM-x32\...\Steam App 298400) (Version:  - Juicy Beast Studio)
Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version:  - Behold Studios)
La-Mulana (HKLM-x32\...\Steam App 230700) (Version:  - NIGORO)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version:  - Warner Bros. Games)
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware versión 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version:  - Reptile Games)
METAL GEAR RISING REVENGEANCE, âåðñèÿ 1.0.0.0 (HKLM-x32\...\METAL GEAR RISING REVENGEANCE_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mutant Mudds (HKLM-x32\...\GOGPACKMUTANTMUDDS_is1) (Version: 2.1.0.8 - GOG.com)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version:  - Namco Bandai Games)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
No Time to Explain (HKLM-x32\...\Steam App 227280) (Version:  - tinyBuild)
Not The Robots (HKLM-x32\...\Steam App 257120) (Version:  - 2DArray)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OlliOlli (HKLM-x32\...\1207665033_is1) (Version: 2.0.0.2 - GOG.com)
One Finger Death Punch 1.0 (HKLM-x32\...\One Finger Death Punch 1.0) (Version: 1.0 - Cat-A-Cat)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version:  - Wolfire)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Paranautical Activity (HKLM-x32\...\Steam App 250580) (Version:  - Code Avarice)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.6.28352 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelJunk™ Shooter (HKLM-x32\...\Steam App 255870) (Version:  - )
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rayman Legends (HKLM-x32\...\UmF5bWFuTGVnZW5kcw==_is1) (Version: 1 - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
Re-Volt (HKLM-x32\...\GOGPACKREVOLT_is1) (Version: 2.1.0.5 - GOG.com)
Ride 'em Low (HKLM-x32\...\Steam App 65070) (Version:  - Red Dot Games)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rodina (HKLM-x32\...\{0B7E56F5-D39D-4A41-B3A0-D60886044041}) (Version: 1.1.0 - Elliptic Games)
Rodina (HKLM-x32\...\Steam App 314230) (Version:  - Elliptic Games)
Rogue Shooter: The FPS Roguelike (HKLM-x32\...\Steam App 295770) (Version:  - Hippomancer)
RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version:  - Modulaatio Games)
Scribblenauts Unmasked A DC Comics Adventure (HKLM-x32\...\Scribblenauts Unmasked A DC Comics Adventure_is1) (Version:  - )
Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang)
Scrolls (x32 Version: 1.0.0 - Mojang) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Shadow Warrior (HKLM-x32\...\Shadow Warrior_is1) (Version:  - Devolver Digital)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.0.0.5 - GOG.com)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version:  - Digital Reality)
Sonic and All Stars Racing Transformed © SEGA version 1 (HKLM-x32\...\Sonic and All Stars Racing Transformed © SEGA_is1) (Version: 1 - )
Spelunky HD (HKLM-x32\...\Spelunky HD) (Version: 1.3 - Jimbo)
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
State of Decay (HKLM-x32\...\State of Decay_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
Terraria version 1.2.4.1 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.2.4.1 - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The SIMS 4 Deluxe Edition (HKLM-x32\...\The SIMS 4 Deluxe Edition_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
The Witcher - Enhanced Edition Director's Cut (HKLM-x32\...\The Witcher - Enhanced Edition Director's Cut_is1) (Version:  - )
TOG_BuildV1_00e1 (HKLM\...\UDK-d5a5a837-f764-4a72-977f-d7f79646119b) (Version:  - Epic Games, Inc.)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.00.000 - Ubisoft)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Torchlight II Videos Subtitulados en Castellano (HKCU\...\Torchlight II Videos Subtitulados en Castellano 1.0.0) (Version: 1.0.0 - Runic Games, Inc. MODS)
Torchlight II Videos Subtitulados en Castellano (x32 Version: 1.0.0 - Runic Games, Inc. MODS) Hidden
TowerFall Ascension (HKLM-x32\...\Steam App 251470) (Version:  - Matt Thorson)
TrackMania 2 (HKLM-x32\...\TrackMania 2_is1) (Version: RePack - Ultra)
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Un vecino infernal Compilation (HKLM-x32\...\{DE790600-2AEB-456D-836A-6654DB2577CD}) (Version: 1.0.0 - JoWooD Studio Vienna)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Universe Sandbox) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Valiant Hearts: The Great War (HKLM-x32\...\VmFsaWFudEhlYXJ0c1RoZUdyZWF0V2Fy_is1) (Version: 1 - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinDS PRO 2013.4.5 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2013.4.5.0 - WinDS PRO Central)
WinDS PRO Apps 1.3 (HKLM\...\{92C4C953-5CE1-4DC3-97D5-BBD1A63EF706}_is1) (Version: 1.3.0.0 - WinDS PRO)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WWE 2013 PC V1.5 versión 1.0 (HKLM-x32\...\{973C9B56-7591-427E-844A-D8A78A9D620C}_is1) (Version: 1.0 - Yonathan_Virus)
XCOM: Enemy Unknown - Update 1 (HKLM-x32\...\XCOM: Enemy Unknown_is1) (Version:  - )
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY 2.0 (HKLM-x32\...\{7F23ED88-D755-4A3A-AB04-E909C7C0330A}) (Version: 2.00.0000 - KONAMI)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-08-2014 23:03:26 Se ha instalado DirectX
29-08-2014 15:02:42 Se ha instalado DirectX
03-09-2014 21:16:42 Se ha instalado DirectX
05-09-2014 16:25:18 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2013-05-02 15:48 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
  
