Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another one with the adware Extendedunlimited issue!


  • This topic is locked This topic is locked
4 replies to this topic

#1 forma

forma

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 12 September 2014 - 02:23 PM

Hello!

 

Sorry for my first post getting in the wrong section and thanks for a fast reply!

Few days ago i noticed that each time i boot my PC, chrome automatically starts and goes into this so called extendedunlimited site. Im using eset nod32 antivirus so the site is blocked most of the times, sometimes it does seem to go past it though.

 

I googled around and tried the AdwCleaner but it doesnt show up anything there.

Im not quite sure how to do do this to remove the annoying adware.

I scanned my PC for virus etc with nod32 but it doesnt show anything at all.

----

Now i have the logs from using Farbar Recovery Scan Tool:

 

----------------------FRST.txt----------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by TobiasLiu (administrator) on TOBIASLIU-PC on 12-09-2014 21:17:40
Running from C:\Users\TobiasLiu\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Google Inc.) C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4030008 2011-08-09] (ESET)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\...\Run: [Google Update] => C:\Users\TobiasLiu\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-23] (Google Inc.)
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\...\Run: [LOLReplay Recorder] => C:\Program Files (x86)\LOLReplay\LOLRecorder.exe [521216 2014-07-18] (LOL Replay)
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\...\MountPoints2: {c12450c5-8477-11e3-afa3-90e6ba35365a} - F:\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\TobiasLiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFAFA265C9918CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: e-kort Helper Class -> {9065E913-4F23-4B47-9B5D-B055D32DB1F3} -> C:\Program Files (x86)\ekort\EKortHelper.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - e-kort Toolbar - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\TobiasLiu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\TobiasLiu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [ekort@orbiscom] - C:\Program Files (x86)\ekort
FF Extension: e-kort for Firefox - C:\Program Files (x86)\ekort [2014-01-28]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> 659F092B52A0C25FC3889260E6EE1A7E6D141508F9E541A61A4B74549132907C
CHR DefaultSearchURL: Default -> D20F4766739AFE7D288A4BB310D3F8A08F7690993AB875C08566A3401CE0CDCB
CHR Profile: C:\Users\TobiasLiu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\TobiasLiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\TobiasLiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\TobiasLiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-08-09] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-24] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ALSysIO; \??\C:\Users\TOBIAS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GEMC001; \??\C:\GEMC001.sys [X]
S3 GEMC003; \??\C:\GEMC003.sys [X]
S3 GEMC005; \??\C:\GEMC005.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 21:17 - 2014-09-12 21:18 - 00013704 _____ () C:\Users\TobiasLiu\Desktop\FRST.txt
2014-09-12 21:16 - 2014-09-12 21:17 - 00000000 ____D () C:\FRST
2014-09-12 21:15 - 2014-09-12 21:15 - 02105856 _____ (Farbar) C:\Users\TobiasLiu\Desktop\FRST64.exe
2014-09-11 23:16 - 2014-09-11 23:16 - 00021526 _____ () C:\Users\TobiasLiu\Desktop\[BakaBT.178109v1] [FFF] Strike the Blood (720p).torrent
2014-09-11 17:31 - 2014-09-11 17:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 17:24 - 2014-09-11 17:24 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-11 17:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-11 17:20 - 2014-09-11 17:28 - 00000000 ____D () C:\AdwCleaner
2014-09-11 17:09 - 2014-09-12 14:07 - 00000168 _____ () C:\Windows\setupact.log
2014-09-11 17:09 - 2014-09-11 17:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 00:29 - 2014-09-08 00:29 - 00003040 _____ () C:\Windows\System32\Tasks\{51930AF0-6B2E-4F1B-9916-64437DA6CA5C}
2014-09-05 23:03 - 2014-09-07 23:10 - 00001119 _____ () C:\Users\TobiasLiu\Desktop\The.Sims.4.Launcher.exe - Shortcut.lnk
2014-09-05 23:02 - 2014-09-05 23:02 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-04 20:55 - 2014-09-04 20:55 - 00000000 ____D () C:\Users\TobiasLiu\Documents\Electronic Arts
2014-09-04 20:42 - 2014-09-04 20:42 - 00003252 _____ () C:\Windows\System32\Tasks\{BFD5A931-9C06-4D3D-9433-96D903EF2B73}
