Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor.org


  • Please log in to reply
5 replies to this topic

#1 Ivantan85

Ivantan85

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 September 2014 - 05:43 AM

hi, i need help on removing this gameharbor from my computer.

Please help.

thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Ivan (administrator) on IVAN-PC on 20-09-2014 18:41:40
Running from C:\FRST
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe
() C:\Program Files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe
() C:\Program Files (x86)\MSI\CommandCenter\MSICommService.exe
() C:\Program Files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe
() C:\Program Files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
() C:\Program Files (x86)\MSI\CommandCenter\MSISaveLoadService.exe
() C:\Program Files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe
() C:\Program Files (x86)\MSI\CommandCenter\MSIWMIService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
() C:\MSI\Super RAID\SuperRAIDSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CommandCenter] => C:\Program Files (x86)\MSI\CommandCenter\StartCommandCenter.exe [785392 2013-04-18] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-18] (Microsoft Corporation)
HKU\S-1-5-21-1564979083-2025629697-1544375622-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1564979083-2025629697-1544375622-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1564979083-2025629697-1544375622-1000\...\MountPoints2: {67fc454d-042d-11e3-a8eb-606c668f0d49} - H:\setup.exe
HKU\S-1-5-21-1564979083-2025629697-1544375622-1001\...\MountPoints2: {f9f49211-04a6-11e3-8a48-806e6f6e6963} - F:\DVDSetup.exe
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/v/2/?guid={B361FFD6-C344-48BC-B80C-18BC24713816}&serpv=17
SearchScopes: HKCU - {5008B775-4D8D-4161-A97F-2BED5A9E38DE} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {BC7C8B1D-2BB2-44D6-B9BE-4D81C786B818} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10675
SearchScopes: HKCU - {E9885F9E-D8E0-4F56-8191-AED1F4DD3FA2} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: sony.com/MediaGoDetector -> D:\Sony MP3\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-28]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-13]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-13]
CHR Extension: (Google Sheets) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
R2 MSIBIOSData_CC; C:\Program Files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe [2055680 2013-04-18] (MSI) [File not signed]
R2 MSIClock_CC; C:\Program Files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe [304640 2013-04-18] () [File not signed]
R2 MSICOMM_CC; C:\Program Files (x86)\MSI\CommandCenter\MSICommService.exe [230912 2013-04-18] () [File not signed]
R2 MSICPU_CC; C:\Program Files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe [4097024 2013-04-18] () [File not signed]
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe [2237440 2013-04-18] () [File not signed]
R2 MSISaveLoad_CC; C:\Program Files (x86)\MSI\CommandCenter\MSISaveLoadService.exe [3957248 2013-04-18] () [File not signed]
R2 MSISMB_CC; C:\Program Files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe [176128 2013-04-18] () [File not signed]
S2 MSISuperIO_CC; C:\Program Files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exe [482816 2013-04-18] () [File not signed]
R2 MSIWMI_CC; C:\Program Files (x86)\MSI\CommandCenter\MSIWMIService.exe [181760 2013-04-18] () [File not signed]
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-10] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2013-04-11] () [File not signed]
R2 SuperRAIDSvc; C:\MSI\Super RAID\SuperRAIDSvc.exe [15872 2013-04-03] () [File not signed]
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-04-01] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S4 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-04-11] (Qualcomm Atheros, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-13] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-04-11] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_1; C:\MSI\Super RAID\NTIOLib_X64.sys [14136 2012-06-11] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-15] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-12-21] (Duplex Secure Ltd.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-09-20] ()
U3 aretka56; C:\Windows\System32\Drivers\aretka56.sys [0 ] (Asmedia Technology)
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
S3 NTIOLib_FastBoot; \??\C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 18:17 - 2014-09-20 18:17 - 00000000 ____D () C:\AdwCleaner
2014-09-20 18:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 18:14 - 2014-09-20 18:41 - 00000000 ____D () C:\FRST
