Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extendedunlimited.org Adware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Pimorez

Pimorez

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 09 September 2014 - 02:59 PM

Dear Bleeping Computer malware remover professionals!

 

Unfortunately my PC somehow got infected by this Extendedunlimited.org/Gameharbour.org (first Gameharbour, after removing it with Avast AV it renamed to Extendedunlimited.org) adware. Scanning for viruses did not work unfortunately.

 

My FRST and Addition logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Pim (administrator) on PIM-PC on 09-09-2014 21:54:42
Running from C:\Users\Pim\Downloads
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\WhatPulse2\whatpulse.exe
(Flux Software LLC) C:\Users\Pim\AppData\Local\FluxSoftware\Flux\flux.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PS3 Media Server) C:\Program Files (x86)\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Program Files (x86)\PS3 Media Server\jre64\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3054592 2014-04-17] ()
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [f.lux] => C:\Users\Pim\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [Google Update] => C:\Users\Pim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-03] (Google Inc.)
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
Startup: C:\Users\Pim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk
ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\pms.exe (PS3 Media Server)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1&ucc=NL&dcc=NL&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEA822B70BFEBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 212.54.44.54 212.54.40.25
 
FireFox:
========
FF ProfilePath: C:\Users\Pim\AppData\Roaming\Mozilla\Firefox\Profiles\n0tejg1i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Pim\AppData\Roaming\Mozilla\Firefox\Profiles\n0tejg1i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR DefaultSearchKeyword: Default -> B9F11F04437CA46788D56EDFF1C2AA58679F3AF09FE0F04DDFE1C02BB0C9385C
CHR DefaultSearchURL: Default -> F71D182EB844269E9CA54D217181704C7B7987B0586BD9CAD6739CB74BF97697
CHR Profile: C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28]
CHR Extension: (Google Drive) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-28]
CHR Extension: (Google+ Notifications) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2013-11-28]
CHR Extension: (Telegram UNOFFICIAL) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-02-20]
CHR Extension: (Google Search) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-28]
CHR Extension: (Google Play Music) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-09-03]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-08-24]
CHR Extension: (AdBlock) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-11]
CHR Extension: (Hola Better Internet) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-09]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2013-11-28]
CHR Extension: (Music Plus for Google Play Music) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-09-03]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-11-28]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-11-28]
CHR Extension: (Gmail) - C:\Users\Pim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-28]
CHR Extension: (No Name) - C:\Program Files (x86)\Google\Chrome\wmp [2014-08-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-27] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-06] (Disc Soft Ltd)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-06] (Duplex Secure Ltd.)
U3 a6eau04m; C:\Windows\System32\Drivers\a6eau04m.sys [0 ] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 21:54 - 2014-09-09 21:55 - 00017731 _____ () C:\Users\Pim\Downloads\FRST.txt
2014-09-09 21:54 - 2014-09-09 21:54 - 00000000 ____D () C:\FRST
2014-09-09 21:53 - 2014-09-09 21:54 - 02105344 _____ (Farbar) C:\Users\Pim\Downloads\FRST64.exe
2014-09-09 21:24 - 2014-09-09 21:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-09 21:23 - 2014-09-09 21:24 - 02347384 _____ (ESET) C:\Users\Pim\Downloads\esetsmartinstaller_enu.exe
2014-09-09 21:16 - 2014-09-09 21:16 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-09 21:15 - 2014-09-09 21:15 - 00000586 _____ () C:\Windows\system32\.crusader
