Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VC64Loader.dll error


  • This topic is locked This topic is locked
9 replies to this topic

#1 matolcsim

matolcsim

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 15 December 2014 - 04:12 PM

Hi guys.

 

I run a 64bit Windows 7 on my laptop and since yesterday basically after opening every other program I keep getting VC64Loader.dll error.

It really is annoying and the worst thing is that I have no idea how to get rid of it?

 

I'd really appreciate if anyone could help me out.

 

Thanks in advance.

 

PS.: if its required I can provide FRST scans.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 15 December 2014 - 04:37 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to a USB stick and transfer it to the affected computer.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 matolcsim

matolcsim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 15 December 2014 - 04:53 PM

Hi Georgi!

 

Thanks For the quick reply. Here they are:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Milan (administrator) on MONSTER on 15-12-2014 21:11:07
Running from C:\Users\Milan\Downloads
Loaded Profile: Milan (Available profiles: Milan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: magyar (Magyarország)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Scarlet.Crush Productions) C:\xxx\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-10-15] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-10-15] (Atheros Commnucations)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-07-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-07-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] ()
HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-07-05] () <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [0 2014-12-14] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MC29A573E-AE94-4BDE-B048-43DAE067B8D1&SearchSource=55&CUI=&UM=6&UP=SP3B2D95A6-AA86-43FB-B56E-16257DFB7527&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MC29A573E-AE94-4BDE-B048-43DAE067B8D1&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP3B2D95A6-AA86-43FB-B56E-16257DFB7527
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\user.js
FF SearchPlugin: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sztaki-en-hu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vatera.xml
FF Extension: Adblock Plus - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-07-03]
CHR Extension: (Google Dokumentumok) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-03]
CHR Extension: (Google Drive) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-03]
CHR Extension: (\r\n Air Hockey) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apodhfipkokiikmebaaeppbphbjeiakn [2014-07-07]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-03]
CHR Extension: (Google-keresés) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-03]
CHR Extension: (Tampermonkey) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-11-29]
CHR Extension: (Cut the Rope) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-07-03]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-07-04]
CHR Extension: (Quick Note) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-07-03]
CHR Extension: (Google Pénztárca) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03]
CHR Extension: (Adblock Pro) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-03]
CHR Extension: (Greyscale) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2014-07-04]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 Ds3Service; C:\xxx\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2013-12-18] (Scarlet.Crush Productions) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-04] (Microsoft Corporation) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 16:14 - 2014-12-15 16:14 - 00003456 _____ () C:\Users\Milan\Downloads\Supreme and Volumetric Fog v2-24460-v2-0.rar
2014-12-15 16:14 - 2013-04-09 13:47 - 00001588 _____ () C:\Users\Milan\Readme - Supreme Fog.txt
2014-12-15 14:36 - 2014-12-15 14:50 - 00027254 _____ () C:\Users\Milan\Downloads\Addition.txt
2014-12-15 14:35 - 2014-12-15 21:11 - 00017513 _____ () C:\Users\Milan\Downloads\FRST.txt
2014-12-15 14:34 - 2014-12-15 21:11 - 00000000 ____D () C:\FRST
2014-12-15 14:34 - 2014-12-15 14:34 - 02119168 _____ (Farbar) C:\Users\Milan\Downloads\FRST64.exe
2014-12-15 11:14 - 2014-12-15 11:14 - 00000000 _____ () C:\autoexec.bat
2014-12-15 11:06 - 2014-12-15 11:06 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Milan\Downloads\SpyHunter-Installer.exe
2014-12-15 03:53 - 2014-12-15 03:53 - 00001996 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\FXAA Tool.lnk
2014-12-15 03:53 - 2014-12-15 03:53 - 00001990 _____ () C:\Users\Public\Desktop\FXAA Tool.lnk
2014-12-15 03:49 - 2014-12-15 03:50 - 00295316 _____ () C:\Users\Milan\Downloads\Post Process Injector 2_1 Installer-131-2-1.exe
2014-12-14 22:04 - 2014-12-14 22:04 - 00000000 ____D () C:\Games
