Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Pop Ups..need help with removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 Nachocreech

Nachocreech

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 January 2015 - 04:07 PM

Hello,

 

Recently when I start my computer I get multiple/alot of Bad Image pop ups. Also when I start up a program it appears as well.

I ran Malwarebytes and it came out clean.

 

I am really hoping to get rid of this annoying virus and I hope you guys can help me out.

 

thanks in advance.



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:30 PM

Posted 18 January 2015 - 05:23 PM

Hello

Nachocreech

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Nachocreech

Nachocreech
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 19 January 2015 - 09:41 AM

# AdwCleaner v4.108 - Report created 19/01/2015 at 09:17:34
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : takun - ETC-TAKUN
# Running from : C:\Users\takun\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\DOOwnloaD ukkeEEper
Folder Deleted : C:\ProgramData\TubeITAdBLLockAp
Folder Deleted : C:\ProgramData\1a71a52b7af5203a
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Users\takun\AppData\Roaming\Systweak
Folder Deleted : C:\Users\takun\AppData\Roaming\Mozilla\Firefox\Profiles\au8lts1s.default\Extensions\uhm-2m@guxhyelshb-.edu
Folder Deleted : C:\Users\etc-local-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\loikiihgjilflipcfgkjhihlncbjfabj
File Deleted : C:\Users\takun\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\takun\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E58EC35-FEA3-26F3-26B2-B9186CE8EEEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50484944-4745-5453-1000-299999999998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50484944-4745-5453-1000-099999999998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50484944-4745-5453-1000-099999999999}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{50484944-4745-5453-0000-000000000000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E58EC35-FEA3-26F3-26B2-B9186CE8EEEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{50484944-4745-5453-1000-099999999998}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{50484944-4745-5453-1000-099999999999}
Key Deleted : HKCU\Software\LiveSupport
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\browse~1.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.wisesearch.info
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v33.0.2 (x86 en-US)
 
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("extensions.VWITp5_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo[...]
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[au8lts1s.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\etc-local-admin\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : loikiihgjilflipcfgkjhihlncbjfabj
[C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [6815 octets] - [19/01/2015 09:16:10]
AdwCleaner[S0].txt - [6633 octets] - [19/01/2015 09:17:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6693 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by takun (administrator) on ETC-TAKUN on 19-01-2015 09:33:45
Running from C:\Users\takun\Downloads
Loaded Profiles: takun (Available profiles: etc-local-admin & takun & guest447)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sassafras Software Inc.) C:\Windows\keyacc32.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Sassafras Software Inc.) C:\Windows\kass.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Box) C:\Users\takun\AppData\Local\Box\Box Edit\Box Edit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [KeyAccess] => C:\Windows\kass.exe [173688 2013-03-06] (Sassafras Software Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeyAccess] => C:\Windows\kass.exe [173688 2013-03-06] (Sassafras Software Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Run: [Box Edit] => C:\Users\takun\AppData\Local\Box\Box Edit\Box Edit.exe [481816 2014-07-24] (Box)
HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Run: [GoogleChromeAutoLaunch_FA425C8520071C1BFD01EDAB4A9A86A2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-484763869-963894560-842925246-278183\...\RunOnce: [Adobe Speed Launcher] => 1421677423
HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-18\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-25] (Microsoft Corporation)
AppInit_DLLs: NULL KATRK64.DLL => NULL KATRK64.DLL File Not Found
AppInit_DLLs-x32: katrack.dll => C:\Windows\katrack.dll [19064 2013-03-06] (Sassafras Software Inc.)
AppInit_DLLs-x32:  katrack.dll => C:\Windows\katrack.dll [19064 2013-03-06] (Sassafras Software Inc.)
AppInit_DLLs-x32:  KATRACK.DLL => C:\Windows\KATRACK.DLL [19064 2013-03-06] (Sassafras Software Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
ShellIconOverlayIdentifiers: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
ShellIconOverlayIdentifiers: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
ShellIconOverlayIdentifiers-x32: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-484763869-963894560-842925246-278183\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 128.2.1.10 128.2.1.11
 
