Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware ,spyware infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 Dalekkhan

Dalekkhan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 09 November 2014 - 06:13 PM

Hello my computer seems to be infected with adware ,i get fake java  popups every 5 minutes,i tried to use removal tools like superantispyware,malwarebytes,webroot  i got rid of all the threats but they still appear .



BC AdBot (Login to Remove)

 


#2 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 November 2014 - 10:04 AM

Here is the log:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Bogdan (administrator) on 10-11-2014 at 17:03:04
Running from "C:\Users\Bogdan\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Bogdan-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
PPP adapter Broadband Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadband Connection
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2a02:2f08:82df:ffff::4f73:8524(Preferred) 
   Lease Obtained. . . . . . . . . . : Monday, November 10, 2014 4:13:46 PM
   Lease Expires . . . . . . . . . . : Thursday, December 17, 2150 11:31:25 PM
   Link-local IPv6 Address . . . . . : fe80::4f73:8524%26(Preferred) 
   IPv4 Address. . . . . . . . . . . : 79.115.133.36(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : fe80::1%26
                                       0.0.0.0
   DHCPv6 IAID . . . . . . . . . . . : 316845856
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9A-D3-0B-6C-62-6D-08-65-B2
   DNS Servers . . . . . . . . . . . : 2a02:2f0c:8000:3::1
                                       2a02:2f0c:8000:8::1
                                       193.231.252.1
                                       213.154.124.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-01-3C-7D-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 6C-62-6D-08-65-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc30:996b:98be:4239%10(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.66.57(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 241984109
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9A-D3-0B-6C-62-6D-08-65-B2
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-91-97-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1991:97dc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::bc13:3a71:90b9:34c6%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.145.151.220(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Monday, November 10, 2014 4:11:30 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 10, 2015 4:13:45 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 326793633
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9A-D3-0B-6C-62-6D-08-65-B2
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dns61.rcs-rds.ro
Address:  2a02:2f0c:8000:3::1
 
Name:    google.com
Addresses:  2a00:1450:4002:805::1000
 82.77.159.109
 82.77.159.94
 82.77.159.99
 82.77.159.113
 82.77.159.108
 82.77.159.118
 82.77.159.123
 82.77.159.103
 82.77.159.89
 82.77.159.119
 82.77.159.114
 82.77.159.84
 82.77.159.88
 82.77.159.98
 82.77.159.104
 82.77.159.93
 
 
Pinging google.com [2a00:1450:4002:805::1000] with 32 bytes of data:
Reply from 2a00:1450:4002:805::1000: time=30ms 
Reply from 2a00:1450:4002:805::1000: time=30ms 
 
Ping statistics for 2a00:1450:4002:805::1000:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 30ms, Average = 30ms
Server:  dns61.rcs-rds.ro
Address:  2a02:2f0c:8000:3::1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=127ms TTL=52
Reply from 98.139.183.24: bytes=32 time=129ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 127ms, Maximum = 129ms, Average = 128ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 26...........................Broadband Connection
 14...00 ff 01 3c 7d 49 ......TAP-Win32 Adapter V9 (Tunngle)
 10...6c 62 6d 08 65 b2 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
 13...7a 79 19 91 97 dc ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1   25.145.151.220  13481
          0.0.0.0          0.0.0.0         On-link     79.115.133.36     11
         25.0.0.0        255.0.0.0         On-link    25.145.151.220  13481
   25.145.151.220  255.255.255.255         On-link    25.145.151.220  13481
   25.255.255.255  255.255.255.255         On-link    25.145.151.220  13481
    79.115.133.36  255.255.255.255         On-link     79.115.133.36    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      169.254.0.0      255.255.0.0         On-link     169.254.66.57   4491
    169.254.66.57  255.255.255.255         On-link     169.254.66.57   4491
  169.254.255.255  255.255.255.255         On-link     169.254.66.57   4491
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link     169.254.66.57   4492
        224.0.0.0        240.0.0.0         On-link    25.145.151.220  13482
        224.0.0.0        240.0.0.0         On-link     79.115.133.36     11
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link     169.254.66.57   4491
  255.255.255.255  255.255.255.255         On-link    25.145.151.220  13481
  255.255.255.255  255.255.255.255         On-link     79.115.133.36    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13  13245 ::/0                     2620:9b::1900:1
 26    266 ::/0                     fe80::1
  1   4531 ::1/128                  On-link
 13   4501 2620:9b::/96             On-link
 13   4501 2620:9b::1991:97dc/128   On-link
 26    266 2a02:2f08:82df:ffff::4f73:8524/128
                                    On-link
 10   4491 fe80::/64                On-link
 13   4501 fe80::/64                On-link
 26    266 fe80::/64                On-link
 26    266 fe80::4f73:8524/128      On-link
 13   4501 fe80::bc13:3a71:90b9:34c6/128
                                    On-link
 10   4491 fe80::cc30:996b:98be:4239/128
                                    On-link
  1   4531 ff00::/8                 On-link
 10   4491 ff00::/8                 On-link
 13   4501 ff00::/8                 On-link
 26    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/09/2014 02:08:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: chrome.dll, version: 36.0.1985.143, time stamp: 0x53e2e1c7
Exception code: 0xc0000005
Fault offset: 0x0116424e
Faulting process id: 0x29c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (11/08/2014 11:12:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: deadislandgame.exe, version: 1.0.0.0, time stamp: 0x4f100716
Faulting module name: USER32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba59
Exception code: 0xc0000005
Fault offset: 0x00038501
Faulting process id: 0xe8c
Faulting application start time: 0xdeadislandgame.exe0
Faulting application path: deadislandgame.exe1
Faulting module path: deadislandgame.exe2
Report Id: deadislandgame.exe3
 
