Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got gameharbor.org pls help


  • This topic is locked This topic is locked
16 replies to this topic

#1 HelpI'mOnFire

HelpI'mOnFire

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 September 2014 - 08:23 AM

Hello.
My brother installed the Sims 4 from untrusted site / without considering me /. And since then every time i start my computer it show the cmd window don't do anything and computer log to gameharbor.org using chrome. My system is windows 8.1 enterprise x64. I have try to get rid of this thing for the past 3 days nothing helps i used PCcleaner Malwarebytes windows defender i even try to roll back my system several time no result however every time i try to roll back the system i get error / everytime diffrent / that say system restor faild pls help.

 PS : I forgot to mention since i use tunngle for some games and my internet conection is Wi-Fi sometimes i need to port forawd my ip and since it cange once every 1-2 mounts i go and change the ip for the port but today i even couldn't conect to my router basic setup i enter the defaultgetway form Intrnet Explorer Mozila and Chorme they all say we can't conect to page 192.********

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by PAVEL-PC (administrator) on PAVEL on 20-09-2014 19:53:08
Running from C:\Users\PAVEL-PC\Desktop
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Enigma Software Group USA, LLC.) C:\Config.Msi\4e7141.rbf
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(BitTorrent Inc.) C:\Users\PAVEL-PC\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Gretech Corp.) E:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [uTorrent] => C:\Users\PAVEL-PC\AppData\Roaming\uTorrent\uTorrent.exe [1418832 2014-09-13] (BitTorrent Inc.)
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\MountPoints2: {5da0eb41-b36b-11e3-8259-002618e46562} - "G:\setup.exe" 
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\MountPoints2: {9abda8e1-07a9-11e4-82b0-002618e46562} - "D:\setup.exe" 
ShellIconOverlayIdentifiers: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D0B6B5DA654CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 93.152.128.1 93.152.160.5 93.152.178.254
 