2014-09-09 21:13 - 2014-09-09 21:13 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-09 21:12 - 2014-09-09 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-09 21:12 - 2014-09-09 21:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-09 21:03 - 2014-09-09 21:03 - 04901352 _____ (Piriform Ltd) C:\Users\Pim\Downloads\ccsetup417.exe
2014-09-09 20:58 - 2014-09-09 20:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 19:19 - 2014-09-09 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-09-09 19:19 - 2014-09-09 19:19 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-09-09 19:03 - 2014-09-09 19:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 18:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 18:52 - 2014-09-09 18:55 - 00000000 ____D () C:\AdwCleaner
2014-09-05 13:40 - 2014-09-06 12:49 - 00001783 _____ () C:\Users\Pim\Desktop\Play The Sims 4.lnk
2014-09-04 21:39 - 2014-09-06 22:44 - 00000000 ____D () C:\Users\Pim\Documents\Electronic Arts
2014-09-04 20:59 - 2014-09-04 21:18 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-04 20:59 - 2014-09-04 20:59 - 00003288 _____ () C:\Windows\System32\Tasks\{7996CC52-CBBF-4F51-BE95-5C8599D5A4C6}
2014-09-04 20:31 - 2014-09-04 21:06 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-04 19:11 - 2014-09-05 13:37 - 00000000 ____D () C:\Games
2014-09-03 15:56 - 2014-09-09 21:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA.job
2014-09-03 15:56 - 2014-09-08 16:01 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core.job
2014-09-03 15:56 - 2014-09-03 15:56 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA
2014-09-03 15:56 - 2014-09-03 15:56 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core
2014-09-03 15:56 - 2014-09-03 15:56 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-09-03 15:05 - 2014-09-03 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-01 00:30 - 2014-09-01 00:30 - 00002379 _____ () C:\Users\Pim\Documents\MumbleAutomaticCertificateBackup.p12
2014-09-01 00:28 - 2014-09-01 11:55 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Mumble
2014-08-31 23:53 - 2014-08-31 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-08-31 23:50 - 2014-08-31 23:59 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-08-30 01:15 - 2014-08-30 01:15 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\ProgramData\Google
2014-08-23 23:20 - 2014-08-23 23:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 21:55 - 2014-09-09 21:54 - 00017731 _____ () C:\Users\Pim\Downloads\FRST.txt
2014-09-09 21:54 - 2014-09-09 21:54 - 00000000 ____D () C:\FRST
2014-09-09 21:54 - 2014-09-09 21:53 - 02105344 _____ (Farbar) C:\Users\Pim\Downloads\FRST64.exe
2014-09-09 21:51 - 2014-07-23 23:10 - 00000024 _____ () C:\Users\Pim\jagexappletviewer.preferences
2014-09-09 21:51 - 2013-12-15 19:08 - 00000024 _____ () C:\Users\Pim\random.dat
2014-09-09 21:51 - 2013-11-28 01:08 - 00000000 ____D () C:\Users\Pim\AppData\Local\WhatPulse
2014-09-09 21:43 - 2013-12-15 19:08 - 00000042 _____ () C:\Users\Pim\jagex_cl_runescape_LIVE.dat
2014-09-09 21:25 - 2013-11-28 00:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 21:25 - 2009-07-14 06:50 - 00020144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:25 - 2009-07-14 06:50 - 00020144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:24 - 2014-09-09 21:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-09 21:24 - 2014-09-09 21:23 - 02347384 _____ (ESET) C:\Users\Pim\Downloads\esetsmartinstaller_enu.exe
2014-09-09 21:21 - 2013-11-28 00:04 - 01170770 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 21:17 - 2013-11-28 02:59 - 00000000 ____D () C:\ProgramData\PMS
2014-09-09 21:16 - 2014-09-09 21:16 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-09 21:16 - 2013-11-28 00:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 21:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 21:16 - 2009-07-14 06:56 - 00051062 _____ () C:\Windows\setupact.log
2014-09-09 21:15 - 2014-09-09 21:15 - 00000586 _____ () C:\Windows\system32\.crusader
2014-09-09 21:13 - 2014-09-09 21:13 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-09 21:12 - 2014-09-09 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-09 21:12 - 2014-09-09 21:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-09 21:03 - 2014-09-09 21:03 - 04901352 _____ (Piriform Ltd) C:\Users\Pim\Downloads\ccsetup417.exe
2014-09-09 21:01 - 2014-09-03 15:56 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA.job