2014-12-14 22:02 - 2014-12-14 23:16 - 00000000 ____D () C:\Users\Milan\Documents\Nexus Mod Manager
2014-12-14 22:02 - 2014-12-14 22:02 - 00000890 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-12-14 22:02 - 2014-12-14 22:02 - 00000000 ____D () C:\Users\Milan\AppData\Local\Black_Tree_Gaming
2014-12-14 22:02 - 2014-12-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-12-14 22:02 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-12-14 22:01 - 2014-12-14 22:01 - 04282672 _____ (Black Tree Gaming ) C:\Users\Milan\Downloads\Nexus Mod Manager-0.52.3.exe
2014-12-14 21:58 - 2014-12-14 21:58 - 00055479 _____ () C:\Users\Milan\Downloads\skyrim_token_by_treyarts-d4g2pym.rar
2014-12-14 21:42 - 2014-12-14 21:43 - 00557387 _____ () C:\Users\Milan\Downloads\skse_1_07_01.7z
2014-12-14 21:42 - 2014-12-14 21:42 - 00313875 _____ () C:\Users\Milan\Downloads\skse_1_07_01_installer.exe
2014-12-14 21:42 - 2014-12-14 21:42 - 00001970 _____ () C:\Users\Milan\Desktop\Skyrim (SKSE).lnk
2014-12-14 21:40 - 2014-12-14 21:40 - 00159559 _____ () C:\Users\Milan\Downloads\TESVAL-1.3.10.0-2011-12-22-skseplugin.7z
2014-12-14 21:35 - 2014-12-14 21:44 - 00000000 ____D () C:\Users\Milan\Downloads\Skyrim
2014-12-14 20:55 - 2014-12-14 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-12-14 20:51 - 2014-12-14 20:51 - 00000410 __RSH () C:\ProgramData\ntuser.pol
2014-12-14 20:51 - 2014-12-14 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-12-14 20:45 - 2014-12-14 20:45 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-14 20:44 - 2014-12-14 20:51 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-12-14 20:44 - 2014-12-14 20:45 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-14 20:44 - 2013-05-19 02:02 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2014-12-14 19:06 - 2014-12-14 19:06 - 85316172 _____ () C:\Users\Milan\Downloads\SCP DS3 Driver Package (PS4) (2).zip
2014-12-14 18:35 - 2014-12-15 21:09 - 00000000 ____D () C:\Users\Milan\AppData\Local\Skyrim
2014-12-14 18:34 - 2014-12-14 18:34 - 00001083 _____ () C:\Users\Milan\Desktop\TSEV Skyrim LE.lnk
2014-12-14 18:34 - 2014-12-14 18:34 - 00000000 ____D () C:\Users\Milan\Documents\My Games
2014-12-14 18:34 - 2014-12-14 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2014-12-14 18:32 - 2014-12-14 18:32 - 00003156 _____ () C:\Windows\System32\Tasks\XboxStatTask
2014-12-14 18:30 - 2014-12-14 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2014-12-14 18:30 - 2014-12-14 18:30 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-12-14 18:24 - 2014-12-14 18:24 - 07878008 _____ (Microsoft Corporation) C:\Users\Milan\Downloads\Xbox360_64Eng.exe
2014-12-14 18:23 - 2014-12-14 18:23 - 00734025 _____ () C:\Users\Milan\Downloads\DS4Tool.zip
2014-12-14 18:12 - 2014-12-15 21:09 - 00000000 ____D () C:\Program Files (x86)\TSEV Skyrim LE
2014-12-14 18:08 - 2014-12-14 18:08 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000812 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Users\Milan\AppData\Local\SearchProtect
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Program Files\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-14 18:07 - 2014-10-08 13:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2014-12-14 18:05 - 2014-12-14 18:05 - 00000000 ____D () C:\Users\Milan\AppData\Local\ESET
2014-12-14 18:05 - 2014-12-14 18:05 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-12-13 19:49 - 2014-12-13 19:49 - 00000696 _____ () C:\Users\Public\Desktop\FM Genie Scout 15g.lnk
2014-12-13 19:49 - 2014-12-13 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 15g
2014-12-13 19:48 - 2014-12-13 19:48 - 21109986 _____ () C:\Users\Milan\Downloads\genie15g_setup_15.2.0_b509.zip
2014-12-12 21:50 - 2014-12-12 21:50 - 00044490 _____ () C:\Users\Milan\Downloads\abysmal_mod_for_potplayer_by_shamka-d4i4rze (1).zip
2014-12-12 21:50 - 2014-12-12 21:50 - 00000953 _____ () C:\Users\Milan\Desktop\PotPlayer x64.lnk
2014-12-12 21:50 - 2014-12-12 21:50 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\PotPlayerMini64
2014-12-12 21:44 - 2014-12-12 21:47 - 20778986 _____ () C:\Users\Milan\Downloads\PotPlayer1.6.49952-x64.EXE
2014-12-12 10:56 - 2014-12-12 10:56 - 00009543 _____ () C:\Users\Milan\Documents\bejglirendelés.xlsx