FireFox:
========
FF ProfilePath: C:\Users\takun\AppData\Roaming\Mozilla\Firefox\Profiles\au8lts1s.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-484763869-963894560-842925246-278183: @asperasoft.com/AsperaConnect -> C:\Users\takun\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb.dll (Aspera, Inc. )
FF Plugin HKU\S-1-5-21-484763869-963894560-842925246-278183: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\takun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-484763869-963894560-842925246-278183: box.com/BoxEdit -> C:\Users\takun\AppData\Local\Box\Box Edit\npBoxEdit.dll (Box)
FF Plugin HKU\S-1-5-21-484763869-963894560-842925246-278183: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: YouTube to MP3 - C:\Users\takun\AppData\Roaming\Mozilla\Firefox\Profiles\au8lts1s.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-03-09]
 
Chrome: 
=======
CHR Profile: C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-23]
CHR Extension: (Docs Offline Background Page) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-23]
CHR Extension: (Google Search) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-23]
CHR Extension: (Google Wallet) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\takun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 KeyAccess; C:\Windows\keyacc32.exe [2115192 2013-03-06] (Sassafras Software Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [249888 2008-05-20] (Microsoft Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
S2 05837205; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserfasterSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [29728 2008-05-20] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2013-07-25] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 09:33 - 2015-01-19 09:39 - 00022035 _____ () C:\Users\takun\Downloads\FRST.txt
2015-01-19 09:32 - 2015-01-19 09:35 - 00000000 ____D () C:\FRST
2015-01-19 09:31 - 2015-01-19 09:31 - 02126848 _____ (Farbar) C:\Users\takun\Downloads\FRST64.exe
2015-01-19 09:16 - 2015-01-19 09:17 - 00000000 ____D () C:\AdwCleaner
2015-01-19 09:15 - 2015-01-19 09:15 - 02186752 _____ () C:\Users\takun\Downloads\AdwCleaner.exe
2015-01-18 13:11 - 2015-01-18 13:20 - 00000000 ____D () C:\Users\takun\Desktop\Archive
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 09:39 - 2009-07-13 23:45 - 00012272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:39 - 2009-07-13 23:45 - 00012272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:31 - 2013-08-21 07:57 - 02022678 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 09:25 - 2013-10-02 13:37 - 00000000 ___RD () C:\Users\takun\Google Drive
2015-01-19 09:25 - 2013-08-21 10:02 - 00000460 _____ () C:\Windows\SMSCFG.ini
2015-01-19 09:24 - 2013-08-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 09:23 - 2013-07-26 08:46 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 09:21 - 2013-03-06 07:00 - 00001717 _____ () C:\Windows\keyacc.ini
2015-01-19 09:20 - 2013-08-21 08:02 - 00000480 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-19 09:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 09:19 - 2013-08-20 14:35 - 00074780 _____ () C:\Windows\setupact.log
2015-01-19 09:19 - 2013-08-01 10:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-19 09:18 - 2013-07-25 02:15 - 00316916 _____ () C:\Windows\PFRO.log
2015-01-19 09:07 - 2013-07-26 08:46 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 08:48 - 2013-07-26 10:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 17:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-18 15:49 - 2014-01-23 19:01 - 00000000 ____D () C:\Users\takun\Desktop\Application
2015-01-18 13:17 - 2014-08-25 10:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 13:15 - 2014-08-25 10:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 13:15 - 2014-08-25 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 13:15 - 2014-08-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 13:11 - 2014-11-06 15:42 - 00000000 ____D () C:\Users\takun\Desktop\Printing
2015-01-18 13:10 - 2013-08-23 14:50 - 00000000 ____D () C:\Users\takun
2015-01-18 13:02 - 2013-08-23 14:50 - 00001036 __RSH () C:\Users\takun\ntuser.pol
2015-01-18 12:47 - 2013-08-23 14:50 - 00000000 ____D () C:\Users\takun\AppData\Roaming\Adobe
2015-01-18 12:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
2013-09-14 17:26 - 2014-11-23 17:33 - 0000132 _____ () C:\Users\takun\AppData\Roaming\Adobe PNG Format CS6 Prefs
 