2014-09-09 20:58 - 2014-09-09 20:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 20:58 - 2014-04-11 10:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 20:51 - 2013-11-28 00:53 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Skype
2014-09-09 19:47 - 2013-11-30 11:38 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\uTorrent
2014-09-09 19:19 - 2014-09-09 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-09-09 19:19 - 2014-09-09 19:19 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-09-09 19:19 - 2014-09-09 19:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 18:56 - 2010-11-21 05:47 - 00083188 _____ () C:\Windows\PFRO.log
2014-09-09 18:55 - 2014-09-09 18:52 - 00000000 ____D () C:\AdwCleaner
2014-09-09 18:55 - 2013-11-28 00:04 - 00000000 ____D () C:\Users\Pim
2014-09-09 18:48 - 2013-11-28 00:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-09 18:14 - 2014-05-27 14:25 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-09-09 18:13 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-09-08 23:35 - 2014-06-03 22:16 - 00000000 ____D () C:\ProgramData\Origin
2014-09-08 16:24 - 2014-06-03 22:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-08 16:01 - 2014-09-03 15:56 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core.job
2014-09-06 23:30 - 2013-11-28 00:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-06 23:30 - 2009-07-14 07:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 22:45 - 2014-06-03 22:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-06 22:44 - 2014-09-04 21:39 - 00000000 ____D () C:\Users\Pim\Documents\Electronic Arts
2014-09-06 12:49 - 2014-09-05 13:40 - 00001783 _____ () C:\Users\Pim\Desktop\Play The Sims 4.lnk
2014-09-05 13:37 - 2014-09-04 19:11 - 00000000 ____D () C:\Games
2014-09-04 22:24 - 2013-11-28 00:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-04 21:18 - 2014-09-04 20:59 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-04 21:06 - 2014-09-04 20:31 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-04 20:59 - 2014-09-04 20:59 - 00003288 _____ () C:\Windows\System32\Tasks\{7996CC52-CBBF-4F51-BE95-5C8599D5A4C6}
2014-09-04 12:18 - 2013-11-28 02:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-03 15:56 - 2014-09-03 15:56 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA
2014-09-03 15:56 - 2014-09-03 15:56 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core
2014-09-03 15:56 - 2014-09-03 15:56 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-09-03 15:56 - 2013-11-28 00:27 - 00000000 ____D () C:\Users\Pim\AppData\Local\Google
2014-09-03 15:06 - 2014-07-28 00:41 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Mp3tag
2014-09-03 15:05 - 2014-09-03 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-03 15:05 - 2014-07-28 00:41 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-01 11:55 - 2014-09-01 00:28 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Mumble
2014-09-01 00:30 - 2014-09-01 00:30 - 00002379 _____ () C:\Users\Pim\Documents\MumbleAutomaticCertificateBackup.p12
2014-08-31 23:59 - 2014-08-31 23:50 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-08-31 23:53 - 2014-08-31 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-08-30 01:15 - 2014-08-30 01:15 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-08-27 12:13 - 2013-12-05 19:58 - 00000000 ____D () C:\Users\Pim\.dvdcss
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\ProgramData\Google
2014-08-24 16:00 - 2013-11-28 00:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-24 15:55 - 2013-12-30 18:41 - 00000003 _____ () C:\Users\Pim\Downloads\StreamMusic.txt
2014-08-24 15:55 - 2013-11-28 01:03 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\foobar2000
2014-08-23 23:20 - 2014-08-23 23:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-22 10:32 - 2014-07-14 22:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-22 10:32 - 2014-07-14 22:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-21 22:16 - 2013-12-28 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-21 00:26 - 2013-11-28 00:29 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Dropbox
2014-08-21 00:25 - 2013-11-28 00:29 - 00000000 ____D () C:\Users\Pim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 10:54 - 2009-07-14 07:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-12 14:35 - 2013-11-28 00:33 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-08-12 14:35 - 2013-11-28 00:30 - 00000000 ____D () C:\Program Files\Paint.NET
 
