Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor opens when i turn on my laptop


  • This topic is locked This topic is locked
4 replies to this topic

#1 hadrius94

hadrius94

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 12 September 2014 - 03:15 AM

Hi! I'm new in this forum and I saw a lot of people has this problem. I tried a few solutions I found in this website but nothing seems to work. I hope someone can help me 'cause this gameharbor thing is kinda annoying. (Sorry if my english is not very good btw). Well, here's my FRST log:

(If you need something more just tell me)

 

 

==================== Processes (Whitelisted) =================

 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe
(Spotify Ltd) C:\Users\Hadrius\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-01-26] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\Run: [TiVme Agent] => C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe [139264 2011-07-28] ()
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\Run: [Spotify Web Helper] => C:\Users\Hadrius\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\MountPoints2: {4a0c91f7-eb22-11e3-8aa9-08002700d4b7} - E:\Autorun_By_VictorVal.exe
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\MountPoints2: {6c3f497b-b33d-11e2-8f55-047d7b537d0e} - G:\LGAutoRun.exe
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\MountPoints2: {f93ae77f-5583-11e2-8e83-047d7b537d0e} - F:\setup.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Hadrius\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
 
Chrome: 
=======
CHR HomePage: Default -> file:///C:/Users/Hadrius/Documents/My%20Games
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR DefaultSearchKeyword: Default -> 3A7AAB133E542A0F99A0600D40F334D00415104A5E21F9FB82F8B81B09D816A0
CHR DefaultSearchURL: Default -> 4584F9411C6651A04DA5CA704E7F40E6EAEE57CB2DB286BC75FA9409FE80E132
CHR Profile: C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-11]
CHR Extension: (Búsqueda de Google) - C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-11]
CHR Extension: (avast! WebRep) - C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-10-11]
CHR Extension: (Google Wallet) - C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Hadrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-11]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-10-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2012-10-23] (Protection Technology)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2012-10-23] (Protection Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-14] (DT Soft Ltd)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 09:36 - 2014-09-12 10:10 - 00000000 ____D () C:\Users\Hadrius\Desktop\Nueva carpeta
2014-09-12 09:36 - 2014-09-12 10:10 - 00000000 ____D () C:\FRST
2014-09-12 09:25 - 2014-09-12 09:26 - 00854417 _____ () C:\Users\Hadrius\Desktop\SecurityCheck.exe
2014-09-12 09:23 - 2014-09-12 09:29 - 00004625 _____ () C:\Users\Hadrius\Desktop\Eliminar.txt
2014-09-12 09:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-12 09:20 - 2014-09-12 09:31 - 00000000 ____D () C:\AdwCleaner
2014-09-12 09:20 - 2014-09-12 09:20 - 01370467 _____ () C:\Users\Hadrius\Desktop\adwcleaner_3.309.exe
2014-09-11 17:28 - 2014-09-11 17:28 - 00000000 ____D () C:\Users\Hadrius\Documents\EA Games
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\Users\Public\Pixologic
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\Users\Public\Documents\ZBrushData
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2014-09-11 16:32 - 2014-09-11 16:32 - 00000000 ____D () C:\Program Files (x86)\Pixologic
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
2014-09-11 16:09 - 2014-09-11 16:09 - 00000000 ____D () C:\Program Files (x86)\Engine
2014-09-11 16:08 - 2014-09-11 16:08 - 00000000 ____D () C:\Program Files (x86)\Development
2014-09-07 15:04 - 2014-09-07 15:04 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-07 14:56 - 2014-09-07 15:08 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-05 09:01 - 2014-09-05 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 09:01 - 2014-09-05 09:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 12:08 - 2014-09-03 12:08 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\BigHugeEngine
2014-09-03 11:56 - 2014-09-03 11:56 - 00000000 ____D () C:\Users\Hadrius\Documents\FLiNGTrainer
2014-09-03 10:23 - 2014-09-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2014-09-03 10:02 - 2014-09-03 10:02 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-09-03 09:54 - 2014-08-16 23:33 - 2789435392 _____ () C:\Users\Hadrius\Desktop\sr-port2.iso