Error: (11/08/2014 10:50:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1224
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:46:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x13b4
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:46:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1844
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:45:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1594
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:44:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x50c
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:42:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1aa0
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:40:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1958
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
Error: (11/08/2014 10:39:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000417
Fault offset: 0x000a46bb
Faulting process id: 0x1960
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
 
 
System errors:
=============
Error: (11/10/2014 04:13:59 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/10/2014 07:48:51 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/09/2014 10:13:40 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/09/2014 02:37:26 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (11/08/2014 05:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/08/2014 04:40:23 PM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (11/08/2014 04:31:36 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (11/08/2014 10:50:37 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/07/2014 02:36:02 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/07/2014 08:00:11 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Anvi Smart Defender 2.2 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.2 - Anvisoft)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Genesis GX77 Driver (HKLM-x32\...\{B62CC42A-D1D9-4E91-BEDE-8614DE2AD943}) (Version:  - )
GENESIS HX66 Headset Driver (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
GENESIS HX66 Headset Driver (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0001 - )
Genesis RX66 keyboard Driver (HKLM-x32\...\{68F65E0D-F894-4F5A-B9E9-F3CAB29FB59A}) (Version: 1.0 - Genesis)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hammerfight (HKLM-x32\...\Steam App 41100) (Version:  - Konstantin Koshutin)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Ingato Client (HKLM-x32\...\Ingato Client 1.54) (Version: 1.57 - Ingato LTD)
Ingato Client (x32 Version: 1.54 - Ingato LTD) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5919 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Trojan Killer 2.0 (HKLM-x32\...\{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1) (Version:  - GridinSoft, Inc.)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.5.107 - Webroot)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 4095.24 MB
Available physical RAM: 1540.93 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 4898.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3987.11 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:29.19 GB) (Free:1.97 GB) NTFS
2 Drive d: () (Fixed) (Total:436.46 GB) (Free:8.35 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BOGDAN-PC
 
Administrator            Bogdan                   Guest                    
 
 
**** End of log ****


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 14 November 2014 - 07:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555449 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 17 November 2014 - 05:06 PM

Greetings Dalekkhan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 19 November 2014 - 04:00 PM

Thank you for helping me here are the logs

 

 

# AdwCleaner v4.101 - Report created 18/11/2014 at 22:46:28
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Bogdan - BOGDAN-PC
# Running from : C:\Users\Bogdan\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\5d1f4b375e549411
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16533
 