FireFox:
========
FF ProfilePath: C:\Users\PAVEL-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xsagclal.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
CHR Extension: (YouTube) - C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-22]
CHR Extension: (Google Търсене) - C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-22]
CHR Extension: (Google Wallet) - C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (Gmail) - C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-09-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-06] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 gupdate; No ImagePath
S3 gupdatem; No ImagePath
S2 HPSLPSVC; C:\Users\PAVEL-PC\AppData\Local\Temp\7zS18C6\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AE1000; C:\Windows\system32\DRIVERS\ae1000w7.sys [1101600 2010-06-11] (Ralink Technology Corp.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-07-10] (DT Soft Ltd)
S3 GGSAFERDriver; No ImagePath
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 19:53 - 2014-09-20 19:53 - 00016914 _____ () C:\Users\PAVEL-PC\Desktop\FRST.txt
2014-09-20 19:50 - 2014-09-20 19:50 - 02105856 _____ (Farbar) C:\Users\PAVEL-PC\Desktop\FRST64.exe
2014-09-20 17:56 - 2014-09-20 19:52 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-20 17:56 - 2014-09-20 17:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-20 17:56 - 2014-09-20 17:56 - 00000000 _____ () C:\autoexec.bat
2014-09-20 17:55 - 2014-09-20 17:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\PAVEL-PC\Downloads\SpyHunter-Installer.exe
2014-09-20 17:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 17:42 - 2014-09-20 17:45 - 00000000 ____D () C:\AdwCleaner
2014-09-20 17:42 - 2014-09-20 17:42 - 01373475 _____ () C:\Users\PAVEL-PC\Downloads\adwcleaner_3.310.exe
2014-09-20 16:43 - 2014-09-20 16:43 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Downloads\dds (1).com
2014-09-20 16:43 - 2014-09-20 16:43 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Desktop\dds.scr
2014-09-20 16:36 - 2014-09-20 16:36 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Downloads\dds.com
2014-09-20 16:34 - 2014-09-20 16:34 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Desktop\dds.com
2014-09-20 15:57 - 2014-09-20 19:53 - 00000000 ____D () C:\FRST
2014-09-20 15:45 - 2014-09-20 15:34 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-20 15:36 - 2014-09-20 15:26 - 00029373 _____ () C:\zoek-results2014-09-20-122644.log
2014-09-20 15:12 - 2014-09-20 15:48 - 00004798 _____ () C:\zoek-results.log
2014-09-20 15:10 - 2014-09-20 15:26 - 00000000 ____D () C:\zoek_backup
2014-09-20 15:10 - 2014-09-20 15:10 - 01290752 _____ () C:\Users\PAVEL-PC\Downloads\zoek.exe
2014-09-20 01:34 - 2014-09-20 01:34 - 00016859 _____ () C:\Users\PAVEL-PC\Downloads\Five Mini Comics vol.1 [XXX Comics][JPG].torrent
2014-09-20 01:24 - 2014-09-20 01:24 - 00019554 _____ () C:\Users\PAVEL-PC\Downloads\Hot Blondes 2 [XXX Comics][JPG].torrent
2014-09-20 01:23 - 2014-09-20 01:23 - 00014108 _____ () C:\Users\PAVEL-PC\Downloads\xBen Ten-Four Series [XXX Comics][JPG].torrent
2014-09-20 01:17 - 2014-09-20 01:17 - 00016460 _____ () C:\Users\PAVEL-PC\Downloads\Hard Lessons [XXX Comics][JPG].torrent
2014-09-20 01:16 - 2014-09-20 01:16 - 00004457 _____ () C:\Users\PAVEL-PC\Downloads\%5BMilftoon%5D For Tracy %5BBG%5D.torrent
2014-09-20 01:12 - 2014-09-20 01:13 - 00021622 _____ () C:\Users\PAVEL-PC\Downloads\Five Mini Comics vol.3 [XXX Comics][JPG].torrent
2014-09-20 01:09 - 2014-09-20 01:09 - 00015614 _____ () C:\Users\PAVEL-PC\Downloads\xXx.State.of.the.Union.2005.480p.BRRip.XviD.AC3-LDK.torrent
2014-09-20 01:04 - 2014-09-20 01:04 - 00017054 _____ () C:\Users\PAVEL-PC\Downloads\22 Jump Street 2014 TS Xvid Ac3 5.1-MiLLENiUM.torrent
2014-09-20 01:01 - 2014-09-20 01:01 - 00013936 _____ () C:\Users\PAVEL-PC\Downloads\22 Jump Street (2014) TS PROPER.torrent
2014-09-19 15:01 - 2014-09-19 15:01 - 00000761 _____ () C:\Users\PAVEL-PC\Desktop\Coop-Land.ru.lnk
2014-09-19 14:58 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader (1).exe
2014-09-19 14:57 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader.exe
2014-09-19 14:28 - 2014-09-19 14:28 - 00020682 _____ () C:\Users\PAVEL-PC\Downloads\[kickass.to]speedrunners.by.tinybuild.doubledutch.torrent
2014-09-19 13:00 - 2014-09-19 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
2014-09-19 12:55 - 2014-09-19 12:56 - 00024574 _____ () C:\Users\PAVEL-PC\Downloads\[kickass.to]speedrunners.r30.repack.torrent
2014-09-18 22:47 - 2014-09-18 22:47 - 00015048 _____ () C:\Users\PAVEL-PC\Downloads\How.to.Train.Your.Dragon.2.2014.WEBRip.x264.AAC-WAR.torrent
2014-09-18 18:46 - 2014-09-18 18:46 - 00586251 _____ () C:\Users\PAVEL-PC\Documents\2-Axis,8-Button.xpaddercontroller
2014-09-18 18:46 - 2014-09-18 18:46 - 00000329 _____ () C:\Users\PAVEL-PC\Documents\speed runer 2.xpadderprofile
2014-09-18 18:27 - 2014-09-18 18:27 - 00393270 _____ () C:\Users\PAVEL-PC\Downloads\230112191001_SPEED-LINK_Strike_FX__PlayStation_PC_.Tilo_B.Germany.bmp
2014-09-18 18:27 - 2014-09-18 18:27 - 00393270 _____ () C:\Users\PAVEL-PC\Downloads\230112191001_SPEED-LINK_Strike_FX__PlayStation_PC_.Tilo_B.Germany (1).bmp
2014-09-18 18:17 - 2014-09-18 18:46 - 00000399 _____ () C:\Users\PAVEL-PC\Documents\Speed runer 1.xpadderprofile
2014-09-18 17:44 - 2014-09-18 17:44 - 00015359 _____ () C:\Users\PAVEL-PC\Downloads\SpeedRunners - M3K1998.torrent
2014-09-18 17:36 - 2014-09-18 17:36 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\SavedGames
2014-09-18 17:36 - 2014-09-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-18 14:00 - 2014-09-18 14:00 - 00024405 _____ () C:\Users\PAVEL-PC\Downloads\VA - Retro  Best Hits ( My collection ).torrent
2014-09-18 13:58 - 2014-09-18 13:58 - 00017506 _____ () C:\Users\PAVEL-PC\Downloads\Modern Talking - Collection [Vinyl Rip] (1985-1987) - SMG.torrent