Some content of TEMP:
====================
C:\Users\takun\AppData\Local\Temp\6_Offer_18.exe
C:\Users\takun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkvkmf.dll
C:\Users\takun\AppData\Local\Temp\hcuninstaller_20140826_114554_3248.exe
C:\Users\takun\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\takun\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\takun\AppData\Local\Temp\NGMDll.dll
C:\Users\takun\AppData\Local\Temp\NGMResource.dll
C:\Users\takun\AppData\Local\Temp\Quarantine.exe
C:\Users\takun\AppData\Local\Temp\riftuninstall.exe
C:\Users\takun\AppData\Local\Temp\SkypeSetup.exe
C:\Users\takun\AppData\Local\Temp\sqlite3.dll
C:\Users\takun\AppData\Local\Temp\Tsu7208F645.dll
C:\Users\takun\AppData\Local\Temp\unicows.dll
C:\Users\takun\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-18 17:19
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by takun at 2015-01-19 09:40:20
Running from C:\Users\takun\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Edge Animate CC 2014 (HKLM-x32\...\{F1BFBED6-2779-4A4D-B401-5C08F813B0F2}) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM-x32\...\{C592A34D-1E4A-49A3-BD42-4C8A5C9E4B80}) (Version: 1.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InCopy CC 2014 (HKLM-x32\...\{B389B226-A760-1014-9ADD-DA3D4A4028DB}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect 3.3.4.84236 (HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Aspera Connect 3.3.4.84236) (Version: 3.3.4.84236 - Aspera, Inc.)
Aspera Connect 3.3.4.84236 (x32 Version: 3.3.4.84236 - Aspera, Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - Authoring Binaries 32-bit (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - Authoring Binaries 64-bit (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - Authoring Data (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - SDK (Android) (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - SDK (Common) (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - SDK (Windows Phone) (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - SDK (Windows Store App (Metro)) (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 - SDK (Windows) (x32 Version: 13.1.2.4685 - Audiokinetic Inc.) Hidden
Audiokinetic Wwise v2013.1.2 build 4685 (HKLM-x32\...\{c6282856-80ac-4b90-aa40-0856139fdb8d}) (Version: 13.1.2.4685 - Audiokinetic Inc.)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.2.475.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.2.475.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk 3ds Max 2014 SP2 (HKLM\...\Autodesk 3ds Max 2014 HF1) (Version: 16.2.475.0 - Autodesk)
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.3.1808.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.3.1808.0 - Autodesk) Hidden
Autodesk Maya 2015 SP3 (HKLM\...\Autodesk Maya 2015 SP3) (Version: 15.3.1808.0 - Autodesk)
Autodesk MotionBuilder 2014 (HKLM\...\Autodesk MotionBuilder 2014) (Version: 14.0.0.597 - Autodesk)
Autodesk MotionBuilder 2014 (Version: 14.0.0.597 - Autodesk) Hidden
Autodesk MotionBuilder 2015 (HKLM\...\Autodesk MotionBuilder 2015) (Version: 15.0.0.74 - Autodesk)
Autodesk MotionBuilder 2015 (Version: 15.0.0.74 - Autodesk) Hidden
Autodesk Mudbox 2014 (HKLM\...\Autodesk Mudbox 2014) (Version: 8.0.1.80 - Autodesk)
Autodesk Mudbox 2014 (Version: 8.0.1.80 - Autodesk) Hidden
Autodesk Mudbox 2014 SP1 (HKLM\...\Autodesk Mudbox 2014 SP1) (Version: 8.0.1.80 - Autodesk)
Autodesk Mudbox 2015 (HKLM\...\Autodesk Mudbox 2015) (Version: 9.0.1.89 - Autodesk)
Autodesk Mudbox 2015 (Version: 9.0.1.89 - Autodesk) Hidden
Autodesk Mudbox 2015 SP1 (HKLM\...\Autodesk Mudbox 2015 SP1) (Version: 9.0.1.89 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden
Autodesk SketchBook Designer 2014 (HKLM\...\Autodesk SketchBook Designer 2014) (Version: 4.00.0000 - Autodesk)
Autodesk SketchBook Designer 2014 (Version: 4.00.0000 - Autodesk) Hidden
Autodesk Softimage 2014 (HKLM\...\Autodesk Softimage 2014) (Version: 12.0.0000 - Autodesk)
Autodesk Softimage 2014 (Version: 12.0.0000 - Autodesk) Hidden
Autodesk Softimage 2015 (HKLM\...\Autodesk Softimage 2015) (Version: 13.0.114.0 - Autodesk)
Autodesk Softimage 2015 (Version: 13.0.114.0 - Autodesk) Hidden
Autodesk Suite Exclusives 2014 64-bit (HKLM\...\{2B1E251B-715E-4E93-A4BB-B69671405EAA}) (Version: 2.0.0.0 - Autodesk)
Autodesk Suite Exclusives 2015 (HKLM\...\{028B6F80-E54F-46EE-A644-69B0F733D5D7}) (Version: 2.0.0.0 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Edit (HKLM-x32\...\{C5CF2E59-D4D9-4CBB-A680-284A75C14699}) (Version: 2.0.41.328 - Box)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Configuration Manager Client (x32 Version: 4.00.6221.1000 - Microsoft Corporation) Hidden
CopyTrans Suite Remove Only (HKU\S-1-5-21-484763869-963894560-842925246-278183\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
CS6_x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
Git version 1.9.4-preview20140815 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140815 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
MapleStory (HKLM-x32\...\Steam App 216150) (Version:  - Nexon)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Node.js (HKLM\...\{F40E7A6E-DE41-418B-93DA-81549610E5DF}) (Version: 0.10.33 - Joyent, Inc. and other Node contributors)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Perforce Visual Components (HKLM\...\{9211878B-0C5E-4915-931C-4090010F9D56}) (Version: 132.66.6958 - Perforce Software)
Phidget Library (HKLM-x32\...\{6C5A8193-9E74-417B-BB5D-6C316128889A}) (Version: 2.0.0.0 - Phidgets Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Roadkill1_1 (HKLM-x32\...\Roadkill1_1) (Version:  - )
Sassafras K2 Client (HKLM\...\{E23D1D2C-1762-11D5-A8D2-00C04FA35723}) (Version: 7.0 - Sassafras Software Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SMS Client Setup Bootstrap (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Spotify (HKU\S-1-5-21-484763869-963894560-842925246-278183\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{530992D4-DDBA-4F68-8B0D-FF50AC57531B}) (Version: 11.0.5002.333 - Symantec Corporation)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-484763869-963894560-842925246-278183\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WIMGAPI (HKLM-x32\...\{721ABC3B-5F12-4332-9C0C-C11424EF666C}) (Version: 1.0.0.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
x64_named (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\takun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{04A9E854-6F47-4F37-8A10-F896717F0329}\InprocServer32 -> C:\Users\takun\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb64.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{AD17B774-7F87-4141-BB9C-2AEE3841DC4E}\InprocServer32 -> C:\Users\takun\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb64.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-842925246-278183_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\takun\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
11-12-2014 00:00:01 Scheduled Checkpoint
12-12-2014 18:29:19 Windows Update