127.0.0.1 api.crashtastic.com 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00DDC41F-E2B8-4E48-B138-BAF6465CC253} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {18D18D8C-6A18-46E5-B62D-F610C8D36F8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-07] (Adobe Systems Incorporated)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {943F778E-A207-4E97-A605-77DA286BE603} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B9553C10-8053-449E-B249-C048F7D4DC8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {C11136C0-6EF9-4CE7-A5BA-0BC683401975} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {C2B44DE4-F0E9-4C90-815F-9A94B2354F33} - System32\Tasks\MySearchDial => C:\Users\JESS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C399A7CE-1CCC-43B5-934F-51D5149F2A51} - System32\Tasks\RunAsStdUser Task => D:\Archivos de programas (x86)\iWin Games\iWinGames.exe [2013-10-23] (iWin Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDF1B84C-3682-472E-9771-1C4B4BFA7F1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\JESS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-20 06:44 - 2014-06-13 01:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-02 13:56 - 2014-03-02 13:57 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-08-29 01:49 - 2014-08-21 20:15 - 01171456 _____ () D:\Archivos de programas (x86)\Steam\libavcodec-56.dll
2014-08-29 01:49 - 2014-08-21 20:15 - 00332800 _____ () D:\Archivos de programas (x86)\Steam\libavresample-2.dll
2014-08-29 01:49 - 2014-08-21 20:15 - 00442368 _____ () D:\Archivos de programas (x86)\Steam\libavutil-54.dll
2014-08-29 01:49 - 2014-08-21 00:38 - 00774656 _____ () D:\Archivos de programas (x86)\Steam\SDL2.dll
2014-08-29 01:49 - 2014-08-28 13:48 - 02224320 _____ () D:\Archivos de programas (x86)\Steam\video.dll
2014-08-29 01:49 - 2014-08-21 20:15 - 00403968 _____ () D:\Archivos de programas (x86)\Steam\libavformat-56.dll
2014-08-29 01:49 - 2014-08-21 20:15 - 00485888 _____ () D:\Archivos de programas (x86)\Steam\libswscale-3.dll
2014-08-29 01:49 - 2014-08-28 13:48 - 00678080 _____ () D:\Archivos de programas (x86)\Steam\bin\chromehtml.DLL
2014-08-29 01:49 - 2014-08-21 00:38 - 34589376 _____ () D:\Archivos de programas (x86)\Steam\bin\libcef.dll
2014-09-03 12:48 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 12:48 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 12:48 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 12:48 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 12:48 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D0757AAB
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "AmazonGSDownloaderTray"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Desura"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 10:50:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=15
 
Error: (09/09/2014 10:49:58 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/08/2014 05:22:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: deadrising3.exe, versión: 1.0.0.0, marca de tiempo: 0x53fe8cba
Nombre del módulo con errores: deadrising3.exe, versión: 1.0.0.0, marca de tiempo: 0x53fe8cba
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000866510
Identificador del proceso con errores: 0x1730
Hora de inicio de la aplicación con errores: 0xdeadrising3.exe0
Ruta de acceso de la aplicación con errores: deadrising3.exe1
Ruta de acceso del módulo con errores: deadrising3.exe2
Identificador del informe: deadrising3.exe3
Nombre completo del paquete con errores: deadrising3.exe4
Identificador de aplicación relativa del paquete con errores: deadrising3.exe5
 