Files to move or delete:
====================
C:\Users\Pim\jagex_cl_runescape_LIVE.dat
C:\Users\Pim\jagex_cl_runescape_LIVE1.dat
C:\Users\Pim\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Pim\jagex_cl_speccollect_LIVE.dat
C:\Users\Pim\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Pim\AppData\Local\Temp\7e2ced74e647b451de08db02a2b2c392.dll
C:\Users\Pim\AppData\Local\Temp\AxSFADownloader.exe
C:\Users\Pim\AppData\Local\Temp\devcon64.exe
C:\Users\Pim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgony6b.dll
C:\Users\Pim\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Pim\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Pim\AppData\Local\Temp\jna1056808446182700874.dll
C:\Users\Pim\AppData\Local\Temp\jna1287254800772253146.dll
C:\Users\Pim\AppData\Local\Temp\jna1633168973400346488.dll
C:\Users\Pim\AppData\Local\Temp\jna1795747945209659901.dll
C:\Users\Pim\AppData\Local\Temp\jna3099585717871135490.dll
C:\Users\Pim\AppData\Local\Temp\jna3935049128185834028.dll
C:\Users\Pim\AppData\Local\Temp\jna4395876434527199783.dll
C:\Users\Pim\AppData\Local\Temp\jna5486541619157454489.dll
C:\Users\Pim\AppData\Local\Temp\jna5749951996654506042.dll
C:\Users\Pim\AppData\Local\Temp\jna5783118074291985982.dll
C:\Users\Pim\AppData\Local\Temp\jna6249198733722819581.dll
C:\Users\Pim\AppData\Local\Temp\jna6873324116809846943.dll
C:\Users\Pim\AppData\Local\Temp\jna6944955804678333253.dll
C:\Users\Pim\AppData\Local\Temp\jna7328156642733764188.dll
C:\Users\Pim\AppData\Local\Temp\jna7493136769909274681.dll
C:\Users\Pim\AppData\Local\Temp\jna7802065074938625488.dll
C:\Users\Pim\AppData\Local\Temp\jna8513976429627356111.dll
C:\Users\Pim\AppData\Local\Temp\jna8839524232385388965.dll
C:\Users\Pim\AppData\Local\Temp\jna9202815792747905119.dll
C:\Users\Pim\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Pim\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Pim\AppData\Local\Temp\ose00000.exe
C:\Users\Pim\AppData\Local\Temp\paint.net.4.0.2.install.exe
C:\Users\Pim\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\Pim\AppData\Local\Temp\Quarantine.exe
C:\Users\Pim\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Pim\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 12:32
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Pim at 2014-09-09 21:55:12
Running from C:\Users\Pim\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.76 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.76 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{7D2C319D-3907-472D-9B55-EC1F240962FC}) (Version: 37.0.2062.28 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}) (Version: 65.156.32827 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MPC-HC 1.7.6 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{57CEB66B-DD29-4883-92A2-671331657B52}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{4EB7D2FF-CC3E-4FC1-B4DB-CE3DCCCC8559}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{DC366AAD-10AA-4FB2-9D17-5DA0A4E76477}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{CC54F5F1-51C0-4038-B3B0-42F1DCA806C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D9CF6D64-9342-4C83-A9C1-F45DE139F2A7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BC9AC000-70B4-4941-AE86-AF12D036E076}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BC9AC000-70B4-4941-AE86-AF12D036E076}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{8D07F876-D93A-4CF7-B801-1D41AB2BF60B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{93235108-E80B-4BFE-9BD2-176E5F14DCCF}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{93235108-E80B-4BFE-9BD2-176E5F14DCCF}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ABC643B5-0ADF-4511-B521-D99D9A822AD2}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B807DD44-0A98-4CAA-98E5-93DAB3B84703}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7861C766-2AA2-4A50-AB75-A57D451CEA76}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{4C975BB2-B3EE-4F66-A8E7-5C917B7C439D}) (Version:  - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WhatPulse version 2.4 (HKLM-x32\...\{95CC8D5F-90A1-4285-9B2D-8D0FBCFD8D0D}_is1) (Version: 2.4 - WhatPulse)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1813971324-4201850610-3924503502-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
07-09-2014 15:21:06 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AD2B525-7C02-4C12-8DF0-FB37CF6B8483} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-27] (AVAST Software)
Task: {16D2C57B-5EF8-4CA7-A875-7100D3761A65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {48EED532-B3F8-4957-89AF-2C685BBE96C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {91C57A5E-7DC5-4188-9916-E9734A1770F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA => C:\Users\Pim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {CF24ED59-8558-47CC-BCC5-E97308273CA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {D0BA4DDC-0E83-4A29-8ADD-243D692FC2CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core => C:\Users\Pim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {E8720EA4-3826-432D-B5AF-C6C3790B5CB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000Core.job => C:\Users\Pim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813971324-4201850610-3924503502-1000UA.job => C:\Users\Pim\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-05 00:51 - 2014-06-08 00:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-28 01:07 - 2014-04-17 21:51 - 03054592 _____ () C:\Program Files (x86)\WhatPulse2\whatpulse.exe
2014-09-09 21:24 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-07-27 23:53 - 2014-07-27 23:53 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-09 18:16 - 2014-09-09 18:16 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14090902\algo.dll
2013-11-28 01:08 - 2013-04-08 09:34 - 00137728 _____ () C:\Program Files (x86)\WhatPulse2\CrashRpt1402.dll
2014-07-27 23:53 - 2014-07-27 23:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-09 21:16 - 2014-09-09 21:16 - 00011264 _____ () C:\Users\Pim\AppData\Local\Temp\nsfC542.tmp\System.dll
2014-09-05 11:53 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 11:53 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 11:53 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 11:53 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 11:53 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 09:54:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/09/2014 09:24:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/09/2014 09:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 08:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.103, time stamp: 0x54011f26
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0xe90
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/09/2014 08:56:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 06:58:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 06:47:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 05:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 02:44:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2014 11:40:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/09/2014 09:16:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (09/09/2014 09:01:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/09/2014 07:03:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/09/2014 06:54:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/09/2014 05:16:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/08/2014 02:49:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/07/2014 05:15:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (09/07/2014 01:01:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error: 
%%1069
 