18-01-2015 17:25:33 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0906EB3D-217D-4DD0-8F48-0BEAE78D38F1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {254E93F7-5C2B-4812-85C0-B9AB96053597} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46F433B7-A410-443B-8BB6-89914EFA6BD5} - System32\Tasks\{5AE64723-3877-4866-8E7A-3EA975F147DE} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {752E26EE-5B3D-4176-B64C-C8DE60C8640F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {7FD716CC-F97D-44C7-BAEA-936524D983E9} - System32\Tasks\{00AB2319-4439-4007-8178-2EE95DD0FB96} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {A5006B93-F45F-466D-9267-876BF937A2BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B3DE9EB9-D1E3-4FF5-8DB5-D01F9F0BC0B0} - System32\Tasks\{EDC75CEA-B592-4C18-BC8F-A8EFCE16F37D} => pcalua.exe -a C:\Users\takun\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\takun\Downloads
Task: {DDF3ED19-1E2D-488A-9928-07A84059248F} - System32\Tasks\AdobeAAMUpdater-1.0-ANDREW-takun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {DFC5ACDB-78FB-48BE-93DA-C5F589EDD477} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2013-08-01 10:46 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-19 14:04 - 2013-06-06 12:31 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-30 13:54 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-30 13:54 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-11-30 13:54 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-30 13:54 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2015-01-19 09:23 - 2015-01-19 09:23 - 00098816 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32api.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00110080 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\pywintypes27.dll
2015-01-19 09:23 - 2015-01-19 09:23 - 00364544 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\pythoncom27.dll
2015-01-19 09:23 - 2015-01-19 09:23 - 00044032 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_socket.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 01153024 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_ssl.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00320512 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32com.shell.shell.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00711680 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_hashlib.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 01175040 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._core_.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00805888 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._gdi_.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00811008 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._windows_.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 01062400 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._controls_.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00735232 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._misc_.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00128512 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_elementtree.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00127488 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\pyexpat.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00557056 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\pysqlite2._sqlite.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00087040 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_ctypes.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00119808 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32file.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00108544 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32security.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00018432 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32event.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00038912 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32inet.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00122368 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._wizard.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00026624 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\_multiprocessing.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00070656 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\wx._html2.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00010240 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\select.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00686080 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\unicodedata.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00025600 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32pdh.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00521680 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\windows._lib_cacheinvalidation.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00011264 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32crypt.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00024064 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32pipe.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00035840 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32process.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00017408 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32profile.pyd
2015-01-19 09:23 - 2015-01-19 09:23 - 00022528 _____ () C:\Users\takun\AppData\Local\Temp\_MEI11962\win32ts.pyd
2014-08-28 16:49 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 16:49 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 16:49 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-07-01 07:20 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-08-25 09:00 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 16:49 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 16:49 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 13:46 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2013-07-15 13:32 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-25 08:59 - 2014-11-11 13:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-11-30 13:54 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\takun\Local Settings:BsK6R2bumPd5lOtSqwN
AlternateDataStreams: C:\Users\takun\Local Settings:J5RcaupyOWeezaMKoE4ivwL
AlternateDataStreams: C:\Users\takun\AppData\Local:BsK6R2bumPd5lOtSqwN
AlternateDataStreams: C:\Users\takun\AppData\Local:J5RcaupyOWeezaMKoE4ivwL
AlternateDataStreams: C:\Users\takun\AppData\Local\7VsahDFrne:KZ7kXGaiQoxC0F5EwvaOnUmyzuIu
AlternateDataStreams: C:\Users\takun\AppData\Local\Application Data:BsK6R2bumPd5lOtSqwN
AlternateDataStreams: C:\Users\takun\AppData\Local\Application Data:J5RcaupyOWeezaMKoE4ivwL
AlternateDataStreams: C:\Users\takun\AppData\Local\EM1eWN3w:YBV4Z8MqFmZeCNDHWO
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4260393641-90436932-679026572-500 - Administrator - Disabled)
etc-local-admin (S-1-5-21-4260393641-90436932-679026572-1000 - Administrator - Enabled) => C:\Users\etc-local-admin
Guest (S-1-5-21-4260393641-90436932-679026572-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/19/2015 01:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Unknown DNS packet type 1000 from 128.2.13.69    :34100 to 128.2.238.60   :5353  length 12 on 00000000011DB890 (ignored)
 