2014-09-18 00:05 - 2014-09-18 00:05 - 00052320 _____ () C:\Users\PAVEL-PC\Downloads\Zanna.torrent
2014-09-18 00:05 - 2014-09-18 00:05 - 00011918 _____ () C:\Users\PAVEL-PC\Downloads\PornStarsLikeItBig - Georgie Lyall & Jasmine Webb.torrent
2014-09-17 23:55 - 2014-09-17 23:55 - 00010552 _____ () C:\Users\PAVEL-PC\Downloads\Public Sex Adventures-Eva Berder (17.09.2014 г Real Hot Facial For a Horny School Teacher).torrent
2014-09-17 23:53 - 2014-09-17 23:53 - 00028803 _____ () C:\Users\PAVEL-PC\Downloads\Christie Lee - Naughty Bookworms.torrent
2014-09-17 20:17 - 2014-09-17 20:17 - 00010717 _____ () C:\Users\PAVEL-PC\Downloads\The Purge 2 Anarchy 2014 READNFO HDRip XviD-HELLRAZ0R.torrent
2014-09-17 18:12 - 2014-09-17 18:12 - 00040226 _____ () C:\Users\PAVEL-PC\Downloads\Greek.Season.01.HDTV.and.DSR.XviD-Zamunda.NET.torrent
2014-09-17 15:33 - 2014-09-17 15:33 - 00014597 _____ () C:\Users\PAVEL-PC\Downloads\Premature.WEBRip.x265.AC3-WAR.torrent
2014-09-16 14:04 - 2014-09-16 14:04 - 00013549 _____ () C:\Users\PAVEL-PC\Downloads\18 Years Old - Smoking Hot 18yo April.torrent
2014-09-16 13:56 - 2014-09-16 13:56 - 00012113 _____ () C:\Users\PAVEL-PC\Downloads\BigTitsAtSchool - Anya Ivy.torrent
2014-09-16 02:19 - 2014-09-16 02:19 - 00041828 _____ () C:\Users\PAVEL-PC\Downloads\House.S07.HDTV.XviD-ZmN.torrent
2014-09-16 02:13 - 2014-09-16 02:13 - 00000756 _____ () C:\Users\PAVEL-PC\Desktop\Xpadder - Shortcut.lnk
2014-09-15 21:42 - 2014-09-15 21:42 - 01930037 _____ () C:\Users\PAVEL-PC\Downloads\TalentTree50v1.0.0.jar
2014-09-15 01:50 - 2014-09-15 01:51 - 00000000 ____D () C:\Program Files (x86)\OSCAR Editor X7
2014-09-15 01:50 - 2014-09-15 01:50 - 00002771 _____ () C:\Users\Public\Desktop\X7 Oscar Editor.lnk
2014-09-15 01:50 - 2014-09-15 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4TECH Software
2014-09-15 01:50 - 2014-09-15 01:50 - 00000000 ____D () C:\Program Files (x86)\OscarEditor
2014-09-15 01:41 - 2014-09-15 01:49 - 26144260 _____ () C:\Users\PAVEL-PC\Downloads\7Key_V12.03V20.zip
2014-09-15 01:29 - 2014-09-15 01:31 - 23721443 _____ () C:\Users\PAVEL-PC\Downloads\7key_5mode_v12.03v20.zip
2014-09-15 01:04 - 2014-09-15 01:42 - 00000000 ____D () C:\Program Files (x86)\OscarX7Editor5Mode
2014-09-15 00:57 - 2014-09-15 01:01 - 23721443 _____ () C:\Users\PAVEL-PC\Downloads\7Key,5Mode_V12.03V20.zip
2014-09-13 15:47 - 2014-09-13 15:47 - 00001603 _____ () C:\Users\PAVEL-PC\Desktop\Raiderz Launcher - Shortcut.lnk
2014-09-13 02:34 - 2014-09-13 02:34 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Steam
2014-09-13 02:30 - 2014-09-13 02:30 - 00000953 _____ () C:\Users\PAVEL-PC\Desktop\Fable Anniversary.lnk
2014-09-13 02:30 - 2014-09-13 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable Anniversary
2014-09-13 02:04 - 2014-09-13 02:04 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\Raiderz
2014-09-13 02:04 - 2013-11-06 01:11 - 04797064 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2014-09-13 02:03 - 2005-01-04 12:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2014-09-13 02:03 - 2003-07-20 21:17 - 00005174 _____ () C:\Windows\SysWOW64\nppt9x.vxd
2014-09-13 02:02 - 2014-09-13 02:02 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-09-13 00:46 - 2014-09-13 00:46 - 00000189 _____ () C:\Users\PAVEL-PC\Desktop\RaiderZ.url
2014-09-11 03:40 - 2014-09-11 03:40 - 00001020 _____ () C:\Users\PAVEL-PC\Documents\Gom.xpadderprofile
2014-09-11 03:37 - 2014-09-18 18:22 - 00514669 _____ () C:\Users\PAVEL-PC\Documents\GA-02 gamepad.xpaddercontroller
2014-09-08 13:39 - 2014-09-08 13:39 - 00000933 _____ () C:\Users\PAVEL-PC\Desktop\The.Sims.4.Launcher - Shortcut.lnk
2014-09-05 21:33 - 2014-09-05 21:33 - 00000222 _____ () C:\Users\PAVEL-PC\Desktop\Path of Exile.url
2014-09-03 23:07 - 2014-09-03 19:44 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-03 21:57 - 2014-09-15 01:18 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Local\Origin
2014-09-03 21:57 - 2014-09-04 19:50 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Origin
2014-09-03 21:52 - 2014-09-15 01:18 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-02 16:20 - 2014-09-15 01:18 - 00000000 ____D () C:\ProgramData\Origin
2014-08-26 12:11 - 2014-08-26 12:11 - 00000000 _____ () C:\Users\PAVEL-PC\Desktop\New Text Document (2).txt
2014-08-25 02:13 - 2014-08-25 02:13 - 00000000 _____ () C:\Users\PAVEL-PC\Desktop\New Text Document.txt
2014-08-25 01:14 - 2014-08-25 14:24 - 00000303 _____ () C:\Users\PAVEL-PC\Desktop\PoE Trade.ahk
2014-08-24 01:35 - 2014-08-25 01:07 - 00004203 _____ () C:\Users\PAVEL-PC\Desktop\Trade spam.au3
2014-08-24 01:35 - 2014-08-24 01:45 - 00003643 _____ () C:\Users\PAVEL-PC\Desktop\Tradespam.au3.txt
2014-08-21 02:39 - 2014-08-21 02:39 - 00806272 _____ () C:\Windows\Minidump\082114-21906-01.dmp
2014-08-21 00:09 - 2014-08-21 00:10 - 00000113 _____ () C:\Users\PAVEL-PC\Desktop\build.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 19:53 - 2014-09-20 19:53 - 00016914 _____ () C:\Users\PAVEL-PC\Desktop\FRST.txt
2014-09-20 19:53 - 2014-09-20 15:57 - 00000000 ____D () C:\FRST
2014-09-20 19:53 - 2014-03-24 18:16 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\uTorrent
2014-09-20 19:52 - 2014-09-20 17:56 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-20 19:50 - 2014-09-20 19:50 - 02105856 _____ (Farbar) C:\Users\PAVEL-PC\Desktop\FRST64.exe
2014-09-20 19:47 - 2014-08-04 22:04 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\ClassicShell
2014-09-20 19:45 - 2014-07-16 18:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 19:29 - 2014-03-24 18:24 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Skype
2014-09-20 19:02 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-20 19:01 - 2014-04-22 23:48 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 18:41 - 2014-03-24 15:05 - 01210406 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:32 - 2014-03-24 15:03 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2594426300-334832196-3810896462-1001