 
-\\ Google Chrome v36.0.1985.143
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [10438 octets] - [30/10/2014 16:39:29]
AdwCleaner[R1].txt - [945 octets] - [18/11/2014 22:39:48]
AdwCleaner[R2].txt - [1004 octets] - [18/11/2014 22:45:20]
AdwCleaner[S0].txt - [11069 octets] - [30/10/2014 16:40:26]
AdwCleaner[S1].txt - [929 octets] - [18/11/2014 22:46:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [988 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by Bogdan (administrator) on BOGDAN-PC on 19-11-2014 22:46:48
Running from C:\Users\Bogdan\Desktop
Loaded Profile: Bogdan (Available profiles: Bogdan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Power Software Ltd) D:\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bogdan\AppData\Local\Temp\jrt\WGET.DAT
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Windows\mod_frst.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [GX77 mouse] => "C:\Program Files (x86)\Genesis\GX77 Mouse\Monitor.exe"
HKLM-x32\...\Run: [Genesis RX66 keyboard] => "C:\Program Files (x86)\Genesis\RX66 keyboard\Monitor.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [768144 2014-11-09] (Webroot)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Run: [uTorrent] => C:\Users\Bogdan\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-30] (BitTorrent Inc.)
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\MountPoints2: F - F:\steambackup2.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-23] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Bogdan\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF9A7EFB7D32FCF01
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{003068DD-3576-4839-8495-EA7373B91D0F}: [NameServer] 193.231.252.1 213.154.124.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2225666720-1219790975-2230852265-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bogdan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2225666720-1219790975-2230852265-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-22]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Disc Google) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (YouTube) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (căutare Google) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Flint by Viralheat) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga [2014-09-11]
CHR Extension: (World Clocks) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\innfmeekncjandlanpgdmmogkcimekgo [2014-10-07]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-11-01]
CHR Extension: (AnviAdblock) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb [2014-08-03]
CHR Extension: (Veritabs) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Gmail) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]
CHR Extension: (CalendarWeek) - C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmjkmagmdipoioaihlbahnkjhpappjm [2014-10-14]
CHR Extension: (GoSSAveo) - C:\ProgramData\boapeacpgdgmaddlclhpmgfdfddapmde\ [2014-10-14]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2014-10-31]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1206504 2014-05-28] (Anvisoft)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-05-28] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [768144 2014-11-09] (Webroot)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [48656 2014-05-29] (Anvisoft)
R1 Asdids; C:\Windows\System32\DRIVERS\asdids.sys [47632 2014-05-29] (Anvisoft)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-10-31] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-11-09] (Webroot)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-19 22:46 - 2014-11-19 22:48 - 00025861 _____ () C:\Users\Bogdan\Desktop\FRST.txt
2014-11-19 22:38 - 2014-11-19 22:46 - 00000000 ____D () C:\FRST
2014-11-19 22:37 - 2014-11-19 22:37 - 02117120 _____ (Farbar) C:\Users\Bogdan\Desktop\FRST64.exe
2014-11-19 22:31 - 2014-11-19 22:32 - 01707532 _____ (Thisisu) C:\Users\Bogdan\Downloads\JRT (1).exe
2014-11-18 22:55 - 2014-11-18 22:55 - 01707532 _____ (Thisisu) C:\Users\Bogdan\Downloads\JRT.exe
2014-11-18 22:55 - 2014-11-18 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 22:38 - 2014-11-18 22:38 - 02140160 _____ () C:\Users\Bogdan\Downloads\AdwCleaner (1).exe
2014-11-17 11:45 - 2014-11-17 11:45 - 00001874 _____ () C:\Users\Bogdan\Downloads\detalii_convorbiri_luna_curenta_0741789237 (1).csv
2014-11-13 19:48 - 2014-11-13 19:49 - 00000851 _____ () C:\Users\Bogdan\Downloads\detalii_convorbiri_luna_curenta_0741789237.csv
2014-11-12 18:20 - 2014-11-12 18:20 - 00003424 _____ () C:\Users\Bogdan\Downloads\ref006703.zip
2014-11-12 18:18 - 2014-11-12 18:18 - 00028046 _____ () C:\Users\Bogdan\Downloads\referat.clopotel.ro-11400.zip
2014-11-11 20:02 - 2014-11-11 20:02 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-11 20:02 - 2014-11-11 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-11 20:02 - 2014-11-11 20:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-11 20:02 - 2014-11-11 20:02 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-11 20:02 - 2014-11-11 20:02 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-11-11 20:01 - 2014-11-11 20:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-11 20:01 - 2014-11-11 20:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-11 20:01 - 2014-11-11 20:01 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-11 20:01 - 2014-11-11 20:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-11 20:00 - 2014-11-11 20:03 - 00000000 ____D () C:\Users\Bogdan\AppData\Local\Adobe