2014-09-20 17:50 - 2014-09-20 18:36 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-09-20 17:27 - 2014-09-20 17:40 - 00000000 ____D () C:\Windows\pss
2014-09-20 17:18 - 2014-09-20 17:18 - 00001356 _____ () C:\Users\Ivan\Desktop\Fable Anniversary.lnk
2014-09-20 17:18 - 2014-09-20 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable Anniversary
2014-09-20 17:15 - 2014-09-20 17:18 - 00000000 ____D () C:\Program Files (x86)\Fable Anniversary
2014-09-17 07:24 - 2014-09-17 07:24 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-17 00:07 - 2014-09-17 00:08 - 39401336 _____ (Apple Inc.) C:\Users\Ivan\Downloads\QuickTimeInstaller.exe
2014-09-16 17:15 - 2014-08-20 02:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 17:15 - 2014-08-20 01:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-16 17:15 - 2014-08-19 07:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 17:15 - 2014-08-19 06:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 17:15 - 2014-08-19 06:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 17:15 - 2014-08-19 06:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-16 17:15 - 2014-08-19 06:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 17:15 - 2014-08-19 06:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 17:15 - 2014-08-19 06:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 17:15 - 2014-08-19 06:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 17:15 - 2014-08-19 06:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 17:15 - 2014-08-19 06:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 17:15 - 2014-08-19 06:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-16 17:15 - 2014-08-19 06:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 17:15 - 2014-08-19 06:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 17:15 - 2014-08-19 06:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 17:15 - 2014-08-19 06:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 17:15 - 2014-08-19 06:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 17:15 - 2014-08-19 06:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 17:15 - 2014-08-19 05:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-16 17:15 - 2014-08-19 05:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-16 17:15 - 2014-08-19 05:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 17:15 - 2014-08-19 05:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-16 17:15 - 2014-08-19 05:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 17:15 - 2014-08-19 05:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-16 17:15 - 2014-08-19 05:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-16 17:15 - 2014-08-19 05:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-16 17:15 - 2014-08-19 05:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-16 17:15 - 2014-08-19 05:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 17:15 - 2014-08-19 05:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 17:15 - 2014-08-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-16 17:15 - 2014-08-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-16 17:15 - 2014-08-19 05:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 17:15 - 2014-08-19 05:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-16 17:15 - 2014-08-19 05:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-16 17:15 - 2014-08-19 05:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-16 17:15 - 2014-08-19 05:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-16 17:15 - 2014-08-19 05:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 17:15 - 2014-08-19 05:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 17:15 - 2014-08-19 05:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 17:15 - 2014-08-19 05:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-16 17:15 - 2014-08-19 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-16 17:15 - 2014-08-19 05:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-16 17:15 - 2014-08-19 05:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-16 17:15 - 2014-08-19 05:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-16 17:15 - 2014-08-19 05:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 17:15 - 2014-08-19 05:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-16 17:15 - 2014-08-19 05:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 17:15 - 2014-08-19 05:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-16 17:15 - 2014-08-19 05:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-16 17:15 - 2014-08-19 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-16 17:15 - 2014-08-19 04:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 17:15 - 2014-08-19 04:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-16 17:15 - 2014-08-19 04:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-16 17:15 - 2014-08-19 04:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 17:15 - 2014-08-19 04:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-16 17:12 - 2014-06-27 10:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-16 17:12 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-16 13:33 - 2014-09-16 13:33 - 00091209 _____ () C:\Users\Ivan\Downloads\[kickass.to]fable.anniversary.codex.torrent