2014-09-20 18:31 - 2014-03-24 19:31 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Local\Adobe
2014-09-20 18:27 - 2014-04-22 23:48 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 18:27 - 2014-03-24 15:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 18:27 - 2014-03-24 14:57 - 00000000 ____D () C:\Users\PAVEL-PC
2014-09-20 18:27 - 2013-08-22 17:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 17:56 - 2014-09-20 17:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-20 17:56 - 2014-09-20 17:56 - 00000000 _____ () C:\autoexec.bat
2014-09-20 17:55 - 2014-09-20 17:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\PAVEL-PC\Downloads\SpyHunter-Installer.exe
2014-09-20 17:46 - 2013-09-30 07:02 - 00272690 _____ () C:\Windows\PFRO.log
2014-09-20 17:45 - 2014-09-20 17:42 - 00000000 ____D () C:\AdwCleaner
2014-09-20 17:44 - 2014-04-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 17:44 - 2014-03-24 18:14 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-20 17:44 - 2014-03-24 14:57 - 00001007 _____ () C:\Users\PAVEL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-20 17:42 - 2014-09-20 17:42 - 01373475 _____ () C:\Users\PAVEL-PC\Downloads\adwcleaner_3.310.exe
2014-09-20 16:43 - 2014-09-20 16:43 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Downloads\dds (1).com
2014-09-20 16:43 - 2014-09-20 16:43 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Desktop\dds.scr
2014-09-20 16:36 - 2014-09-20 16:36 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Downloads\dds.com
2014-09-20 16:34 - 2014-09-20 16:34 - 00688992 _____ (Swearware) C:\Users\PAVEL-PC\Desktop\dds.com
2014-09-20 15:56 - 2014-07-27 20:26 - 00000000 ____D () C:\ProgramData\Tunngle
2014-09-20 15:56 - 2014-03-24 19:26 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Tunngle
2014-09-20 15:48 - 2014-09-20 15:12 - 00004798 _____ () C:\zoek-results.log
2014-09-20 15:34 - 2014-09-20 15:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-20 15:26 - 2014-09-20 15:36 - 00029373 _____ () C:\zoek-results2014-09-20-122644.log
2014-09-20 15:26 - 2014-09-20 15:10 - 00000000 ____D () C:\zoek_backup
2014-09-20 15:23 - 2014-04-22 23:49 - 00002212 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-20 15:23 - 2014-03-24 18:14 - 00001061 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-20 15:10 - 2014-09-20 15:10 - 01290752 _____ () C:\Users\PAVEL-PC\Downloads\zoek.exe
2014-09-20 15:04 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-20 01:34 - 2014-09-20 01:34 - 00016859 _____ () C:\Users\PAVEL-PC\Downloads\Five Mini Comics vol.1 [XXX Comics][JPG].torrent
2014-09-20 01:24 - 2014-09-20 01:24 - 00019554 _____ () C:\Users\PAVEL-PC\Downloads\Hot Blondes 2 [XXX Comics][JPG].torrent
2014-09-20 01:23 - 2014-09-20 01:23 - 00014108 _____ () C:\Users\PAVEL-PC\Downloads\xBen Ten-Four Series [XXX Comics][JPG].torrent
2014-09-20 01:17 - 2014-09-20 01:17 - 00016460 _____ () C:\Users\PAVEL-PC\Downloads\Hard Lessons [XXX Comics][JPG].torrent
2014-09-20 01:16 - 2014-09-20 01:16 - 00004457 _____ () C:\Users\PAVEL-PC\Downloads\%5BMilftoon%5D For Tracy %5BBG%5D.torrent
2014-09-20 01:13 - 2014-09-20 01:12 - 00021622 _____ () C:\Users\PAVEL-PC\Downloads\Five Mini Comics vol.3 [XXX Comics][JPG].torrent
2014-09-20 01:09 - 2014-09-20 01:09 - 00015614 _____ () C:\Users\PAVEL-PC\Downloads\xXx.State.of.the.Union.2005.480p.BRRip.XviD.AC3-LDK.torrent
2014-09-20 01:04 - 2014-09-20 01:04 - 00017054 _____ () C:\Users\PAVEL-PC\Downloads\22 Jump Street 2014 TS Xvid Ac3 5.1-MiLLENiUM.torrent
2014-09-20 01:01 - 2014-09-20 01:01 - 00013936 _____ () C:\Users\PAVEL-PC\Downloads\22 Jump Street (2014) TS PROPER.torrent
2014-09-19 15:01 - 2014-09-19 15:01 - 00000761 _____ () C:\Users\PAVEL-PC\Desktop\Coop-Land.ru.lnk
2014-09-19 15:01 - 2014-04-12 22:24 - 00153318 _____ () C:\Windows\DirectX.log
2014-09-19 14:58 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader (1).exe
2014-09-19 14:58 - 2014-09-19 14:57 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader.exe
2014-09-19 14:28 - 2014-09-19 14:28 - 00020682 _____ () C:\Users\PAVEL-PC\Downloads\[kickass.to]speedrunners.by.tinybuild.doubledutch.torrent
2014-09-19 13:00 - 2014-09-19 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
2014-09-19 12:56 - 2014-09-19 12:55 - 00024574 _____ () C:\Users\PAVEL-PC\Downloads\[kickass.to]speedrunners.r30.repack.torrent
2014-09-18 22:47 - 2014-09-18 22:47 - 00015048 _____ () C:\Users\PAVEL-PC\Downloads\How.to.Train.Your.Dragon.2.2014.WEBRip.x264.AAC-WAR.torrent
2014-09-18 18:46 - 2014-09-18 18:46 - 00586251 _____ () C:\Users\PAVEL-PC\Documents\2-Axis,8-Button.xpaddercontroller
2014-09-18 18:46 - 2014-09-18 18:46 - 00000329 _____ () C:\Users\PAVEL-PC\Documents\speed runer 2.xpadderprofile
2014-09-18 18:46 - 2014-09-18 18:17 - 00000399 _____ () C:\Users\PAVEL-PC\Documents\Speed runer 1.xpadderprofile
2014-09-18 18:27 - 2014-09-18 18:27 - 00393270 _____ () C:\Users\PAVEL-PC\Downloads\230112191001_SPEED-LINK_Strike_FX__PlayStation_PC_.Tilo_B.Germany.bmp
2014-09-18 18:27 - 2014-09-18 18:27 - 00393270 _____ () C:\Users\PAVEL-PC\Downloads\230112191001_SPEED-LINK_Strike_FX__PlayStation_PC_.Tilo_B.Germany (1).bmp
2014-09-18 18:22 - 2014-09-11 03:37 - 00514669 _____ () C:\Users\PAVEL-PC\Documents\GA-02 gamepad.xpaddercontroller
2014-09-18 17:44 - 2014-09-18 17:44 - 00015359 _____ () C:\Users\PAVEL-PC\Downloads\SpeedRunners - M3K1998.torrent
2014-09-18 17:36 - 2014-09-18 17:36 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\SavedGames
2014-09-18 17:36 - 2014-09-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-18 14:00 - 2014-09-18 14:00 - 00024405 _____ () C:\Users\PAVEL-PC\Downloads\VA - Retro  Best Hits ( My collection ).torrent