2014-11-10 01:13 - 2014-11-10 01:13 - 00030422 _____ () C:\Users\Bogdan\Desktop\Result.txt
2014-11-10 00:53 - 2014-11-10 17:03 - 00030467 _____ () C:\Users\Bogdan\Downloads\Result.txt
2014-11-10 00:17 - 2014-11-10 00:17 - 00401920 _____ (Farbar) C:\Users\Bogdan\Downloads\MiniToolBox.exe
2014-11-09 22:33 - 2014-11-09 22:38 - 00000000 ____D () C:\Users\Bogdan\Desktop\Minecraft
2014-11-09 20:21 - 2014-11-09 20:29 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\CodeBlocks
2014-11-09 20:21 - 2014-11-09 20:21 - 00001095 _____ () C:\Users\Bogdan\Desktop\CodeBlocks.lnk
2014-11-09 20:21 - 2014-11-09 20:21 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2014-11-09 20:21 - 2014-11-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2014-11-09 20:20 - 2014-11-09 20:35 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks
2014-11-09 20:19 - 2014-11-09 20:20 - 30649126 _____ (The Code::Blocks Team) C:\Users\Bogdan\Downloads\codeblocks-13.12-setup.exe
2014-11-08 22:35 - 2014-11-08 22:35 - 00726582 _____ () C:\Users\Bogdan\Downloads\GreenLuma-3.0.3-Steam006.rar
2014-11-08 19:06 - 2014-11-08 23:12 - 00000000 ____D () C:\ProgramData\Tunngle
2014-11-08 19:06 - 2014-11-08 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-11-08 18:07 - 2014-11-08 18:08 - 00359967 _____ () C:\Users\Bogdan\Downloads\TBFI-0.8.2.zip
2014-11-08 18:01 - 2014-11-08 18:01 - 00000000 ____D () C:\Program Files (x86)\Tunngle x86 install
2014-11-08 18:01 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-11-08 17:28 - 2014-11-08 17:28 - 00001035 _____ () C:\Users\Bogdan\Desktop\WinDirStat.lnk
2014-11-08 17:28 - 2014-11-08 17:28 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-11-08 16:04 - 2014-11-08 23:12 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\Tunngle
2014-11-08 16:04 - 2014-11-08 19:07 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-11-08 16:04 - 2014-11-08 19:06 - 00000995 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2014-11-08 16:04 - 2014-11-08 16:04 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-11-08 16:04 - 2014-11-08 16:04 - 00000000 ____D () C:\Users\Bogdan\Documents\Tunngle
2014-11-08 16:02 - 2014-11-08 16:03 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Bogdan\Downloads\Tunngle_Setup_v5.0.exe
2014-11-08 15:35 - 2014-11-08 15:35 - 00000000 ____D () C:\Users\Bogdan\AppData\Local\SKIDROW
2014-11-08 15:20 - 2014-11-08 15:24 - 71281773 _____ () C:\Users\Bogdan\Desktop\Dead_Island_Patch_1_3_Update_7.rar
2014-11-08 15:20 - 2014-11-08 15:21 - 00255764 _____ () C:\Users\Bogdan\Desktop\Dead.Island.v1.3.0.0.Steamworks.Fix-RVTFiX.rar
2014-11-08 15:20 - 2014-11-08 15:21 - 00241124 _____ () C:\Users\Bogdan\Desktop\DI.LAN.Fix.Incl.DLC.Unlocker.[V1.3.0.0]-xps2.rar
2014-11-08 14:09 - 2014-11-08 14:09 - 00059169 _____ () C:\Users\Bogdan\Downloads\Dead.Island-RELOADED.torrent
2014-11-08 01:49 - 2014-11-08 01:49 - 00004907 _____ () C:\Users\Bogdan\Downloads\GridinSoft.Trojan.Killer.v2.0.0.2.WinALL.Cracked-CzW (2).torrent
2014-11-07 21:45 - 2014-11-07 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
2014-11-07 21:45 - 2014-11-07 22:32 - 00000000 ____D () C:\Program Files (x86)\GridinSoft Trojan Killer
2014-11-07 21:41 - 2014-11-07 22:38 - 00000000 ____D () C:\Users\Bogdan\Desktop\Grindsoft Trojan Killer
2014-11-07 21:37 - 2014-11-07 21:37 - 00004907 _____ () C:\Users\Bogdan\Downloads\GridinSoft.Trojan.Killer.v2.0.0.2.WinALL.Cracked-CzW (1).torrent
2014-11-07 21:31 - 2014-11-07 21:31 - 00004907 _____ () C:\Users\Bogdan\Downloads\GridinSoft.Trojan.Killer.v2.0.0.2.WinALL.Cracked-CzW.torrent
2014-11-07 20:56 - 2014-11-07 20:56 - 00003250 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-11-06 19:29 - 2014-11-06 19:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-11-06 19:28 - 2014-11-06 19:28 - 03026176 _____ (GridinSoft) C:\Users\Bogdan\Downloads\TrojanKillerInstallerST.exe
2014-10-31 21:07 - 2014-11-09 22:43 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-10-31 21:07 - 2014-11-09 22:43 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-10-31 21:07 - 2014-11-09 22:43 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-10-31 21:07 - 2014-10-31 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-10-31 21:07 - 2014-10-31 21:07 - 00000000 ____D () C:\Program Files\Webroot
2014-10-31 21:06 - 2014-11-19 22:38 - 00000000 ____D () C:\ProgramData\WRData
2014-10-31 21:06 - 2014-10-31 21:06 - 00767664 _____ (Webroot) C:\Users\Bogdan\Downloads\wsainstall.exe
2014-10-31 20:59 - 2014-10-31 20:59 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-31 20:56 - 2014-10-31 20:56 - 00004438 _____ () C:\Windows\system32\.crusader
2014-10-31 20:40 - 2014-10-31 20:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-31 20:40 - 2014-10-31 20:40 - 11222744 _____ (SurfRight B.V.) C:\Users\Bogdan\Downloads\HitmanPro_x64.exe
2014-10-30 23:10 - 2014-11-18 23:10 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 22ba81d0-20d7-4bc1-be5f-926f84e924cc.job
2014-10-30 23:10 - 2014-11-16 02:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d45e328d-067c-4de7-a260-667380942f23.job
2014-10-30 23:10 - 2014-10-30 23:10 - 00003590 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d45e328d-067c-4de7-a260-667380942f23
2014-10-30 23:10 - 2014-10-30 23:10 - 00003516 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 22ba81d0-20d7-4bc1-be5f-926f84e924cc