2014-09-16 13:17 - 2014-09-16 13:17 - 00030358 _____ () C:\Users\Ivan\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-09-16 12:07 - 2014-08-01 19:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-16 12:07 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-16 12:06 - 2014-09-05 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-16 12:06 - 2014-09-05 10:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-16 12:06 - 2014-07-07 10:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-16 12:06 - 2014-07-07 10:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-16 12:06 - 2014-07-07 09:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-16 12:06 - 2014-07-07 09:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-16 12:06 - 2014-07-07 09:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-16 12:06 - 2014-06-24 11:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 12:06 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-06 21:22 - 2014-09-06 21:22 - 00073461 _____ () C:\Users\Ivan\Downloads\[kickass.to]dead.rising.3.apocalypse.edition.2014.pc.repack.by.r.g.steamgames.torrent
2014-09-04 21:51 - 2014-09-04 21:51 - 00068188 _____ () C:\Users\Ivan\Downloads\54086e6bb7012javjunkies.torrent
2014-09-04 21:51 - 2014-09-04 21:51 - 00061749 _____ () C:\Users\Ivan\Downloads\54086e59c7e12javjunkies.torrent
2014-09-04 21:50 - 2014-09-04 21:50 - 00052827 _____ () C:\Users\Ivan\Downloads\54086e2218a1cjavjunkies.torrent
2014-09-04 21:31 - 2014-09-04 21:31 - 00061749 _____ () C:\Users\Ivan\Downloads\540869925c146javjunkies.torrent
2014-09-01 00:06 - 2014-09-01 00:06 - 00000000 ____D () C:\Users\Ivan\Documents\iTools
2014-09-01 00:04 - 2014-09-01 00:05 - 14353164 _____ () C:\Users\Ivan\Desktop\iTools and hack.zip
2014-08-31 22:23 - 2014-08-31 22:23 - 00012139 _____ () C:\Users\Ivan\Desktop\taiwan.xlsx
2014-08-29 00:25 - 2014-08-29 00:25 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\iFunBox.NXGen
2014-08-28 23:20 - 2014-08-28 23:26 - 00000000 ____D () C:\Users\Ivan\AppData\Local\pangu
2014-08-28 23:20 - 2014-08-28 23:20 - 35796928 _____ () C:\Users\Ivan\Downloads\Pangu_v1.2.1.exe
2014-08-28 23:17 - 2014-08-28 23:17 - 35838400 _____ () C:\Users\Ivan\Downloads\Pangu_v1.2.exe
2014-08-28 19:51 - 2014-08-23 10:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 19:51 - 2014-08-23 09:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 19:51 - 2014-08-23 08:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 23:37 - 2014-08-26 23:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-21 19:57 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 19:57 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 19:57 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 19:57 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 19:57 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 19:57 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 19:57 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 19:57 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 19:57 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 19:57 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 19:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 19:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 19:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 19:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 18:41 - 2014-09-20 18:14 - 00000000 ____D () C:\FRST
2014-09-20 18:41 - 2009-07-14 12:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 18:41 - 2009-07-14 12:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 18:39 - 2013-08-13 23:06 - 01069094 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:38 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 18:36 - 2014-09-20 17:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-09-20 18:36 - 2013-10-28 17:03 - 00245964 _____ () C:\Windows\PFRO.log
2014-09-20 18:36 - 2013-10-28 17:03 - 00099193 _____ () C:\Windows\setupact.log
2014-09-20 18:36 - 2013-09-28 20:29 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 18:36 - 2013-08-13 23:24 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-09-20 18:36 - 2013-08-13 23:18 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-09-20 18:36 - 2013-08-13 23:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 18:36 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 18:18 - 2014-04-21 17:18 - 00000000 ____D () C:\Users\Ivan\AppData\Local\AVG SafeGuard toolbar