2014-09-18 13:58 - 2014-09-18 13:58 - 00017506 _____ () C:\Users\PAVEL-PC\Downloads\Modern Talking - Collection [Vinyl Rip] (1985-1987) - SMG.torrent
2014-09-18 00:05 - 2014-09-18 00:05 - 00052320 _____ () C:\Users\PAVEL-PC\Downloads\Zanna.torrent
2014-09-18 00:05 - 2014-09-18 00:05 - 00011918 _____ () C:\Users\PAVEL-PC\Downloads\PornStarsLikeItBig - Georgie Lyall & Jasmine Webb.torrent
2014-09-17 23:55 - 2014-09-17 23:55 - 00010552 _____ () C:\Users\PAVEL-PC\Downloads\Public Sex Adventures-Eva Berder (17.09.2014 г Real Hot Facial For a Horny School Teacher).torrent
2014-09-17 23:53 - 2014-09-17 23:53 - 00028803 _____ () C:\Users\PAVEL-PC\Downloads\Christie Lee - Naughty Bookworms.torrent
2014-09-17 20:17 - 2014-09-17 20:17 - 00010717 _____ () C:\Users\PAVEL-PC\Downloads\The Purge 2 Anarchy 2014 READNFO HDRip XviD-HELLRAZ0R.torrent
2014-09-17 18:12 - 2014-09-17 18:12 - 00040226 _____ () C:\Users\PAVEL-PC\Downloads\Greek.Season.01.HDTV.and.DSR.XviD-Zamunda.NET.torrent
2014-09-17 15:33 - 2014-09-17 15:33 - 00014597 _____ () C:\Users\PAVEL-PC\Downloads\Premature.WEBRip.x265.AC3-WAR.torrent
2014-09-16 14:04 - 2014-09-16 14:04 - 00013549 _____ () C:\Users\PAVEL-PC\Downloads\18 Years Old - Smoking Hot 18yo April.torrent
2014-09-16 13:56 - 2014-09-16 13:56 - 00012113 _____ () C:\Users\PAVEL-PC\Downloads\BigTitsAtSchool - Anya Ivy.torrent
2014-09-16 02:19 - 2014-09-16 02:19 - 00041828 _____ () C:\Users\PAVEL-PC\Downloads\House.S07.HDTV.XviD-ZmN.torrent
2014-09-16 02:13 - 2014-09-16 02:13 - 00000756 _____ () C:\Users\PAVEL-PC\Desktop\Xpadder - Shortcut.lnk
2014-09-15 21:42 - 2014-09-15 21:42 - 01930037 _____ () C:\Users\PAVEL-PC\Downloads\TalentTree50v1.0.0.jar
2014-09-15 01:51 - 2014-09-15 01:50 - 00000000 ____D () C:\Program Files (x86)\OSCAR Editor X7
2014-09-15 01:50 - 2014-09-15 01:50 - 00002771 _____ () C:\Users\Public\Desktop\X7 Oscar Editor.lnk
2014-09-15 01:50 - 2014-09-15 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4TECH Software
2014-09-15 01:50 - 2014-09-15 01:50 - 00000000 ____D () C:\Program Files (x86)\OscarEditor
2014-09-15 01:50 - 2014-03-24 16:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-15 01:49 - 2014-09-15 01:41 - 26144260 _____ () C:\Users\PAVEL-PC\Downloads\7Key_V12.03V20.zip
2014-09-15 01:42 - 2014-09-15 01:04 - 00000000 ____D () C:\Program Files (x86)\OscarX7Editor5Mode
2014-09-15 01:31 - 2014-09-15 01:29 - 23721443 _____ () C:\Users\PAVEL-PC\Downloads\7key_5mode_v12.03v20.zip
2014-09-15 01:18 - 2014-09-03 21:57 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Local\Origin
2014-09-15 01:18 - 2014-09-03 21:52 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-15 01:18 - 2014-09-02 16:20 - 00000000 ____D () C:\ProgramData\Origin
2014-09-15 01:01 - 2014-09-15 00:57 - 23721443 _____ () C:\Users\PAVEL-PC\Downloads\7Key,5Mode_V12.03V20.zip
2014-09-15 00:07 - 2014-06-18 23:55 - 00000000 _RSHD () C:\Users\PAVEL-PC\fmx8k64j
2014-09-13 15:47 - 2014-09-13 15:47 - 00001603 _____ () C:\Users\PAVEL-PC\Desktop\Raiderz Launcher - Shortcut.lnk
2014-09-13 02:34 - 2014-09-13 02:34 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Steam
2014-09-13 02:34 - 2014-04-17 23:44 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\My Games
2014-09-13 02:30 - 2014-09-13 02:30 - 00000953 _____ () C:\Users\PAVEL-PC\Desktop\Fable Anniversary.lnk
2014-09-13 02:30 - 2014-09-13 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable Anniversary
2014-09-13 02:04 - 2014-09-13 02:04 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\Raiderz
2014-09-13 02:02 - 2014-09-13 02:02 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-09-13 00:46 - 2014-09-13 00:46 - 00000189 _____ () C:\Users\PAVEL-PC\Desktop\RaiderZ.url
2014-09-13 00:46 - 2014-04-17 22:58 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-11 03:40 - 2014-09-11 03:40 - 00001020 _____ () C:\Users\PAVEL-PC\Documents\Gom.xpadderprofile
2014-09-09 20:45 - 2014-07-16 18:03 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 13:39 - 2014-09-08 13:39 - 00000933 _____ () C:\Users\PAVEL-PC\Desktop\The.Sims.4.Launcher - Shortcut.lnk
2014-09-06 14:43 - 2014-06-18 22:57 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-05 21:33 - 2014-09-05 21:33 - 00000222 _____ () C:\Users\PAVEL-PC\Desktop\Path of Exile.url
2014-09-04 19:50 - 2014-09-03 21:57 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\Origin
2014-09-03 23:10 - 2014-05-17 15:55 - 00000000 ____D () C:\Users\PAVEL-PC\Documents\Electronic Arts
2014-09-03 22:07 - 2014-03-24 19:29 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-09-03 19:44 - 2014-09-03 23:07 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-02 23:50 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-02 23:47 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\registration
2014-09-02 21:55 - 2014-03-26 01:43 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\NVIDIA
2014-08-28 21:28 - 2014-07-27 22:13 - 00000000 ____D () C:\Users\PAVEL-PC\AppData\Roaming\PortForward.com
2014-08-26 12:11 - 2014-08-26 12:11 - 00000000 _____ () C:\Users\PAVEL-PC\Desktop\New Text Document (2).txt
2014-08-25 14:24 - 2014-08-25 01:14 - 00000303 _____ () C:\Users\PAVEL-PC\Desktop\PoE Trade.ahk
2014-08-25 02:13 - 2014-08-25 02:13 - 00000000 _____ () C:\Users\PAVEL-PC\Desktop\New Text Document.txt
2014-08-25 01:07 - 2014-08-24 01:35 - 00004203 _____ () C:\Users\PAVEL-PC\Desktop\Trade spam.au3
2014-08-25 01:07 - 2014-04-03 20:31 - 00000543 _____ () C:\Users\PAVEL-PC\SciTE.session
2014-08-24 01:45 - 2014-08-24 01:35 - 00003643 _____ () C:\Users\PAVEL-PC\Desktop\Tradespam.au3.txt
2014-08-21 02:39 - 2014-08-21 02:39 - 00806272 _____ () C:\Windows\Minidump\082114-21906-01.dmp
2014-08-21 02:39 - 2014-08-05 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 02:38 - 2014-08-05 16:19 - 341744993 _____ () C:\Windows\MEMORY.DMP
2014-08-21 00:10 - 2014-08-21 00:09 - 00000113 _____ () C:\Users\PAVEL-PC\Desktop\build.txt
 