2014-08-24 19:48 - 2014-08-24 19:48 - 00000000 ____D () C:\Users\Hadrius\Downloads\GnG - copia
2014-08-14 21:06 - 2014-09-06 00:21 - 00000000 ____D () C:\Users\Hadrius\Documents\Electronic Arts
2014-08-14 21:06 - 2014-09-06 00:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 20:24 - 2014-08-15 09:51 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\Origin
2014-08-14 20:24 - 2014-08-14 20:24 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\Origin
2014-08-14 20:21 - 2014-09-07 15:04 - 00000000 ____D () C:\ProgramData\Origin
2014-08-14 20:21 - 2014-09-07 15:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-14 20:20 - 2014-08-14 20:20 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\Hadrius\Downloads\OriginThinSetup.exe
2014-08-13 20:47 - 2014-09-11 17:33 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\CrashDumps
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 10:10 - 2014-09-12 09:36 - 00000000 ____D () C:\Users\Hadrius\Desktop\Nueva carpeta
2014-09-12 10:10 - 2014-09-12 09:36 - 00000000 ____D () C:\FRST
2014-09-12 10:06 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:06 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:00 - 2012-10-12 08:24 - 00000390 _____ () C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2014-09-12 09:59 - 2014-06-10 20:08 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\LogMeIn Hamachi
2014-09-12 09:59 - 2012-10-11 20:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 09:58 - 2012-02-22 00:14 - 01497543 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 09:58 - 2010-11-21 05:47 - 00517958 _____ () C:\Windows\PFRO.log
2014-09-12 09:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 09:58 - 2009-07-14 06:51 - 00204592 _____ () C:\Windows\setupact.log
2014-09-12 09:56 - 2012-10-11 20:02 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 09:31 - 2014-09-12 09:20 - 00000000 ____D () C:\AdwCleaner
2014-09-12 09:29 - 2014-09-12 09:23 - 00004625 _____ () C:\Users\Hadrius\Desktop\Eliminar.txt
2014-09-12 09:26 - 2014-09-12 09:25 - 00854417 _____ () C:\Users\Hadrius\Desktop\SecurityCheck.exe
2014-09-12 09:20 - 2014-09-12 09:20 - 01370467 _____ () C:\Users\Hadrius\Desktop\adwcleaner_3.309.exe
2014-09-12 00:53 - 2014-01-20 00:13 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\vlc
2014-09-12 00:53 - 2012-02-22 09:04 - 00749122 _____ () C:\Windows\system32\perfh00A.dat
2014-09-12 00:53 - 2012-02-22 09:04 - 00159160 _____ () C:\Windows\system32\perfc00A.dat
2014-09-12 00:53 - 2009-07-14 07:13 - 01679592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 23:44 - 2012-10-24 17:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3519969894-2540563843-1210846934-1000UA.job
2014-09-11 17:44 - 2012-10-24 17:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3519969894-2540563843-1210846934-1000Core.job
2014-09-11 17:33 - 2014-08-13 20:47 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\CrashDumps
2014-09-11 17:28 - 2014-09-11 17:28 - 00000000 ____D () C:\Users\Hadrius\Documents\EA Games
2014-09-11 16:41 - 2014-05-08 15:32 - 00000000 ____D () C:\Users\Hadrius\Desktop\XOJOS
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\Users\Public\Pixologic
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\Users\Public\Documents\ZBrushData
2014-09-11 16:34 - 2014-09-11 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2014-09-11 16:32 - 2014-09-11 16:32 - 00000000 ____D () C:\Program Files (x86)\Pixologic
2014-09-11 16:21 - 2014-08-08 10:32 - 00000000 ____D () C:\Program Files (x86)\UDKGame
2014-09-11 16:15 - 2014-08-08 10:32 - 00000000 ____D () C:\Program Files (x86)\Binaries
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
2014-09-11 16:09 - 2014-09-11 16:09 - 00000000 ____D () C:\Program Files (x86)\Engine
2014-09-11 16:08 - 2014-09-11 16:08 - 00000000 ____D () C:\Program Files (x86)\Development
2014-09-11 16:05 - 2011-10-13 15:29 - 00249430 _____ () C:\Windows\DirectX.log
2014-09-11 10:40 - 2012-10-11 20:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-11 09:48 - 2012-10-25 12:38 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\Adobe
2014-09-10 23:59 - 2013-03-05 12:35 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\Spotify
2014-09-09 17:03 - 2012-10-11 20:55 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-09 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-09 17:02 - 2013-03-01 13:34 - 00000000 ____D () C:\Users\Hadrius\Documents\Telltale Games
2014-09-09 17:01 - 2013-05-02 14:36 - 00000000 ____D () C:\Games
2014-09-09 09:54 - 2013-03-05 12:35 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\Spotify