2014-09-20 18:17 - 2014-09-20 18:17 - 00000000 ____D () C:\AdwCleaner
2014-09-20 18:16 - 2013-09-28 20:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 17:40 - 2014-09-20 17:27 - 00000000 ____D () C:\Windows\pss
2014-09-20 17:40 - 2013-08-13 23:34 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent
2014-09-20 17:24 - 2013-08-13 23:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-20 17:18 - 2014-09-20 17:18 - 00001356 _____ () C:\Users\Ivan\Desktop\Fable Anniversary.lnk
2014-09-20 17:18 - 2014-09-20 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable Anniversary
2014-09-20 17:18 - 2014-09-20 17:15 - 00000000 ____D () C:\Program Files (x86)\Fable Anniversary
2014-09-20 17:18 - 2013-08-26 23:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 16:58 - 2013-08-14 00:03 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\vlc
2014-09-20 15:58 - 2013-08-16 17:19 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CrashDumps
2014-09-17 07:24 - 2014-09-17 07:24 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-17 07:24 - 2013-11-16 11:34 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-09-17 00:08 - 2014-09-17 00:07 - 39401336 _____ (Apple Inc.) C:\Users\Ivan\Downloads\QuickTimeInstaller.exe
2014-09-16 17:15 - 2013-11-05 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 17:14 - 2013-08-26 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 17:14 - 2013-08-13 23:16 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-16 17:12 - 2014-05-07 00:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-16 17:12 - 2013-08-26 23:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 13:33 - 2014-09-16 13:33 - 00091209 _____ () C:\Users\Ivan\Downloads\[kickass.to]fable.anniversary.codex.torrent
2014-09-16 13:18 - 2013-09-11 23:18 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-16 13:18 - 2013-08-26 23:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-16 13:18 - 2013-08-26 23:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-16 13:18 - 2013-08-26 23:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-16 13:17 - 2014-09-16 13:17 - 00030358 _____ () C:\Users\Ivan\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-09-16 12:17 - 2013-09-28 20:29 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-07 22:50 - 2014-05-08 19:49 - 00000000 ____D () C:\Games
2014-09-07 20:46 - 2013-08-14 22:08 - 00000000 ____D () C:\Users\Ivan\Documents\My Games
2014-09-07 18:57 - 2013-12-21 19:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-06 21:22 - 2014-09-06 21:22 - 00073461 _____ () C:\Users\Ivan\Downloads\[kickass.to]dead.rising.3.apocalypse.edition.2014.pc.repack.by.r.g.steamgames.torrent
2014-09-06 15:01 - 2009-07-14 13:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 10:10 - 2014-09-16 12:06 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 10:05 - 2014-09-16 12:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 21:51 - 2014-09-04 21:51 - 00068188 _____ () C:\Users\Ivan\Downloads\54086e6bb7012javjunkies.torrent
2014-09-04 21:51 - 2014-09-04 21:51 - 00061749 _____ () C:\Users\Ivan\Downloads\54086e59c7e12javjunkies.torrent
2014-09-04 21:50 - 2014-09-04 21:50 - 00052827 _____ () C:\Users\Ivan\Downloads\54086e2218a1cjavjunkies.torrent
2014-09-04 21:31 - 2014-09-04 21:31 - 00061749 _____ () C:\Users\Ivan\Downloads\540869925c146javjunkies.torrent
2014-09-01 00:06 - 2014-09-01 00:06 - 00000000 ____D () C:\Users\Ivan\Documents\iTools
2014-09-01 00:05 - 2014-09-01 00:04 - 14353164 _____ () C:\Users\Ivan\Desktop\iTools and hack.zip
2014-08-31 22:25 - 2013-08-23 17:11 - 00000000 ____D () C:\Users\Ivan\Documents\DragonNest
2014-08-31 22:23 - 2014-08-31 22:23 - 00012139 _____ () C:\Users\Ivan\Desktop\taiwan.xlsx
2014-08-29 03:15 - 2009-07-14 12:45 - 00408800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 01:46 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 00:25 - 2014-08-29 00:25 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\iFunBox.NXGen
2014-08-28 23:26 - 2014-08-28 23:20 - 00000000 ____D () C:\Users\Ivan\AppData\Local\pangu
2014-08-28 23:20 - 2014-08-28 23:20 - 35796928 _____ () C:\Users\Ivan\Downloads\Pangu_v1.2.1.exe
2014-08-28 23:17 - 2014-08-28 23:17 - 35838400 _____ () C:\Users\Ivan\Downloads\Pangu_v1.2.exe
2014-08-26 23:37 - 2014-08-26 23:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 10:07 - 2014-08-28 19:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 09:45 - 2014-08-28 19:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 08:59 - 2014-08-28 19:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 
LastRegBack: 2014-09-07 15:16
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 20 September 2014 - 07:59 AM