Some content of TEMP:
====================
C:\Users\PAVEL-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PAVEL-PC\AppData\Local\Temp\ShellHook.dll
C:\Users\PAVEL-PC\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 13:43
 
==================== End Of Log ============================

Attached Files


Edited by hellshitoffire, 20 September 2014 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 21 September 2014 - 04:26 AM

Hello and welcome to BleepingComputer :)

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    cmd: dir C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-09-19 14:58 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader (1).exe
    2014-09-19 14:57 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader.exe
    Task: {4B391B6C-A08C-46A5-A1CB-85C0FB957B3A} - \YTAUpdate_logon No Task File <==== ATTENTION
    Task: {645E0F06-DF9B-4F66-A93F-AF075186E9BE} - \SPDriver No Task File <==== ATTENTION
    Task: {33E936B2-665B-43A6-9F1F-FAEE04C13C03} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
    Task: {8DCC8874-F5B3-458E-A693-653AF8378FA2} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {CD090785-549B-4263-96FC-F5E3D6FD66D0} - \ShopperPro No Task File <==== ATTENTION
    Task: {D7418FF3-2EA0-43D8-8C0B-D3EB9671E06B} - \YTAUpdate No Task File <==== ATTENTION
    emptytemp:
    end
     
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply

 

Step 2

 

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

priceuchhop


Edited by thisisu, 21 September 2014 - 04:29 AM.


#3 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 21 September 2014 - 06:29 AM

I have copleted set 1 and the computer stoped loging to gameharbor.org and step 2 no such program existed. But i still can't log in to my router using the defaultgetway
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by PAVEL-PC at 2014-09-21 14:20:30 Run:2
Running from C:\Users\PAVEL-PC\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
cmd: dir C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-19 14:58 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader (1).exe
2014-09-19 14:57 - 2014-09-19 14:58 - 02739424 _____ (http://yourfiledownloader.net) C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader.exe
Task: {4B391B6C-A08C-46A5-A1CB-85C0FB957B3A} - \YTAUpdate_logon No Task File <==== ATTENTION
Task: {645E0F06-DF9B-4F66-A93F-AF075186E9BE} - \SPDriver No Task File <==== ATTENTION
Task: {33E936B2-665B-43A6-9F1F-FAEE04C13C03} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {8DCC8874-F5B3-458E-A693-653AF8378FA2} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {CD090785-549B-4263-96FC-F5E3D6FD66D0} - \ShopperPro No Task File <==== ATTENTION
Task: {D7418FF3-2EA0-43D8-8C0B-D3EB9671E06B} - \YTAUpdate No Task File <==== ATTENTION
emptytemp:
end
*****************
 
HKU\S-1-5-21-2594426300-334832196-3810896462-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
 
=========  dir C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP =========
 
 Volume in drive C has no label.
 Volume Serial Number is 84B7-CD27
 
 Directory of C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
 
20.09.2014 �.  19:52    <DIR>          .
20.09.2014 �.  19:52    <DIR>          ..
20.09.2014 �.  19:51            66�956 WiseCustomCall.dll
20.09.2014 �.  19:51           179�687 WiseCustomCalla.dll
20.09.2014 �.  19:51           176�035 WiseCustomCalla2.dll
20.09.2014 �.  19:51           190�111 WiseCustomCalla21.dll
20.09.2014 �.  19:51           185�271 WiseCustomCalla31.exe
20.09.2014 �.  19:51           176�545 WiseCustomCalla32.dll
20.09.2014 �.  19:51           176�035 WiseCustomCalla33.dll
20.09.2014 �.  19:51           175�992 WiseCustomCalla34.dll
20.09.2014 �.  19:51           190�429 WiseCustomCalla37.dll
20.09.2014 �.  17:56           190�429 WiseCustomCalla37.exe
20.09.2014 �.  19:52             8�204 WiseData.ini
              11 File(s)      1�715�694 bytes
               2 Dir(s)  111�992�725�504 bytes free
 
========= End of CMD: =========
 
C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader (1).exe => Moved successfully.
C:\Users\PAVEL-PC\Downloads\SpeedRunners_r30_[Repack]_downloader.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B391B6C-A08C-46A5-A1CB-85C0FB957B3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate_logon" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{645E0F06-DF9B-4F66-A93F-AF075186E9BE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33E936B2-665B-43A6-9F1F-FAEE04C13C03}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCC8874-F5B3-458E-A693-653AF8378FA2}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD090785-549B-4263-96FC-F5E3D6FD66D0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7418FF3-2EA0-43D8-8C0B-D3EB9671E06B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7418FF3-2EA0-43D8-8C0B-D3EB9671E06B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate" => Key deleted successfully.
EmptyTemp: => Removed 417.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 21 September 2014 - 07:16 AM

The router issue probably isn't malware related, but go ahead and tell me what's the brand of your router?



#5 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 21 September 2014 - 09:53 AM

cisco linksys e2000 



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 21 September 2014 - 04:05 PM

Ok, and you are entering 192.168.1.1 into the browser, correct?

 

rzqZvBe.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • njvAG80.png
    • 6N6QY9z.png
    • zmWTIXg.png
    • VAFn5gg.png
    • AtULTyM.png
    • 4roTXa5.png
    • kLju9nY.png
    • chxHkm0.png
    • 6KiAnDw.png
    • bKYHfhP.png
    • rO2mCup.png & Ii0HSu5.png
    • fd89mAB.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.