2014-09-09 08:52 - 2014-05-08 15:31 - 00000000 ____D () C:\Users\Hadrius\Desktop\FER
2014-09-07 15:08 - 2014-09-07 14:56 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-07 15:05 - 2013-01-12 17:49 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-07 15:04 - 2014-09-07 15:04 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-07 15:04 - 2014-08-14 20:21 - 00000000 ____D () C:\ProgramData\Origin
2014-09-07 15:03 - 2014-08-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-07 13:27 - 2012-10-20 11:38 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-09-07 13:27 - 2011-10-13 15:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 08:37 - 2013-09-03 16:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 08:37 - 2013-09-03 16:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-06 20:04 - 2013-09-03 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-06 00:21 - 2014-08-14 21:06 - 00000000 ____D () C:\Users\Hadrius\Documents\Electronic Arts
2014-09-06 00:18 - 2014-08-14 21:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-05 09:01 - 2014-09-05 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 09:01 - 2014-09-05 09:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 12:08 - 2014-09-03 12:08 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\BigHugeEngine
2014-09-03 12:08 - 2013-01-12 17:51 - 00000000 ____D () C:\Users\Hadrius\Documents\My Games
2014-09-03 12:07 - 2012-11-04 11:01 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-03 12:07 - 2012-11-04 11:01 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-03 11:58 - 2014-06-03 16:50 - 00000000 ____D () C:\Program Files (x86)\VictorVal
2014-09-03 11:56 - 2014-09-03 11:56 - 00000000 ____D () C:\Users\Hadrius\Documents\FLiNGTrainer
2014-09-03 10:24 - 2013-06-13 10:57 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\SKIDROW
2014-09-03 10:23 - 2014-09-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2014-09-03 10:02 - 2014-09-03 10:02 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-08-30 18:19 - 2014-05-08 15:29 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\PMB Files
2014-08-27 15:33 - 2014-05-08 15:29 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-25 12:19 - 2012-10-11 22:18 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\Skype
2014-08-25 11:18 - 2011-10-13 15:25 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 19:48 - 2014-08-24 19:48 - 00000000 ____D () C:\Users\Hadrius\Downloads\GnG - copia
2014-08-24 19:42 - 2014-07-01 08:24 - 00000000 ____D () C:\Program Files (x86)\m2tools CheeseWare
2014-08-24 19:42 - 2012-10-11 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-08-24 19:42 - 2012-10-11 20:35 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-08-24 19:38 - 2013-09-01 09:10 - 00000000 ____D () C:\Program Files (x86)\Pokemon Colosseum For PC
2014-08-24 12:04 - 2013-10-28 10:47 - 00000000 ____D () C:\Users\Hadrius\Desktop\Percy Jackson
2014-08-22 18:59 - 2014-06-30 11:48 - 00000000 ____D () C:\Users\Hadrius\Downloads\laura
2014-08-21 11:38 - 2014-04-16 11:38 - 00000000 ____D () C:\Users\Hadrius\Desktop\ROL
2014-08-19 09:53 - 2009-07-14 07:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 23:33 - 2014-09-03 09:54 - 2789435392 _____ () C:\Users\Hadrius\Desktop\sr-port2.iso
2014-08-15 09:51 - 2014-08-14 20:24 - 00000000 ____D () C:\Users\Hadrius\AppData\Roaming\Origin
2014-08-14 20:24 - 2014-08-14 20:24 - 00000000 ____D () C:\Users\Hadrius\AppData\Local\Origin
2014-08-14 20:20 - 2014-08-14 20:20 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\Hadrius\Downloads\OriginThinSetup.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 21:21
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 12 September 2014 - 05:11 AM

Hi,

is this problem gone after the following fix?


Please download this attached Attached File  fixlist.txt   151bytes   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 hadrius94

hadrius94
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 12 September 2014 - 05:29 AM

Problem solved. Thank you very much! 

Here's the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by Hadrius at 2014-09-12 12:20:58 Run:3
Running from C:\Users\Hadrius\Desktop\Nueva carpeta
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-3519969894-2540563843-1210846934-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 375.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 12 September 2014 - 05:34 AM

Ok. You're log looked good apart from this, so we're done.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 September 2014 - 02:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users