Error: (09/07/2014 01:01:21 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/07/2014 01:01:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 09:54:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Pim\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2014 09:24:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Pim\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2014 09:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 08:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.10354011f26ntdll.dll6.1.7601.18247521ea8e7c0000005000222d2e9001cfcc5fa2509bbfC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dll18f8149d-3853-11e4-a6cd-d43d7ef3b8a2
 
Error: (09/09/2014 08:56:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 06:58:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 06:47:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 05:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 02:44:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2014 11:40:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8136.06 MB
Available physical RAM: 5094.2 MB
Total Pagefile: 16270.3 MB
Available Pagefile: 12527.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:28.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Ali) (Fixed) (Total:931.51 GB) (Free:755.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E3798133)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 469D60DF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
It would be awesome if any of you could help, it is much appreciated!


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 09 September 2014 - 03:24 PM

Hi there,

is the problem gone after this fix?


Please download this attached Attached File  fixlist.txt   218bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 Pimorez

Pimorez
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 09 September 2014 - 03:37 PM

Dear aharonov,

 

It seems to have been fixed! After rebooting I no longer had to face the Extended Unlimited website. After looking at the logs I have no idea what happened, but it doesn't seem like it removed any programs?

 

I completely forgot to thank you a lot for fixing this faster than I could have wished for!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Pim at 2014-09-09 22:25:25 Run:1
Running from C:\Users\Pim\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
CMD: type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt"
EmptyTemp:
*****************
 
HKU\S-1-5-21-1813971324-4201850610-3924503502-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
 
=========  type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt" =========
 
The system cannot find the path specified.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Edited by Pimorez, 09 September 2014 - 03:42 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 09 September 2014 - 03:46 PM

Indeed, no programs or malware files had to be removed, it was just a registry entry that caused the symptoms.
But other than that your log looked good.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 19 September 2014 - 02:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users