Hello Ivantan85 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Not the addition.txt
Addition.txt is produced only the first time FRST is run. FRST saves its logs in this location:

C:\FRST\Logs\

See if Addition.txt is saved there. If yes, please attach it.
If not, run FRST again, when the console opens check Addition.txt box only, and click scan. It should produce the Addition.txt.

 

-------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

 

Are you still with us?

 

Sincerely   :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Ivantan85

Ivantan85
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 21 September 2014 - 09:34 AM

hi Yılmaz,

Thank you for your help.

 

 

the below is the addition.txt in the log folder.

 

 

 

 

with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33870 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4015 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Castlevania: Lords of Shadow 2 (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93Mg==_is1) (Version: 1 - )
CommandCenter (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.8 - MSI)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Direct OC (HKLM-x32\...\{E39DE1F0-0A95-4AE8-B9D7-37C5AF360D35}_is1) (Version: 1.0.0.3 - MSI)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.134.0000 - Shanda Games International)
Fable Anniversary (HKLM-x32\...\Fable Anniversary_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.117.09030 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.117.09030 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation)
MSI Intel Extreme Tuning Utility (x32 Version: 4.0.6.305 - Intel Corporation) Hidden
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.131.854 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Update 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
NWZ-W270 WALKMAN Guide (HKLM-x32\...\{095CE261-B919-4FB5-8520-EDCB89C937F4}) (Version: 2.2.0.11162 - Sony Corporation)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.574 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.574 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-08-2014 17:46:54 Scheduled Checkpoint
28-08-2014 19:00:10 Windows Update
07-09-2014 07:47:41 Scheduled Checkpoint
07-09-2014 11:23:13 Installed DirectX
16-09-2014 09:12:10 Windows Update
16-09-2014 23:24:38 Removed PlayStation®Store.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2013-08-22 21:27 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3D789C33-78C1-45B0-99C1-EDA8F5530543} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5454AC0B-21FA-4BA6-AEF3-4C7990C48422} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {65584169-DE58-49D3-ADA5-991E859E695F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-16] (Adobe Systems Incorporated)
Task: {7DCE4DC5-0414-4DF8-B6D3-87B2C01DE5C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: {7E72BC54-9454-4ABF-8F7E-DEE8036833E3} - System32\Tasks\{46FC2721-DB74-4592-AAE0-46704E6A51A8} => H:\Setup.exe [1999-12-12] (CODEX                                                       )
Task: {7FDBB048-1AD7-4FAC-A265-A05473C6875C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {A1612FCB-4787-4F44-9B21-7B4EE2DC49D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: {B2403D32-B704-4E7C-B730-C802CD4D7159} - System32\Tasks\{F2A53914-EF09-4443-8B53-6C38EBB71DD5} => H:\Setup.exe [1999-12-12] (CODEX                                                       )
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-27 23:12 - 2013-06-21 18:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-13 23:28 - 2013-04-18 19:12 - 00304640 _____ () C:\Program Files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe
2013-08-13 23:28 - 2013-04-18 20:10 - 00230912 _____ () C:\Program Files (x86)\MSI\CommandCenter\MSICommService.exe
2013-08-13 23:28 - 2013-04-18 19:12 - 04097024 _____ () C:\Program Files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe
2013-08-13 23:28 - 2013-04-18 19:14 - 02237440 _____ () C:\Program Files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe
2013-08-13 23:28 - 2013-04-18 19:11 - 03957248 _____ () C:\Program Files (x86)\MSI\CommandCenter\MSISaveLoadService.exe
2013-08-13 23:28 - 2013-04-18 19:12 - 00176128 _____ () C:\Program Files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe
2013-08-13 23:28 - 2013-04-18 19:13 - 00181760 _____ () C:\Program Files (x86)\MSI\CommandCenter\MSIWMIService.exe
2013-08-27 23:09 - 2013-07-27 16:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
2013-10-10 21:54 - 2013-10-10 21:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-04-11 11:54 - 2013-04-11 11:54 - 00490496 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 20:46 - 2011-05-09 20:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2013-08-13 23:28 - 2013-04-03 10:03 - 00015872 _____ () C:\MSI\Super RAID\SuperRAIDSvc.exe
2013-04-11 11:54 - 2013-04-11 11:54 - 00553984 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2013-04-11 11:54 - 2013-04-11 11:54 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-04-11 11:54 - 2013-04-11 11:54 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-13 23:28 - 2010-09-20 03:52 - 00094208 _____ () C:\Program Files (x86)\MSI\CommandCenter\ClockGen\IccLibDll.dll
2013-08-13 23:28 - 2013-03-13 13:33 - 01732608 _____ () C:\MSI\Super RAID\SuperRAIDExt.DLL
2014-09-16 12:17 - 2014-09-04 11:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-16 12:17 - 2014-09-04 11:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-16 12:17 - 2014-09-04 11:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-16 12:17 - 2014-09-04 11:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
2014-09-16 12:17 - 2014-09-04 11:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-16 12:17 - 2014-09-04 11:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2013-08-13 23:20 - 2013-03-13 04:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: DefaultTabSearch => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSCTsysTray.lnk => C:\Windows\pss\iSCTsysTray.lnk.CommonStartup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: MBCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/20/2014 06:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSISuperIOService.exe, version: 0.0.0.0, time stamp: 0x516fe612
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xb70
Faulting application start time: 0xMSISuperIOService.exe0
Faulting application path: MSISuperIOService.exe1
Faulting module path: MSISuperIOService.exe2
Report Id: MSISuperIOService.exe3
 