#7 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 September 2014 - 06:41 AM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by PAVEL-PC (administrator) on 22-09-2014 at 14:38:55
Running from "C:\Users\PAVEL-PC\Desktop"
Microsoft Windows 8.1 Enterprise  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Linksys AE1000 = Wi-Fi (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Ethernet (Media disconnected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 2 (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : PAVEL
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Tunngle:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-7B-31-59-2B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter #2
   Physical Address. . . . . . . . . : 00-FF-0A-CC-80-0A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-97-B3-C2-0A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 98-FC-11-CD-9D-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Linksys AE1000
   Physical Address. . . . . . . . . : 98-FC-11-CD-9D-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4403:36b8:326a:c9b8%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.142(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 22 ᥯⥬�� 2014 �. 14:28:03
   Lease Expires . . . . . . . . . . : 23 ᥯⥬�� 2014 �. 14:28:08
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 127466513
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C2-03-D9-00-26-18-E4-65-62
   DNS Servers . . . . . . . . . . . : 93.152.128.1
                                       93.152.160.5
                                       93.152.178.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
   Physical Address. . . . . . . . . : 00-26-18-E4-65-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{960F371A-98D5-4FC2-A435-C74BB51723FF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c73:1977:a267:4469(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2c73:1977:a267:4469%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C2-03-D9-00-26-18-E4-65-62
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  thorcho.onlinedirect.bg
Address:  93.152.128.1
 
Name:    google.com
Addresses:  2a00:1450:400d:806::1007
 93.123.23.31
 93.123.23.32
 93.123.23.38
 93.123.23.39
 93.123.23.45
 93.123.23.46
 93.123.23.52
 93.123.23.53
 93.123.23.59
 93.123.23.18
 93.123.23.24
 93.123.23.25
 
 
Pinging google.com [93.123.23.18] with 32 bytes of data:
Reply from 93.123.23.18: bytes=32 time=2ms TTL=61
Reply from 93.123.23.18: bytes=32 time=2ms TTL=61
 
Ping statistics for 93.123.23.18:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms
Server:  thor.onlinedirect.bg
Address:  93.152.128.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=143ms TTL=52
Reply from 98.139.183.24: bytes=32 time=136ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 136ms, Maximum = 143ms, Average = 139ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 ff 7b 31 59 2b ......TAP-Win32 Adapter V9 (Tunngle)
 11...00 ff 0a cc 80 0a ......Anchorfree HSS VPN Adapter #2
 10...00 ff 97 b3 c2 0a ......Anchorfree HSS VPN Adapter
  8...98 fc 11 cd 9d fb ......Microsoft Hosted Network Virtual Adapter
  4...98 fc 11 cd 9d fa ......Linksys AE1000
  3...00 26 18 e4 65 62 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.142     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.142    281
    192.168.1.142  255.255.255.255         On-link     192.168.1.142    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.142    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.142    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.142    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6ab8:2c73:1977:a267:4469/128
                                    On-link
  4    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::2c73:1977:a267:4469/128
                                    On-link
  4    281 fe80::4403:36b8:326a:c9b8/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/22/2014 02:35:00 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/22/2014 02:28:25 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:28:23 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:26:08 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:26:03 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (09/22/2014 02:26:01 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:36:42 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:23:15 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:23:09 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (09/21/2014 02:13:23 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (09/21/2014 02:58:54 PM) (Source: DCOM) (User: PAVEL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/21/2014 02:58:23 PM) (Source: DCOM) (User: PAVEL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/21/2014 02:52:32 PM) (Source: DCOM) (User: PAVEL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/21/2014 02:52:01 PM) (Source: DCOM) (User: PAVEL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/21/2014 02:38:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (09/21/2014 02:38:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (09/21/2014 02:38:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (09/21/2014 02:38:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (09/21/2014 02:24:38 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (09/21/2014 02:24:38 PM) (Source: Service Control Manager) (User: )
Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (09/22/2014 02:35:00 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/22/2014 02:28:25 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:28:23 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:26:08 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/22/2014 02:26:03 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (09/22/2014 02:26:01 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:36:42 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:23:15 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/21/2014 02:23:09 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (09/21/2014 02:13:23 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33870 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
AutoIt v3.3.10.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.10.2 - AutoIt Team)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DriverToolkit version 8.2.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.2.0.0 - Megaify Software)
DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version:  - )
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.0.7.0873 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5205 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510d series Product Improvement Study (HKLM\...\{A1D10BB4-412F-4BA5-9A90-43DB2870D989}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Espanol (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False (Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False (Version: 8.0.58298 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (x32 Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (x32 Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (x32 Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False (Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False (Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False (Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False (Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (x32 Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (x32 Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (x32 Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False (x32 Version: 11.0.50727.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False (x32 Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{dde2682b-961a-41ea-8d44-6005991b7947}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False (x32 Version: 11.0.50727.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False (x32 Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 bg) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 bg)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
Outils de verification linguistique 2013 de Microsoft Office - Francais (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
RaiderZ (HKLM-x32\...\Steam App 218470) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedRunners (HKLM-x32\...\{A621523A-3B59-2B42-18D6-2FDF5A067425}_is1) (Version: Beta r30 - tinyBuild (Coop-Land))
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Sims™ 3 Кино Каталог (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
WinRAR 5.01 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
X7 Oscar Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 4095.11 MB
Available physical RAM: 3005.58 MB
Total Pagefile: 8191.11 MB
Available Pagefile: 7047.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.36 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:146.14 GB) (Free:104.49 GB) NTFS
2 Drive d: (Fable) (CDROM) (Total:8.83 GB) (Free:0 GB) CDFS
3 Drive e: () (Fixed) (Total:449.69 GB) (Free:326.65 GB) NTFS
4 Drive f: (Mp3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\PAVEL
 
Administrator            Guest                    PAVEL-PC                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
07-09-2014 09:46:11 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
13-09-2014 09:28:56 Restore Operation
14-09-2014 22:50:21 Installed OSCAR Editor
18-09-2014 14:35:54 Installed Microsoft XNA Framework Redistributable 4.0
20-09-2014 12:12:48 zoek.exe restore point
 
**** End of log ****


#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 22 September 2014 - 09:59 AM

 

Ok, and you are entering 192.168.1.1 into the browser, correct?