2014-10-30 23:10 - 2014-10-30 23:10 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\SUPERAntiSpyware.com
2014-10-30 23:09 - 2014-11-18 23:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-30 23:09 - 2014-10-30 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-30 23:09 - 2014-10-30 23:09 - 20029304 _____ (SUPERAntiSpyware) C:\Users\Bogdan\Downloads\SUPERAntiSpyware.exe
2014-10-30 23:09 - 2014-10-30 23:09 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-30 23:09 - 2014-10-30 23:09 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-30 16:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-30 16:39 - 2014-11-18 22:46 - 00000000 ____D () C:\AdwCleaner
2014-10-30 16:39 - 2014-10-30 16:39 - 01375089 _____ () C:\Users\Bogdan\Downloads\AdwCleaner.exe
2014-10-30 16:08 - 2014-10-30 16:08 - 00000000 _____ () C:\autoexec.bat
2014-10-30 16:06 - 2014-10-30 16:06 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Bogdan\Downloads\SpyHunter-Installer.exe
2014-10-28 16:43 - 2014-10-28 16:43 - 00000000 ____D () C:\Users\Bogdan\AppData\Local\DDMSettings
2014-10-28 16:42 - 2014-10-28 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-10-28 16:42 - 2014-10-28 16:42 - 00000000 ____D () C:\Program Files\DivX
2014-10-28 16:41 - 2014-10-28 16:42 - 00000000 ____D () C:\ProgramData\DivX
2014-10-28 16:41 - 2014-10-28 16:42 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-10-28 16:41 - 2014-10-28 16:41 - 00995648 _____ (DivX, LLC) C:\Users\Bogdan\Downloads\DivXWebPlayerInstaller.exe
2014-10-28 16:39 - 2014-10-30 15:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 16:39 - 2014-10-28 16:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 16:39 - 2014-10-28 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 16:39 - 2014-10-28 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 16:39 - 2014-10-28 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 16:39 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 16:39 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 16:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 16:17 - 2014-10-28 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bogdan\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-26 15:55 - 2014-10-26 15:55 - 00000000 ____D () C:\ProgramData\boapeacpgdgmaddlclhpmgfdfddapmde
2014-10-25 14:46 - 2014-10-26 00:56 - 00000047 _____ () C:\Users\Bogdan\Desktop\refferals.txt
2014-10-25 13:44 - 2014-10-25 13:44 - 00175104 _____ () C:\Users\Bogdan\Downloads\RefBoost_Stub_Loader (1).zip
2014-10-25 13:33 - 2014-10-25 13:33 - 00002960 _____ () C:\Windows\System32\Tasks\{E42E7208-567A-469E-B121-DD8DFC4C14CA}
2014-10-25 13:32 - 2014-10-25 13:35 - 00000000 ____D () C:\Users\Bogdan\Desktop\refrestarter
2014-10-25 13:32 - 2014-10-25 13:32 - 00202945 _____ () C:\Users\Bogdan\Downloads\RefRestarterGui.zip
2014-10-25 13:32 - 2014-10-25 13:32 - 00010907 _____ () C:\Users\Bogdan\Downloads\RefRestarter.zip
2014-10-25 13:32 - 2014-10-25 13:32 - 00000000 ____D () C:\Users\Bogdan\Desktop\refboost
2014-10-25 12:46 - 2014-10-25 12:46 - 00175104 _____ () C:\Users\Bogdan\Downloads\RefBoost_Stub_Loader.zip
2014-10-23 14:06 - 2014-10-23 14:06 - 00004625 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-23 14:06 - 2014-10-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-23 14:06 - 2014-09-26 17:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 14:06 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-23 14:06 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 14:06 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-19 22:21 - 2014-02-22 15:55 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\Skype
2014-11-19 22:08 - 2014-02-22 15:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 21:02 - 2014-02-22 13:51 - 01540001 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 15:50 - 2014-06-21 17:08 - 00000000 ____D () C:\Users\Bogdan\AppData\Local\LogMeIn Hamachi
2014-11-19 15:50 - 2014-03-28 16:22 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\uTorrent
2014-11-19 15:47 - 2014-07-15 17:54 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-19 15:47 - 2014-02-22 18:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 15:47 - 2014-02-22 15:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 15:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 15:47 - 2009-07-14 06:51 - 00083535 _____ () C:\Windows\setupact.log
2014-11-18 22:48 - 2014-02-22 16:25 - 00138346 _____ () C:\Windows\PFRO.log
2014-11-16 15:22 - 2014-06-21 00:41 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\TeamViewer
2014-11-11 20:03 - 2014-02-22 17:42 - 00000000 ____D () C:\Users\Bogdan\AppData\Roaming\Adobe
2014-11-11 19:46 - 2009-07-14 07:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 17:48 - 2009-07-14 06:45 - 00417472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-08 17:47 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 17:47 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 17:06 - 2014-02-22 14:01 - 00109680 _____ () C:\Users\Bogdan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-08 17:05 - 2014-07-15 18:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-02 11:54 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 22:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-28 22:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-23 14:07 - 2014-05-24 23:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 14:06 - 2014-05-24 23:51 - 00000000 ____D () C:\Program Files (x86)\Java
 