Error: (09/08/2014 10:26:54 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/08/2014 10:26:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=13
 
Error: (09/07/2014 02:35:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x800705B4
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/07/2014 02:35:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/07/2014 00:02:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=15
 
Error: (09/07/2014 00:02:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/06/2014 01:02:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (09/09/2014 01:18:10 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/08/2014 03:15:13 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/07/2014 04:02:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/06/2014 01:28:07 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/05/2014 05:29:48 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/04/2014 02:31:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/03/2014 04:49:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/02/2014 02:11:15 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/01/2014 03:11:30 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (08/31/2014 03:09:29 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 10:50:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=15
 
Error: (09/09/2014 10:49:58 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/08/2014 05:22:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: deadrising3.exe1.0.0.053fe8cbadeadrising3.exe1.0.0.053fe8cbac00000050000000000866510173001cfcb6e8b27047cD:\Archivos de programas (x86)\Dead Rising 3\deadrising3.exeD:\Archivos de programas (x86)\Dead Rising 3\deadrising3.exee7d1b614-376b-11e4-bf33-08606ec356f7
 
Error: (09/08/2014 10:26:54 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/08/2014 10:26:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=13
 
Error: (09/07/2014 02:35:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x800705B4RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/07/2014 02:35:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/07/2014 00:02:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=15
 
Error: (09/07/2014 00:02:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/06/2014 01:02:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-21 12:31:25.122
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:24.078
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:23.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:22.029
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:18.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:17.212
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:16.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:31:15.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:02:21.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-21 12:02:20.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 40%
Total physical RAM: 4002.55 MB
Available physical RAM: 2395.61 MB
Total Pagefile: 8098.55 MB
Available Pagefile: 5731.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.31 GB) (Free:41 GB) NTFS
Drive d: () (Fixed) (Total:833.85 GB) (Free:393.39 GB) NTFS
Drive f: (Dead Rising 3) (CDROM) (Total:32.97 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DB1F8A1D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
aswmbr:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-09 14:10:03
-----------------------------
14:10:03.324    OS Version: Windows x64 6.2.9200 
14:10:03.325    Number of processors: 8 586 0x200
14:10:03.325    ComputerName: JESUS  UserName: Jesús
14:10:03.697    Initialize success
14:10:03.733    VM: initialized successfully
14:10:03.767    VM: Amd CPU supported 
14:10:40.999    VM: supported disk I/O storport.sys
14:13:17.636    AVAST engine defs: 14090900
14:13:37.027    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
14:13:37.028    Disk 0 Vendor: ST1000DM003-1CH162 CC46 Size: 953869MB BusType: 11
14:13:37.117    Disk 0 MBR read successfully
14:13:37.119    Disk 0 MBR scan
14:13:37.130    Disk 0 Windows 7 default MBR code
14:13:37.145    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
14:13:37.175    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99650 MB offset 718848
14:13:37.205    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       853867 MB offset 204802048
14:13:37.265    Disk 0 scanning C:\Windows\system32\drivers
14:13:49.131    Service scanning
14:14:10.844    Modules scanning
14:14:10.850    Disk 0 trace - called modules:
14:14:10.877    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
14:14:10.881    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005bd7060]
14:14:10.884    3 CLASSPNP.SYS[fffff88000fa5e0a] -> nt!IofCallDriver -> [0xfffffa80041d5040]
14:14:10.887    5 amd_xata.sys[fffff88000b69634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80049ee7f0]
14:14:11.409    AVAST engine scan C:\Windows
14:14:13.202    AVAST engine scan C:\Windows\system32
14:17:28.461    AVAST engine scan C:\Windows\system32\drivers
14:17:43.281    AVAST engine scan C:\Users\Jesús
14:44:45.144    AVAST engine scan C:\ProgramData
14:47:01.458    Scan finished successfully
14:51:01.108    Disk 0 MBR has been saved successfully to "C:\Users\Jesús\Desktop\MBR.dat"
14:51:01.123    The log file has been saved successfully to "C:\Users\Jesús\Desktop\aswMBR.txt"
 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 09 September 2014 - 08:25 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users