2014-09-04 20:42 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-04 20:31 - 2014-09-04 20:49 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Origin
2014-09-04 20:31 - 2014-09-04 20:49 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Origin
2014-09-04 20:30 - 2014-09-08 20:25 - 00000000 ____D () C:\ProgramData\Origin
2014-09-04 20:30 - 2014-09-04 20:54 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-04 20:30 - 2014-09-04 20:30 - 00000983 _____ () C:\Users\TobiasLiu\Desktop\Origin.lnk
2014-09-04 20:29 - 2014-09-08 20:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Adobe
2014-08-28 23:04 - 2014-08-28 23:04 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-28 12:44 - 2014-08-28 12:45 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-27 01:13 - 2014-08-27 01:13 - 00034421 _____ () C:\Users\TobiasLiu\Desktop\[BakaBT.11075v1] Argento Soma [A-L].torrent
2014-08-27 00:45 - 2014-08-27 00:45 - 00000000 ____D () C:\Users\TobiasLiu\Desktop\Magister
2014-08-26 18:34 - 2014-08-26 19:24 - 00000000 ____D () C:\Users\TobiasLiu\Documents\StarCraft II
2014-08-26 18:34 - 2014-08-26 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-26 18:33 - 2014-08-27 01:07 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Battle.net
2014-08-26 18:33 - 2014-08-26 18:36 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-26 18:33 - 2014-08-26 18:34 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Battle.net
2014-08-26 18:33 - 2014-08-26 18:33 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Blizzard Entertainment
2014-08-26 18:33 - 2014-08-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-26 18:32 - 2014-08-26 18:32 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-25 23:12 - 2014-08-25 23:12 - 00114390 _____ () C:\Users\TobiasLiu\Desktop\[kickass.to]captain.america.the.winter.soldier.2014.720p.bluray.x264.sparks.torrent
2014-08-25 23:12 - 2014-08-25 23:12 - 00025743 _____ () C:\Users\TobiasLiu\Desktop\[kickass.to]transcendence.2014.bluray.720p.dts.x264.mgb.etrg.torrent
2014-08-21 18:30 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 18:30 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 18:30 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 18:30 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 18:29 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 18:29 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 18:29 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 18:29 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 18:29 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 18:29 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 18:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 18:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 18:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 18:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 21:18 - 2014-09-12 21:17 - 00013704 _____ () C:\Users\TobiasLiu\Desktop\FRST.txt
2014-09-12 21:17 - 2014-09-12 21:16 - 00000000 ____D () C:\FRST
2014-09-12 21:15 - 2014-09-12 21:15 - 02105856 _____ (Farbar) C:\Users\TobiasLiu\Desktop\FRST64.exe
2014-09-12 21:15 - 2014-01-23 23:51 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Skype
2014-09-12 20:41 - 2014-01-23 04:03 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001UA.job
2014-09-12 18:41 - 2014-01-23 04:03 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001Core.job
2014-09-12 14:14 - 2009-07-14 06:45 - 00013648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 14:14 - 2009-07-14 06:45 - 00013648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 14:13 - 2009-07-14 07:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 14:07 - 2014-09-11 17:09 - 00000168 _____ () C:\Windows\setupact.log
2014-09-12 14:07 - 2014-01-26 19:51 - 00000000 ___RD () C:\Users\TobiasLiu\Dropbox
2014-09-12 14:07 - 2014-01-26 19:50 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Dropbox
2014-09-12 14:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 03:12 - 2014-07-31 14:12 - 01709883 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 23:16 - 2014-09-11 23:16 - 00021526 _____ () C:\Users\TobiasLiu\Desktop\[BakaBT.178109v1] [FFF] Strike the Blood (720p).torrent
2014-09-11 23:12 - 2014-01-23 23:56 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\uTorrent
2014-09-11 17:31 - 2014-09-11 17:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 17:28 - 2014-09-11 17:20 - 00000000 ____D () C:\AdwCleaner