Some content of TEMP:
====================
C:\Users\Bogdan\AppData\Local\Temp\Quarantine.exe
C:\Users\Bogdan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bogdan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-02-22 23:45
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Bogdan at 2014-11-19 22:48:30
Running from C:\Users\Bogdan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Reader XI - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Anvi Smart Defender 2.2 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.2 - Anvisoft)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
CodeBlocks (HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Genesis GX77 Driver (HKLM-x32\...\{B62CC42A-D1D9-4E91-BEDE-8614DE2AD943}) (Version:  - )
GENESIS HX66 Headset Driver (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
GENESIS HX66 Headset Driver (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0001 - )
Genesis RX66 keyboard Driver (HKLM-x32\...\{68F65E0D-F894-4F5A-B9E9-F3CAB29FB59A}) (Version: 1.0 - Genesis)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hammerfight (HKLM-x32\...\Steam App 41100) (Version:  - Konstantin Koshutin)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Ingato Client (HKLM-x32\...\Ingato Client 1.54) (Version: 1.57 - Ingato LTD)
Ingato Client (x32 Version: 1.54 - Ingato LTD) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5919 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Trojan Killer 2.0 (HKLM-x32\...\{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1) (Version:  - GridinSoft, Inc.)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.5.107 - Webroot)
WinDirStat 1.1.2 (HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\...\WinDirStat) (Version:  - )
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {022A30F2-B41C-4C34-B280-8B0CA38D4A78} - System32\Tasks\SUPERAntiSpyware Scheduled Task 22ba81d0-20d7-4bc1-be5f-926f84e924cc => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {322E3731-496C-4A32-9AA8-495212C64C3E} - System32\Tasks\{E42E7208-567A-469E-B121-DD8DFC4C14CA} => C:\Users\Bogdan\Desktop\refboost\RefBoost.exe [2014-10-13] ()
Task: {6886C257-4192-468E-ABF6-9AC29EC45518} - System32\Tasks\SUPERAntiSpyware Scheduled Task d45e328d-067c-4de7-a260-667380942f23 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9680E8C3-0458-4F65-991D-C8817152EED6} - System32\Tasks\ASD_Main => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe [2014-05-28] (Anvisoft)
Task: {A5AEE7C5-D8C7-4AC2-8E19-E4C2A28CAFBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {CA6BD869-5322-403F-8937-92FD271A7FA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D2A9EAA2-14B6-442B-953D-AF4FE9EB6B41} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 22ba81d0-20d7-4bc1-be5f-926f84e924cc.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d45e328d-067c-4de7-a260-667380942f23.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-05-27 09:02 - 2014-05-27 09:02 - 00500968 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\http_hook.dll
2014-04-30 04:04 - 2014-04-30 04:04 - 00088080 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\libglog.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 01039080 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Engine.dll
2014-04-30 04:04 - 2014-04-30 04:04 - 00038928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fuzzy.dll
2014-04-30 04:04 - 2014-04-30 04:04 - 00093712 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\zlibwapi.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 00135400 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ExtractImpl.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 00437480 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\InnoExtractDll.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 00030440 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UnpackImpl.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 00259816 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\pyunpacker.dll
2014-05-27 09:02 - 2014-05-27 09:02 - 00041704 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fsmlib.dll
2014-04-30 03:27 - 2014-04-30 03:27 - 00649744 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-13 18:18 - 2014-08-07 05:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2225666720-1219790975-2230852265-500 - Administrator - Disabled)
Bogdan (S-1-5-21-2225666720-1219790975-2230852265-1000 - Administrator - Enabled) => C:\Users\Bogdan
Guest (S-1-5-21-2225666720-1219790975-2230852265-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/19/2014 10:46:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 19.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 364
 