2014-12-11 02:22 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 02:22 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 02:22 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 02:22 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 02:22 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 02:22 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 02:22 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 02:22 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 02:22 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 02:22 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 02:22 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 02:22 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 02:22 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 02:22 - 2014-11-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 02:22 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 02:22 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 02:22 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 02:22 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 02:22 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 02:22 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 02:22 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 02:22 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 02:22 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 02:22 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 02:22 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 02:22 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 02:22 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 02:22 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 02:22 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 02:22 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 02:22 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 02:22 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 02:22 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 02:22 - 2014-11-22 01:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 02:22 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 02:22 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 02:22 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 02:22 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 02:22 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 02:22 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 02:22 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 02:22 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 02:22 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 02:22 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 02:22 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 02:22 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 02:22 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 02:22 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 02:22 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 02:22 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 02:22 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 02:22 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 02:22 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 02:22 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 02:22 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 02:22 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 01:34 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 01:34 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 13:56 - 2014-12-09 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-09 13:54 - 2014-12-09 13:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-12-09 13:53 - 2014-12-09 13:53 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-09 13:53 - 2014-12-09 13:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-12-09 13:51 - 2014-12-09 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 13:51 - 2014-12-09 13:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-09 13:51 - 2014-12-09 13:51 - 00000000 __RHD () C:\MSOCache
2014-12-09 13:51 - 2014-12-09 13:51 - 00000000 ____D () C:\Users\Milan\AppData\Local\Microsoft Help
2014-12-09 13:51 - 2014-12-09 13:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 13:51 - 2014-12-09 13:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-12-09 13:50 - 2014-12-09 13:50 - 00000000 ____D () C:\!temp
2014-12-08 10:57 - 2014-12-08 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-08 10:57 - 2014-12-08 10:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-12-08 10:57 - 2014-12-08 10:57 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-12-08 10:57 - 2011-04-18 18:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMILE.DLL
2014-12-08 10:57 - 2011-03-13 18:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBILE.DLL
2014-12-08 10:57 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-12-08 10:30 - 2014-12-12 13:30 - 00000000 ____D () C:\Users\Milan\Documents\sneggbar
2014-12-08 09:04 - 2014-12-08 09:04 - 00027369 _____ () C:\Users\Milan\Downloads\chopin_script.zip
2014-12-08 09:01 - 2014-12-08 09:01 - 00058728 _____ () C:\Users\Milan\Downloads\scriptina.zip
2014-12-07 15:30 - 2014-12-07 15:30 - 00000725 _____ () C:\Users\Milan\Documents\gethighenjoyliferepeat.txt
2014-12-05 13:00 - 2014-12-05 13:02 - 00067103 _____ () C:\.fmf
2014-12-05 10:31 - 2014-12-05 10:31 - 00114130 _____ () C:\Users\Milan\Downloads\E24 - Level 10_660A082A-7D17-4A03-8D46-184D6FE07ED4.fmf
2014-12-05 10:14 - 2014-12-05 10:14 - 00041363 _____ () C:\Users\Milan\Downloads\FMonline Forum - England.fmf
2014-12-05 10:14 - 2014-12-05 10:14 - 00006062 _____ () C:\Users\Milan\Downloads\BDD-Immense (1).zip