2014-09-11 17:24 - 2014-09-11 17:24 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-11 17:09 - 2014-09-11 17:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-11 03:23 - 2014-01-24 00:00 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Winamp
2014-09-11 02:03 - 2014-01-23 23:32 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-08 20:25 - 2014-09-04 20:30 - 00000000 ____D () C:\ProgramData\Origin
2014-09-08 20:22 - 2014-09-04 20:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-08 00:29 - 2014-09-08 00:29 - 00003040 _____ () C:\Windows\System32\Tasks\{51930AF0-6B2E-4F1B-9916-64437DA6CA5C}
2014-09-07 23:10 - 2014-09-05 23:03 - 00001119 _____ () C:\Users\TobiasLiu\Desktop\The.Sims.4.Launcher.exe - Shortcut.lnk
2014-09-05 23:02 - 2014-09-05 23:02 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-05 23:00 - 2014-01-23 23:42 - 00000000 ____D () C:\Spel
2014-09-04 20:55 - 2014-09-04 20:55 - 00000000 ____D () C:\Users\TobiasLiu\Documents\Electronic Arts
2014-09-04 20:54 - 2014-09-04 20:30 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-04 20:49 - 2014-09-04 20:31 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Origin
2014-09-04 20:49 - 2014-09-04 20:31 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Origin
2014-09-04 20:43 - 2014-01-24 01:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 20:42 - 2014-09-04 20:42 - 00003252 _____ () C:\Windows\System32\Tasks\{BFD5A931-9C06-4D3D-9433-96D903EF2B73}
2014-09-04 20:30 - 2014-09-04 20:30 - 00000983 _____ () C:\Users\TobiasLiu\Desktop\Origin.lnk
2014-09-03 18:24 - 2014-09-04 20:42 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-02 14:54 - 2014-04-05 01:40 - 00003332 _____ () C:\Windows\System32\Tasks\BaronReplays
2014-08-30 14:50 - 2012-10-03 11:04 - 00003067 _____ () C:\Users\TobiasLiu\Desktop\Castilla Ruins Merchant.txt
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Adobe
2014-08-28 23:05 - 2014-01-24 02:16 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-28 23:04 - 2014-08-28 23:04 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-28 12:45 - 2014-08-28 12:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-28 12:44 - 2014-01-24 02:16 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-28 12:44 - 2014-01-24 02:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 16:23 - 2014-05-17 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-27 16:22 - 2014-08-04 20:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-27 16:22 - 2014-05-17 21:49 - 00000000 ____D () C:\Program Files\Java
2014-08-27 16:21 - 2014-08-04 20:36 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-27 16:21 - 2014-08-04 20:36 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-27 16:21 - 2014-08-04 20:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-27 01:13 - 2014-08-27 01:13 - 00034421 _____ () C:\Users\TobiasLiu\Desktop\[BakaBT.11075v1] Argento Soma [A-L].torrent
2014-08-27 01:09 - 2014-04-04 22:18 - 00000000 ____D () C:\Privat
2014-08-27 01:07 - 2014-08-26 18:33 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Battle.net
2014-08-27 00:45 - 2014-08-27 00:45 - 00000000 ____D () C:\Users\TobiasLiu\Desktop\Magister
2014-08-26 19:24 - 2014-08-26 18:34 - 00000000 ____D () C:\Users\TobiasLiu\Documents\StarCraft II
2014-08-26 18:36 - 2014-08-26 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-26 18:36 - 2014-08-26 18:33 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-26 18:34 - 2014-08-26 18:33 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Battle.net
2014-08-26 18:33 - 2014-08-26 18:33 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Local\Blizzard Entertainment
2014-08-26 18:33 - 2014-08-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-26 18:32 - 2014-08-26 18:32 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-26 00:16 - 2014-03-19 03:43 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-08-25 23:12 - 2014-08-25 23:12 - 00114390 _____ () C:\Users\TobiasLiu\Desktop\[kickass.to]captain.america.the.winter.soldier.2014.720p.bluray.x264.sparks.torrent
2014-08-25 23:12 - 2014-08-25 23:12 - 00025743 _____ () C:\Users\TobiasLiu\Desktop\[kickass.to]transcendence.2014.bluray.720p.dts.x264.mgb.etrg.torrent
2014-08-25 17:30 - 2014-02-17 21:12 - 00000000 ____D () C:\Program Files (x86)\epson
2014-08-23 16:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 23:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-14 11:35 - 2014-01-26 19:50 - 00000000 ____D () C:\Users\TobiasLiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\TobiasLiu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqqamgc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-07 18:17
 