Error: (01/18/2015 05:21:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/11/2014 10:50:54 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/11/2014 10:50:40 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/11/2014 10:41:18 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/11/2014 10:39:04 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/10/2014 05:14:06 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/10/2014 00:34:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/09/2014 05:38:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: ANDREW)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (12/09/2014 04:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Faulting module name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Exception code: 0xc0000005
Fault offset: 0x00814616
Faulting process id: 0x1df8
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
 
 
System errors:
=============
Error: (01/19/2015 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/19/2015 09:26:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (01/19/2015 09:23:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/19/2015 09:21:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser faster service to connect.
 
Error: (01/19/2015 09:17:45 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: 
%%1056
 
Error: (01/19/2015 09:17:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/19/2015 09:17:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/19/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/19/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/19/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/19/2015 01:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Unknown DNS packet type 1000 from 128.2.13.69    :34100 to 128.2.238.60   :5353  length 12 on 00000000011DB890 (ignored)
 
Error: (01/18/2015 05:21:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/11/2014 10:50:54 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (12/11/2014 10:50:40 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (12/11/2014 10:41:18 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (12/11/2014 10:39:04 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (12/10/2014 05:14:06 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (12/10/2014 00:34:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/09/2014 05:38:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: ANDREW)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
 
Error: (12/09/2014 04:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.4756.10004b9c08e8EXCEL.EXE14.0.4756.10004b9c08e8c0000005008146161df801d013f4fba72493C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEdf4300ad-7fe9-11e4-bb4b-b8ca3a8ca9f2
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-21 10:59:16.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 14:05:20.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 13:45:08.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 09:45:38.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-07 16:17:13.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 11:41:05.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-29 13:51:50.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-26 15:27:04.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-26 15:21:05.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-26 15:14:20.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16338.44 MB
Available physical RAM: 12713.89 MB
Total Pagefile: 32675.06 MB
Available Pagefile: 28664.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:195.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AC57A9E3)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:30 PM

Posted 20 January 2015 - 12:10 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   3.77KB   4 downloads

 

 

How is the machine running after this fix?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Nachocreech

Nachocreech
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 January 2015 - 11:24 AM

This fixed it! thank you so much!



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:30 PM

Posted 20 January 2015 - 01:08 PM

Lets run a couple other scans for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

 

Things to include in your next reply::

MBAM log

Eset log

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:30 PM

Posted 26 January 2015 - 01:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users