 



#9 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 September 2014 - 12:37 PM

yes



#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 22 September 2014 - 12:56 PM

Step 1

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

 

Step 2

 

 

  • 1.Please download HitmanPro.

    • For 32-bit Operating System - dEMD6.gif.
    • This is the mirror - dEMD6.gif
    • For 64-bit Operating System - dEMD6.gif
    • This is the mirror - dEMD6.gif

    2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

    Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

    3.Click on the next button. You must agree with the terms of EULA. (if asked)

    4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

    5.Click on the next button.

    6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

    7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
     
    8.Click on the next button.

    9.Click on the "Save Log" button.

    10.Save that file to your desktop and post the content of that file in your next reply.
     
    Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

    Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 



#11 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 September 2014 - 04:00 PM

step 1 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 22.9.2014 г.
Scan Time: 23:41:13
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.22.08
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: PAVEL-PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337399
Time Elapsed: 17 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Superfish.A, HKU\S-1-5-21-2594426300-334832196-3810896462-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, Quarantined, [0580529d8eed6bcbd74ababdb64ed729], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 September 2014 - 04:12 PM

set 2

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : PAVEL
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : PAVEL\PAVEL-PC
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-23 00:01:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 62
 
   Objects scanned . . . : 1 570 967
   Files scanned . . . . : 47 936
   Remnants scanned  . . : 474 024 files / 1 049 007 keys
 
Malware _____________________________________________________________________
 
   C:\ProgramData\priceuchhop\A3PHvNew9trM5Bb.exe
      Size . . . . . . . : 3 185 664 bytes
      Age  . . . . . . . : 381.4 days (2013-09-06 14:43:24)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E3A1498E54B7C6D60E6D2C19907088135C64571E9C4F6BC9B7EE73C3AAD8F63D
    > Bitdefender  . . . : Gen:Variant.Adware.MultiPlug.1
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.MultiPlug.heur
      Fuzzy  . . . . . . : 114.0
 
   C:\Users\PAVEL-PC\Desktop\paul.dll
      Size . . . . . . . : 77 312 bytes
      Age  . . . . . . . : 69.0 days (2014-07-16 00:05:16)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B8E223EE0CD38CC3347E7D314BC8BD26D9CBE5F528FFA5E0115D333152BAC8E6
    > G Data . . . . . . : Trojan.Generic.6255595 (Engine-A)
      Fuzzy  . . . . . . : 114.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\PAVEL-PC\Desktop\FRST64.exe
      Size . . . . . . . : 2 105 856 bytes
      Age  . . . . . . . : 0.3 days (2014-09-22 16:25:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : B36B465C69EE92024F9E2935C5CFBAE2683E2028A2FD0A8034A4187C4A7E36E7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Malware remnants ____________________________________________________________
 
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
 
Potential Unwanted Programs _________________________________________________
 
   C:\Program Files (x86)\ShopperPro\ (ShopperPro)
   C:\Program Files (x86)\ShopperPro\JSDriver\1.30.1.149\ (ShopperPro)
   C:\Program Files (x86)\ShopperPro\JSDriver\1.30.1.149\jsdrv.exe (ShopperPro)
   HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF\ (YTDownloader)
   HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1\ (YTDownloader)
   HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg\ (YTDownloader)
   HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1\ (YTDownloader)
   HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2\ (YTDownloader)
   HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL\ (ShopperPro)
   HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}\ (ShopperPro)
   HKLM\SOFTWARE\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL\ (ShopperPro)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}\ (ShopperPro)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (PCOptimizerPro)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110411821192} (SaveSense)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Sense-bg.exe (SaveSense)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110411821192} (SaveSense)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}\ (PriceChop)
   HKLM\SOFTWARE\Wow6432Node\Sense\ (SaveSense)
   HKLM\SOFTWARE\Wow6432Node\ShopperPro\ (ShopperPro)
   HKU\.DEFAULT\Software\AppDataLow\Software\Sense\ (SaveSense)
   HKU\S-1-5-18\Software\AppDataLow\Software\Sense\ (SaveSense)
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-21-2594426300-334832196-3810896462-1001\Software\AppDataLow\Software\Sense\ (SaveSense)
   HKU\S-1-5-21-2594426300-334832196-3810896462-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-21-2594426300-334832196-3810896462-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info\ (ShopperPro)
   HKU\S-1-5-21-2594426300-334832196-3810896462-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)
 
Cookies _____________________________________________________________________
 
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.abv.bg
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\PAVEL-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\PAVEL-PC\AppData\Local\Microsoft\Windows\INetCookies\T8UECU5B.txt
 
 


#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 22 September 2014 - 04:21 PM

Step 1

 

Rescan with HitmanPro, allow it to delete or quarantine everything it finds except for FRST64.exe (we'll need this later) Post the results of the disinfection here.

 

Step 2

 

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Step 4

 

Give me a new scan log from FRST.

 

Step 5

 

Let me know if you are still unable to access your router setup. If you haven't tried resetting the router, do that now. To reset your router, you press and hold the reset button on the back of the router (where the ethernet ports are) for 5 seconds. Page 4 of your router's manual has the instructions on how to do this as well. Here is the manual for your router

 

 

In your next post(s) I should see logs from:

 

  • HitmanPro
  • AdwCleaner
  • JRT
  • FRST

Edited by thisisu, 22 September 2014 - 04:29 PM.


#14 HelpI'mOnFire

HelpI'mOnFire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 September 2014 - 06:03 PM

step 1

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : PAVEL
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : PAVEL\PAVEL-PC
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)
 
   Scan date . . . . . . : 2014-09-23 01:57:45
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1
 
   Objects scanned . . . : 1 570 438
   Files scanned . . . . : 47 914
   Remnants scanned  . . : 474 070 files / 1 048 454 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\PAVEL-PC\Desktop\FRST64.exe
      Size . . . . . . . : 2 105 856 bytes
      Age  . . . . . . . : 0.4 days (2014-09-22 16:25:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : B36B465C69EE92024F9E2935C5CFBAE2683E2028A2FD0A8034A4187C4A7E36E7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
 


#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:06 PM

Posted 28 September 2014 - 12:48 AM

Are you still with me?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users