==================== End Of Log ============================
 
 
 
 
 
 
 
----------Addition.txt------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by TobiasLiu at 2014-09-12 21:18:29
Running from C:\Users\TobiasLiu\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version:  - WEBZEN)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 6.0.4 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
e-kort (HKLM-x32\...\{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}) (Version: 3.16.8.0 - FöreningsSparbanken)
e-kort (x32 Version: 1.1.0.0 - FöreningsSparbanken) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
ESET NOD32 Antivirus (HKLM\...\{6FB650FD-E94A-47A3-A36C-81DD824194FC}) (Version: 5.0.93.0 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lineage® II: Freya (High Five) (HKLM-x32\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Finnish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Swedish) 2007 (x32 Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Swedish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{C41E95C7-9CD7-40E6-94E3-8FF347FD01F7}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3400 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3708179440-3197760067-2461962224-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
10-09-2014 16:43:15 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3088EC37-ADA1-448B-BA2D-0CD73CDF05A2} - System32\Tasks\{51930AF0-6B2E-4F1B-9916-64437DA6CA5C} => C:\Spel\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\The.Sims.4.Launcher.exe [2014-09-01] ()
Task: {7A1BBB58-D344-449A-9ED7-82558DEE0E5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001Core => C:\Users\TobiasLiu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {91ADB3C0-05B9-4D55-81B3-5304A3CEE1B7} - System32\Tasks\BaronReplays => C:\Spel\Riot
Task: {BA38100D-EB96-4428-AA0F-A35916DFF6D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E7BFBC82-0A6D-4CCD-9A0E-42EA9E0024DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001UA => C:\Users\TobiasLiu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001Core.job => C:\Users\TobiasLiu\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708179440-3197760067-2461962224-1001UA.job => C:\Users\TobiasLiu\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-01-23 23:31 - 2008-06-20 01:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-07-18 10:29 - 2014-07-18 10:29 - 00420352 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2013-09-06 18:12 - 2013-09-06 18:12 - 00040448 _____ () C:\Program Files (x86)\LOLReplay\Compression.dll
2014-09-12 14:07 - 2014-09-12 14:07 - 00043008 _____ () c:\Users\TobiasLiu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqqamgc.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\TobiasLiu\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-11 22:45 - 2014-09-04 05:01 - 01098056 _____ () C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 22:45 - 2014-09-04 05:01 - 00174408 _____ () C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 22:45 - 2014-09-04 05:01 - 08577864 _____ () C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 22:45 - 2014-09-04 05:01 - 00331592 _____ () C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 22:45 - 2014-09-04 05:01 - 01660232 _____ () C:\Users\TobiasLiu\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2014 05:19:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/12/2014 03:12:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (09/11/2014 05:32:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:32:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:32:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:32:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:31:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:31:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 05:30:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/11/2014 03:23:55 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
 
System errors:
=============
Error: (09/12/2014 02:08:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (09/12/2014 02:08:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (09/12/2014 02:08:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (09/12/2014 02:08:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (09/12/2014 02:08:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (09/12/2014 02:08:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (09/12/2014 02:07:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (09/12/2014 02:07:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (09/12/2014 02:07:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (09/12/2014 03:12:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1090T Processor
Percentage of memory in use: 52%
Total physical RAM: 5119.18 MB
Available physical RAM: 2431.02 MB
Total Pagefile: 10236.53 MB
Available Pagefile: 7208.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:52.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 47EF47EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Thanks in advance!

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 PM

Posted 13 September 2014 - 07:22 AM

Hi,

try this fix:


Please download this attached Attached File  fixlist.txt   151bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 forma

forma
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 September 2014 - 02:20 PM

Hello, thanks for the fast help!

 

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by TobiasLiu at 2014-09-13 21:15:36 Run:1
Running from C:\Users\TobiasLiu\Desktop\New folder (2)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-3708179440-3197760067-2461962224-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 745.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Now after the reboot it seems to have fixed the problem, no Extendedunlimited site started!
Thanks a lot for the help! Feels good having the adware removed :)
Really appreciate it!


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 PM

Posted 13 September 2014 - 02:38 PM

You're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 PM

Posted 19 September 2014 - 03:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users