2014-12-05 09:49 - 2014-12-05 09:49 - 00006062 _____ () C:\Users\Milan\Downloads\BDD-Immense.zip
2014-12-03 17:12 - 2014-12-03 17:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-12-02 13:55 - 2014-12-02 13:55 - 00956071 _____ () C:\Users\Milan\Downloads\birds_of_paradise.zip
2014-11-18 19:29 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:29 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:29 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 19:29 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 09:58 - 2014-11-17 09:58 - 00000222 _____ () C:\Users\Milan\Desktop\Football Manager 2015 Editor.url
2014-11-17 08:26 - 2014-11-17 08:26 - 00000471 _____ () C:\Users\Milan\Downloads\SAVAGE FM WONDERKIDS.slf
2014-11-17 08:14 - 2014-11-17 08:14 - 02267184 _____ () C:\Users\Milan\Downloads\helveticalite_rc1.zip
2014-11-15 15:01 - 2014-12-04 20:22 - 06126536 _____ (Tim Kosse) C:\Users\Milan\Downloads\FileZilla_3.9.0.6_win32-setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 20:58 - 2014-07-03 18:42 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 20:58 - 2014-07-03 18:42 - 00001024 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 20:54 - 2010-11-21 17:26 - 00683598 _____ () C:\Windows\system32\perfh00E.dat
2014-12-15 20:54 - 2010-11-21 17:26 - 00171124 _____ () C:\Windows\system32\perfc00E.dat
2014-12-15 20:54 - 2009-07-14 05:13 - 01627272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 20:52 - 2014-07-03 16:50 - 01495865 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 20:48 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 20:48 - 2009-07-14 04:51 - 00078710 _____ () C:\Windows\setupact.log
2014-12-15 18:25 - 2014-07-03 17:46 - 05536108 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-15 18:25 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 18:25 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 16:14 - 2014-07-03 16:54 - 00000000 ____D () C:\Users\Milan
2014-12-15 14:52 - 2014-07-03 19:58 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\FileZilla
2014-12-15 14:07 - 2010-11-21 03:47 - 00027080 _____ () C:\Windows\PFRO.log
2014-12-15 13:36 - 2014-07-03 21:43 - 00000000 ____D () C:\xxx
2014-12-15 08:58 - 2014-07-03 21:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-15 04:23 - 2014-07-04 05:12 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\vlc
2014-12-15 02:00 - 2014-10-22 16:05 - 00000000 ____D () C:\Users\Milan\AppData\Local\Adobe
2014-12-14 23:18 - 2014-07-05 16:45 - 00000000 ____D () C:\Users\Milan\AppData\Local\CrashDumps
2014-12-14 20:51 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-14 18:30 - 2014-07-03 21:50 - 00039941 _____ () C:\Windows\DirectX.log
2014-12-13 19:49 - 2014-11-12 00:31 - 00000000 ____D () C:\FM Genie Scout 15g
2014-12-13 12:33 - 2014-07-03 19:54 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\uTorrent
2014-12-12 21:50 - 2014-07-04 01:01 - 00000000 ____D () C:\Program Files\Daum
2014-12-12 21:45 - 2014-07-04 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2014-12-12 10:51 - 2014-07-03 19:59 - 00000000 ____D () C:\Users\Milan\uTorrent
2014-12-12 08:00 - 2014-07-03 18:43 - 00002173 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:21 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:05 - 2014-07-04 02:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:02 - 2014-07-04 02:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:52 - 2009-07-14 05:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 19:59 - 2009-07-14 04:45 - 04975760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 14:28 - 2014-07-03 17:14 - 00111296 _____ () C:\Users\Milan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 13:56 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
2014-12-09 13:54 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-09 13:53 - 2010-11-21 17:36 - 00000000 ____D () C:\Windows\ShellNew
2014-12-09 13:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-08 14:34 - 2014-10-23 09:27 - 00000132 _____ () C:\Users\Milan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-02 14:05 - 2014-10-23 09:02 - 00000000 ____D () C:\Users\Milan\Photoshop
2014-11-19 04:48 - 2010-11-21 17:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-17 10:15 - 2014-07-04 03:58 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-11-17 10:15 - 2014-07-04 03:58 - 00000000 ____D () C:\Users\Milan\Documents\Sports Interactive
2014-11-17 10:15 - 2014-07-04 03:58 - 00000000 ____D () C:\Users\Milan\AppData\Local\Sports Interactive
2014-11-17 09:58 - 2014-07-04 03:37 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
Some content of TEMP:
====================
C:\Users\Milan\AppData\Local\Temp\130533948970403750.exe
C:\Users\Milan\AppData\Local\Temp\bassmod.dll
C:\Users\Milan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Milan\AppData\Local\Temp\proxy_vole8968035481612320937.dll
C:\Users\Milan\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 05:57
 