Start Time: 01d00439ac8b6afe
 
Termination Time: 21
 
Application Path: C:\Users\Bogdan\Desktop\FRST64.exe
 
Report Id:
 
Error: (11/19/2014 10:44:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 19.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1220
 
Start Time: 01d00438c10faa7b
 
Termination Time: 49
 
Application Path: C:\Users\Bogdan\Desktop\FRST64.exe
 
Report Id: e434525c-702c-11e4-80c9-6c626d0865b2
 
Error: (11/18/2014 03:34:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Bogdan-PC)
Description: Product: Adobe Reader XI (11.0.09) - Romanian - Update 'Adobe Reader XI (11.0.09)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/18/2014 03:34:29 PM) (Source: MsiInstaller) (EventID: 11321) (User: Bogdan-PC)
Description: Produs: Adobe Reader XI (11.0.09) - Romanian -- Eroare 1321.Programul de instalare nu dispune de privilegii suficiente pentru a modifica fişierul C:\Program Files (x86)\Adobe\Reader 11.0\Reader\A3DUtils.dll.
 
Error: (11/18/2014 03:33:56 PM) (Source: MsiInstaller) (EventID: 1024) (User: Bogdan-PC)
Description: Product: Adobe Reader XI - Romanian - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/16/2014 04:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.2.4.1, time stamp: 0x537510f8
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0xfac
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
 
Error: (11/16/2014 04:36:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode)
   at Terraria.Player.SavePlayer(Terraria.Player, System.String, Boolean, Boolean)
   at Terraria.WorldGen.saveToonWhilePlayingCallBack(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/15/2014 09:58:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: Bogdan-PC)
Description: Product: Adobe Reader XI (11.0.09) - Romanian - Update 'Adobe Reader XI (11.0.09)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/15/2014 09:58:15 AM) (Source: MsiInstaller) (EventID: 11310) (User: Bogdan-PC)
Description: Produs: Adobe Reader XI (11.0.09) - Romanian -- Eroare 1310.A survenit o eroare la scrierea în fişierul C:\Program Files (x86)\Adobe\Reader 11.0\Reader\A3DUtils.dll.Eroare de sistem: 5. Verificaţi dacă aveţi acces la acest director.
 
Error: (11/15/2014 09:57:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: Bogdan-PC)
Description: Product: Adobe Reader XI - Romanian - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (11/19/2014 03:50:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/19/2014 08:21:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/18/2014 10:50:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/18/2014 03:33:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/18/2014 08:32:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/17/2014 07:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/17/2014 05:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/17/2014 00:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/17/2014 11:59:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/17/2014 11:59:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 77%
Total physical RAM: 4095.24 MB
Available physical RAM: 914.09 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 3846.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.19 GB) (Free:1.33 GB) NTFS
Drive d: () (Fixed) (Total:436.46 GB) (Free:8.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 78307830)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
The Junkware removal tool gets stuck at check startup.
 
 
 
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 19 November 2014 - 04:39 PM

Greetings,

My pleasure to work with you on this.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-10-26 15:55 - 2014-10-26 15:55 - 00000000 ____D () C:\ProgramData\boapeacpgdgmaddlclhpmgfdfddapmde
C:\Users\Bogdan\AppData\Local\Temp\Quarantine.exe
C:\Users\Bogdan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bogdan\AppData\Local\Temp\sqlite3.dll
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 19 November 2014 - 05:06 PM

Here is the log 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
Ran by Bogdan at 2014-11-19 23:58:36 Run:1
Running from C:\Users\Bogdan\Desktop
Loaded Profile: Bogdan (Available profiles: Bogdan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-10-26 15:55 - 2014-10-26 15:55 - 00000000 ____D () C:\ProgramData\boapeacpgdgmaddlclhpmgfdfddapmde
C:\Users\Bogdan\AppData\Local\Temp\Quarantine.exe
C:\Users\Bogdan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bogdan\AppData\Local\Temp\sqlite3.dll
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
SR => Service deleted successfully.
srservice => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\boapeacpgdgmaddlclhpmgfdfddapmde => Moved successfully.
C:\Users\Bogdan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Bogdan\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Bogdan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-2225666720-1219790975-2230852265-1000\Software\Classes\exefile" => Key not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
The computer runs ok .