Error: (09/20/2014 06:36:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
 
Error: (09/20/2014 06:36:39 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (09/20/2014 06:29:27 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
 
Error: (09/20/2014 06:29:26 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
 
Error: (09/20/2014 06:29:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (09/20/2014 06:29:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (09/20/2014 06:36:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSISuperIO_CC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/20/2014 06:35:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/20/2014 06:35:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/20/2014 06:28:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/20/2014 06:26:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (09/20/2014 06:25:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/20/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/20/2014 05:56:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DefaultTabUpdate service failed to start due to the following error: 
%%2
 
Error: (09/20/2014 05:55:34 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (09/20/2014 05:54:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (09/20/2014 06:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSISuperIOService.exe0.0.0.0516fe612ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753b7001cfd4bec27cff48C:\Program Files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exeC:\Windows\SysWOW64\ntdll.dll0615dfc4-40b2-11e4-9e68-d43d7ebd8dbc
 
Error: (09/20/2014 06:36:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
 
Error: (09/20/2014 06:36:39 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name25900
 
Error: (09/20/2014 06:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name17900
 
Error: (09/20/2014 06:29:27 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
 
Error: (09/20/2014 06:29:26 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
 
Error: (09/20/2014 06:29:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900
 
Error: (09/20/2014 06:29:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name25900


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 21 September 2014 - 11:36 AM

Hi Ivantan85,

 

Thanks for the Logs.

 

-----------------------------------------------------------------
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

Please Uninstall:

vToolbarUpdater or AVG Secure Search

 

-----------------------------------------------------------------------------

 

Please do the following.

 

Step 1:

 

Ensure your external and/or USB drives are inserted during the scan
 
Run FRST fixlist
 
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
HKU\S-1-5-21-1564979083-2025629697-1544375622-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1564979083-2025629697-1544375622-1000\...\MountPoints2: {67fc454d-042d-11e3-a8eb-606c668f0d49} - H:\setup.exe
HKU\S-1-5-21-1564979083-2025629697-1544375622-1001\...\MountPoints2: {f9f49211-04a6-11e3-8a48-806e6f6e6963} - F:\DVDSetup.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/v/2/?guid={B361FFD6-C344-48BC-B80C-18BC24713816}&serpv=17
SearchScopes: HKCU - {5008B775-4D8D-4161-A97F-2BED5A9E38DE} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {BC7C8B1D-2BB2-44D6-B9BE-4D81C786B818} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10675
SearchScopes: HKCU - {E9885F9E-D8E0-4F56-8191-AED1F4DD3FA2} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
SearchScopes: HKCU - {FB291CE8-8415-4721-941C-909831D644A1} URL = http://search.us.com/serp?guid={B361FFD6-C344-48BC-B80C-18BC24713816}&action=default_search&serpv=5&k={searchTerms}
S4 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Task: {5454AC0B-21FA-4BA6-AEF3-4C7990C48422} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {7FDBB048-1AD7-4FAC-A265-A05473C6875C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services:\vToolbarUpdater18.1.9
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
S3 NTIOLib_FastBoot; \??\C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Ivan\AppData\Local\AVG SafeGuard toolbar
Emptytemp:
Hosts:
End

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Step 3:

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Windows\System32\Drivers\aretka56.sys

C:\Users\Ivan\Desktop\iTools and hack.zip
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Ivantan85

Ivantan85
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 23 September 2014 - 06:44 AM

Thank you very much.

 

seem like the adware is removed.

thanks!~

 

 

the attached is the logs

Attached Files



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 23 September 2014 - 10:37 AM

Hi,

 

Yes, we delete the virus. But, we must continue.

Did VirusTotal scans?

--------------------------------------------

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

Please download ZHPcleaner to your desktop.



  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.


  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

 


Edited by olgun52, 23 September 2014 - 10:43 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users