==================== End Of Log ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Milan at 2014-12-15 21:11:49
Running from C:\Users\Milan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM-x32\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.165 - Atheros)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Consolas Font Family (HKLM-x32\...\{6AE22174-4FFA-4572-B692-31F0C386ED38}) (Version: 1.00.0000 - Microsoft Corporation)
Daum PotPlayer 1.6.49952 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
ESET NOD32 Antivirus (HKLM\...\{A4ED10EC-DFCC-4993-A46E-F8D0992BFF3D}) (Version: 4.2.71.2 - ESET, spol s r. o.)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FileZilla Client 3.8.1 (HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FM Genie Scout 14g version 1.2 14.3.1 (HKLM-x32\...\FM Genie Scout 14g_is1) (Version: 1.2 14.3.1 - )
FM Genie Scout 15g version 1.0 15.2.0 beta 8 (HKLM-x32\...\FM Genie Scout 15g_is1) (Version: 1.0 15.2.0 beta 8 - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version:  - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help-frissítés (KB963678) (HKLM-x32\...\{90120000-0016-040E-0000-0000000FF1CE}_ENTERPRISE_{76BD9044-91EB-46FC-8CA6-0AA239BB8A93}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help-frissítés (KB963669) (HKLM-x32\...\{90120000-0018-040E-0000-0000000FF1CE}_ENTERPRISE_{6863CE52-1321-482E-B930-B325EE09AEFF}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help-frissítés (KB963665) (HKLM-x32\...\{90120000-001B-040E-0000-0000000FF1CE}_ENTERPRISE_{0E56E23A-EDB8-42C7-A285-7258C5944EB4}) (Version:  - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 30.0 (x86 hu) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 hu)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu) <==== ATTENTION!
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows illesztőprogram-csomag - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR archiváló (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-12-2014 18:25:15 Installed DirectX
14-12-2014 20:54:09 Eszközillesztő-csomag telepítése: Scarlet.Crush Productions Rendszereszközök
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2014-10-22 17:01 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05DE3467-28EC-4ADF-9135-08475E822271} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3D7D760A-09EF-4F1D-8702-86DCAAE94629} - System32\Tasks\AdobeAAMUpdater-1.0-Monster-Milan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {BB9A890F-3A8F-409B-8BA6-DBDC08A81E65} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-09-30] (Microsoft Corporation)
Task: {CBF5BCAD-DC58-4FDB-BEF3-EC343336C32C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {F27965AE-CA3E-4159-97BE-F970DE63A453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-24 15:10 - 2013-04-24 15:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-01 19:29 - 2014-05-01 19:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2008-12-20 01:20 - 2014-07-03 17:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 14:30 - 2014-07-03 17:39 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-08 13:38 - 2014-07-03 17:39 - 00011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\hu-HU\EMWpfUI.resources.dll
2008-12-20 01:20 - 2014-07-03 17:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-03 17:11 - 2013-04-11 05:18 - 00429792 _____ () C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
2014-07-03 17:11 - 2013-04-11 05:19 - 02217696 _____ () C:\Program Files\AMD Quick Stream\AqsUI.dll
2013-04-24 15:10 - 2013-04-24 15:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-01 09:08 - 2014-06-01 09:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-12-12 08:00 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 08:00 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 08:00 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 08:00 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 08:00 - 2014-12-06 01:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-07-03 20:09 - 2009-08-16 15:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
 