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 19 November 2014 - 05:14 PM

What does OK mean? Are there any symptoms?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 November 2014 - 03:57 PM

No java update popups  but i just ran a scan and found 150 adware  tracking cookies besides that no problems.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 20 November 2014 - 05:11 PM

Which scan?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 November 2014 - 05:25 PM

I mean this log :
 
 
Operating System Information
 
 
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 465
Memory threats detected   : 0
Registry items scanned    : 63000
Registry threats detected : 0
File items scanned        : 23365
File threats detected     : 155
 
Adware.Tracking Cookie
C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\ZOA371Z5.txtC:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\ZOA371Z5.txt [ /imrworldwide.com ]
C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\D3X18ET1.txtC:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\D3X18ET1.txt [ /bs.serving-sys.com ]
C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\MRXLC96Y.txtC:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\MRXLC96Y.txt [ /doubleclick.net ]
C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\LVRKCGYY.txtC:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Cookies\LVRKCGYY.txt [ /serving-sys.com ]
C:\USERS\BOGDAN\Cookies\ZOA371Z5.txtC:\USERS\BOGDAN\Cookies\ZOA371Z5.txt [ Cookie:bogdan@imrworldwide.com/ ]
C:\USERS\BOGDAN\Cookies\MRXLC96Y.txtC:\USERS\BOGDAN\Cookies\MRXLC96Y.txt [ Cookie:bogdan@doubleclick.net/ ]
.doubleclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adservingfactory.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adservingfactory.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adservingfactory.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adformdsp.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
.webtrackerplus.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
myimagetracking.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
myimagetracking.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.survey.g.doubleclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.servebom.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.syncedvision.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.syncedvision.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revenuemantra.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findmymobile.samsung.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.elitepvpers.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.org [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.elitepvpers.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.webmasterbond.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleadservices.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onclickads.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onclickads.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onclickads.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adformdsp.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adformdsp.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adjuggler.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adjuggler.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.simplyserve.me [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.workfinder.ro [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.workfinder.ro [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.workfinder.ro [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ucounter.ucoz.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ucounter.ucoz.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ucounter.ucoz.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.upstats.ru [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.upstats.ru [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.upstats.ru [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
kw.2.cqcounter.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.ibexnetwork.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dmp.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.game-advertising-online.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advertizenet.rotator.hadj7.adjuggler.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.webmasterbond.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\BOGDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
Trojan.Agent/Gen-Hupigon
D:\METIN2MOLDOVA\METIN2.EXE.BIN
D:\METIN2MOLDOVA\METIN2.BIN
 
============
 End of Log 
============
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 20 November 2014 - 05:44 PM

Thank you,

Please see here regarding managing Chrome cookies.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Dalekkhan

Dalekkhan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 22 November 2014 - 07:57 PM

Here they are:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/23/2014 12:44:27 AM
User account: Bogdan-PC\Bogdan
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/23/2014 12:45:20 AM
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-21-2225666720-1219790975-2230852265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
C:\Users\Bogdan\AppData\Roaming\Passware\ detected: Application.Win32.PassRecover (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2225666720-1219790975-2230852265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-21-2225666720-1219790975-2230852265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2225666720-1219790975-2230852265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-2225666720-1219790975-2230852265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Genesis\RX66 keyboard\OSD.exe.vir detected: Trojan.Generic.11778504 (B)
C:\AdwCleaner\Quarantine\C\ProgramData\GGoSAVe\3rHSCZfrkhPrg2.exe.vir detected: Gen:Variant.Adware.Strictor.61989 (B)
C:\Users\Bogdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg\169\ZNJz.js -> (INFECTED_JS) detected: JS:Trojan.Script.CMO (B)
C:\Users\Bogdan\Desktop\refboost\RefBoost.exe detected: Trojan.Generic.11963813 (B)
C:\Users\Bogdan\Downloads\RefBoost_Stub_Loader (1).zip -> RefBoost Stub Loader/RefBoost.exe detected: Trojan.Generic.11963813 (B)
C:\Users\Bogdan\Downloads\RefBoost_Stub_Loader.zip -> RefBoost Stub Loader/RefBoost.exe detected: Trojan.Generic.11963813 (B)
 
Scanned 197085
Found 37
 
Scan end: 11/23/2014 2:34:49 AM
Scan time: 1:49:29
 
 

ults of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Google Chrome 36.0.1985.125 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Anvisoft Anvi Smart Defender ASD2Srv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 22 November 2014 - 08:15 PM

Thanks,

Please update Google Chrome by following these instructions.

Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:24 AM

Posted 25 November 2014 - 07:53 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users