========================= Accounts: ==========================
 
HomeGroupUser$ (S-1-5-21-2245773727-2850897442-1369911417-1004 - Limited - Enabled)
Milan (S-1-5-21-2245773727-2850897442-1369911417-1000 - Administrator - Enabled) => C:\Users\Milan
Rendszergazda (S-1-5-21-2245773727-2850897442-1369911417-500 - Administrator - Disabled)
Vendég (S-1-5-21-2245773727-2850897442-1369911417-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/15/2014 08:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 02:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 11:01:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2014 11:18:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: NexusClient.exe, verzió: 0.52.3.0, időbélyeg: 0x542956f4
A hibát okozó modul neve: KERNELBASE.dll, verzió: 6.1.7601.18409, időbélyeg: 0x5315a05a
Kivételkód: 0xe0434352
Hiba pozíciója: 0x000000000000940d
A hibát okozó folyamat azonosítója: 0x21c8
A hibát okozó alkalmazás indításának időpontja: 0xNexusClient.exe0
A hibát okozó alkalmazás elérési útja: NexusClient.exe1
A hibát okozó modul elérési útja: NexusClient.exe2
Jelentés azonosítója: NexusClient.exe3
 
Error: (12/14/2014 11:18:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NexusClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at System.IO.File.OpenWrite(System.String)
   at Nexus.Client.Util.Downloader.FileWriter.WaitForData()
   at Nexus.Client.Util.Threading.TrackedThread.RunThread()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (12/14/2014 11:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: NexusClient.exe, verzió: 0.52.3.0, időbélyeg: 0x542956f4
A hibát okozó modul neve: KERNELBASE.dll, verzió: 6.1.7601.18409, időbélyeg: 0x5315a05a
Kivételkód: 0xe0434352
Hiba pozíciója: 0x000000000000940d
A hibát okozó folyamat azonosítója: 0x1e64
A hibát okozó alkalmazás indításának időpontja: 0xNexusClient.exe0
A hibát okozó alkalmazás elérési útja: NexusClient.exe1
A hibát okozó modul elérési útja: NexusClient.exe2
Jelentés azonosítója: NexusClient.exe3
 
Error: (12/14/2014 11:16:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NexusClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at System.IO.File.OpenWrite(System.String)
   at Nexus.Client.Util.Downloader.FileWriter.WaitForData()
   at Nexus.Client.Util.Threading.TrackedThread.RunThread()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (12/14/2014 11:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: NexusClient.exe, verzió: 0.52.3.0, időbélyeg: 0x542956f4
A hibát okozó modul neve: KERNELBASE.dll, verzió: 6.1.7601.18409, időbélyeg: 0x5315a05a
Kivételkód: 0xe0434352
Hiba pozíciója: 0x000000000000940d
A hibát okozó folyamat azonosítója: 0x1e24
A hibát okozó alkalmazás indításának időpontja: 0xNexusClient.exe0
A hibát okozó alkalmazás elérési útja: NexusClient.exe1
A hibát okozó modul elérési útja: NexusClient.exe2
Jelentés azonosítója: NexusClient.exe3
 
Error: (12/14/2014 11:14:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NexusClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at System.IO.File.OpenWrite(System.String)
   at Nexus.Client.Util.Downloader.FileWriter.WaitForData()
   at Nexus.Client.Util.Threading.TrackedThread.RunThread()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (12/14/2014 10:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: NexusClient.exe, verzió: 0.52.3.0, időbélyeg: 0x542956f4
A hibát okozó modul neve: KERNELBASE.dll, verzió: 6.1.7601.18409, időbélyeg: 0x5315a05a
Kivételkód: 0xe0434352
Hiba pozíciója: 0x000000000000940d
A hibát okozó folyamat azonosítója: 0x3cc
A hibát okozó alkalmazás indításának időpontja: 0xNexusClient.exe0
A hibát okozó alkalmazás elérési útja: NexusClient.exe1
A hibát okozó modul elérési útja: NexusClient.exe2
Jelentés azonosítója: NexusClient.exe3
 
 
System errors:
=============
Error: (12/15/2014 08:49:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: alkalmazásspecifikusHelyiindítási{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (helyi állomás, LRPC használatával)
 
Error: (12/15/2014 08:48:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Update service) a következő hiba következtében leállt: 
%%2
 
Error: (12/15/2014 06:25:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/15/2014 02:08:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: alkalmazásspecifikusHelyiindítási{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (helyi állomás, LRPC használatával)
 
Error: (12/15/2014 02:07:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Update service) a következő hiba következtében leállt: 
%%2
 
Error: (12/15/2014 02:06:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/15/2014 11:01:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: alkalmazásspecifikusHelyiindítási{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (helyi állomás, LRPC használatával)
 
Error: (12/15/2014 11:00:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Update service) a következő hiba következtében leállt: 
%%2
 
Error: (12/15/2014 08:58:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/14/2014 06:11:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: alkalmazásspecifikusHelyiindítási{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (helyi állomás, LRPC használatával)
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7383.36 MB
Available physical RAM: 4882.5 MB
Total Pagefile: 14764.91 MB
Available Pagefile: 11760.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.56 GB) (Free:132.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=1000 MB) - (Type=12)
Partition 3: (Not Active) - (Size=929.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by matolcsim, 15 December 2014 - 05:01 PM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 16 December 2014 - 01:09 AM

Hi,

 

 

I suggest you to uninstall uTorrent.



Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software
 

 

 

Also we don't support cracks here, so before we can continue you should uninstall:

 

Adobe Illustrator CS5
Adobe Photoshop CS5.1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2014-10-22 17:01 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

 

 

It's not recommended to have more than one resident scanner:

 

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

You should consider to disable Windows Defender and update Eset to the latest version 8:

 

http://windows.microsoft.com/en-us/windows/turn-windows-defender-on-off#turn-windows-defender-on-off=windows-7

http://www.eset.com/us/download/home/detail/family/2/?trl=ea

 

 

Next please go ahead and uninstall Search Protect as well.

Regarding the timestamps your problem came with PowerIso:

 

2014-12-14 18:08 - 2014-12-14 18:08 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000812 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Users\Milan\AppData\Local\SearchProtect
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Program Files\PowerISO
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

 

Please download the following file => [attachment=159266:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Let me know if the problem still persists after the script above.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 matolcsim

matolcsim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 16 December 2014 - 07:47 AM

Did all of the above and after a reboot it seems to be working flawlessly now. Here is the fixlog as requested:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Milan at 2014-12-16 12:39:31 Run:1
Running from C:\xxx\FRST
Loaded Profile: Milan (Available profiles: Milan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
File: C:\Windows\expstart.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [0 2014-12-14] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MC29A573E-AE94-4BDE-B048-43DAE067B8D1&SearchSource=55&CUI=&UM=6&UP=SP3B2D95A6-AA86-43FB-B56E-16257DFB7527&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MC29A573E-AE94-4BDE-B048-43DAE067B8D1&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP3B2D95A6-AA86-43FB-B56E-16257DFB7527
FF SearchPlugin: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\searchplugins\trovi-search.xml
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Users\Milan\AppData\Local\SearchProtect
2014-12-14 18:07 - 2014-12-14 18:07 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
Hosts:
emptytemp:
end
*****************
 
 
========================= File: C:\Windows\expstart.exe ========================
 
MD5: 2B6734FE076889278D6BFE443F81D6E8
Creation and modification date: 2014-07-05 12:34 - 2014-07-05 12:55
Size: 0925184
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End Of File: ======
 
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data removed successfully.
HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2245773727-2850897442-1369911417-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox newtab deleted successfully.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\Milan\AppData\Local\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
A Winsock katal�gus alaphelyzetbe �ll�t�sa sikeresen v�grehajtva.
A m�velet teljes befejez�s�hez ind�tsa �jra a sz�m�t�g�pet.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP konfigur�ci�
 
A DNS-felold�si gyors�t�t�r ki�r�t�se sikeresen megt�rt�nt.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====



If that's all then all I can say is thank you very much Georgi. Tremendous help.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 17 December 2014 - 06:10 AM

Hi,

 

I am glad I could help. :)

 

Although the malware has been removed I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 matolcsim

matolcsim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 December 2014 - 06:55 AM

Hi Georgi.

 

Sorry about the delay, I've been quite busy the last few days. Here are the requested logs from the aforementioned programs.

 

# AdwCleaner v4.105 - Report created 20/12/2014 at 11:03:35
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Milan - MONSTER
# Running from : C:\Users\Milan\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\96dsndkx.default\user.js
File Deleted : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v30.0 (hu)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [1462 octets] - [20/12/2014 11:01:00]
AdwCleaner[S0].txt - [1344 octets] - [20/12/2014 11:03:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1404 octets] ##########








~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Milan on 2014.12.20. at 11:07:12,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014.12.20. at 11:12:20,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 








Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014.12.20.
Scan Time: 11:32:09
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.20.01
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Milan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321731
Time Elapsed: 10 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [d647c79c2458e1550636def46f9504fc], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [fd20baa9740888ae03384b87b054b64a], 
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [f32aafb4fd7f81b5d46ef5b64eb6eb15], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [70ade97a48347cbaf04fdaf8b54f9967], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 21 December 2014 - 10:41 AM

Hi,

 

Nice work! We are almost done here! :)

Lets check for leftovers.

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 2

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 3

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 24 December 2014 - 03:09 PM

Hello,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:11 PM

Posted 28 December 2014 - 11:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users