Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe doesn't load automaticaly after I tried removing virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 Friikijs

Friikijs

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 21 January 2015 - 04:21 AM

Hello,

 

I can't seem to solve this problem alone so I would really appreciate if someone helped me with it. Working on W7 ultimate OEM preinstalled without any CDs.

 

I have had my system running for 2 years without any problems or need to format it but today I stumbled upon a little bug that turned all my web browser homepages to ads.ads-ki.com so II tried to remove it with multiple removal programms - Malwarebyte, adwcleaner and HitmanPro just in case. I noticed this ads thing for a few days before but didn't bother even thought it crashed my browser twice in a few days. I have done such removal for other computers and I had no problems while removing all the viruses. It didn't really find any viruses, a couple tracers, a suspicios(not infected) program and a keygen so I didn't check what else would it remove and went with it.

After restarting the computer I saw hitman pro in the boot screen and it took way more time to boot as usual. When it finally got to the point to open explorer.exe it didn't. There was just a dark grey screen and nothing was loading so I opened explorer.exe with task manager. 

It took a while to load the explorer.exe but it did and I got the following messages:

 

Failed to connect to windows service. Runtime error 216 at 010055DB6

 

There is no network connection (says that can't automatically detect the proxy), windows firewall is set disabled and can't enable it (says Action Center can't turn on Windows Firewall).

 

I removed all the programs I installed before(malwarebyte, adwcleaner and hitmanpro) but haven't touched registry yet.

 

Here is the Farbar tool log:

 

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-16] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-23] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\Admin\...\Run: [AdobeBridge] => [X]
HKU\Admin\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\Admin\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"
HKU\Admin\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\Admin\...\Policies\Explorer: [] 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-29] (NVIDIA Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-11] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-09-29] (Duplex Secure Ltd.)
S1 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [29856 2014-08-17] (Tarlogic)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-21 10:16 - 2015-01-21 10:16 - 00000000 ____D () C:\FRST
2015-01-20 23:13 - 2015-01-20 23:13 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-20 23:01 - 2015-01-20 23:01 - 00000000 ____D () C:\Windows\System32\appmgmt
2015-01-20 22:55 - 2015-01-20 22:55 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-01-20 22:49 - 2015-01-20 22:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-20 22:39 - 2015-01-20 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 22:38 - 2015-01-20 22:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 22:36 - 2015-01-20 22:36 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 04:15 - 2009-07-21 06:03 - 00000306 _____ () C:\Users\Admin\Desktop\READ ME.txt
2015-01-20 04:15 - 2009-07-21 06:01 - 00053248 _____ () C:\Users\Admin\Desktop\PASSWORD FORM4.xls
2015-01-20 04:13 - 2015-01-20 04:13 - 00018601 _____ () C:\Users\Admin\Downloads\PASSWORD FORM4.zip
2015-01-20 01:59 - 2015-01-20 01:59 - 00018432 _____ () C:\Users\Admin\Desktop\tests.xlsx
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\Documents\Kutools for Excel
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\Users\Public\Documents\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-20 01:27 - 2015-01-20 01:28 - 19845048 _____ (Detong ) C:\Users\Admin\Downloads\KutoolsforExcelSetup.exe
2015-01-20 01:11 - 2015-01-20 01:21 - 00129230 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsm
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DataRecommendations
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft_Corporation
2015-01-20 00:45 - 2015-01-20 00:45 - 00010057 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsx
2015-01-19 05:54 - 2015-01-19 05:55 - 13356544 _____ () C:\Users\Admin\Desktop\APJ_CESIS_1KARTA_2014.09.15_2Re&Re.xls
2015-01-15 01:02 - 2015-01-15 01:02 - 00017121 _____ () C:\Users\Admin\Desktop\RemoveStyles.xlam
2015-01-15 01:01 - 2015-01-15 01:01 - 00036352 _____ () C:\Users\Admin\Desktop\RemoveStyles03.xla
2015-01-13 22:46 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-13 22:46 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-13 22:46 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-13 22:46 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-13 22:46 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:46 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:46 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-13 22:46 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:54 - 2015-01-12 01:54 - 00061146 _____ () C:\Users\Admin\Desktop\Izmaiņas kopā + izmaksas.xlsx
2015-01-12 01:04 - 2015-01-12 01:04 - 00205399 _____ () C:\Users\Admin\Desktop\nolikums.zip
2015-01-07 00:01 - 2015-01-07 00:01 - 00305152 _____ () C:\Users\Admin\Desktop\Darbu daudzumu saraksts_A2 km 71,170-77,911.xls
2015-01-06 23:04 - 2015-01-06 23:04 - 01284608 _____ () C:\Users\Admin\Desktop\TBuvniecibas_tame.xls
2015-01-06 06:21 - 2015-01-06 06:21 - 00001349 _____ () C:\Users\Admin\Desktop\Apliecinājums.rtfd.zip
2015-01-02 11:32 - 2015-01-02 11:32 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_715147_hd_3000.m3u8
2014-12-26 14:13 - 2014-12-26 14:13 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_707919_hd_3000.m3u8
2014-12-24 01:04 - 2014-12-24 01:04 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 00:19 - 2014-12-23 00:19 - 00016145 _____ () C:\Users\Admin\Desktop\Silupu 3 apjomu sert decembris.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 23:40 - 2014-10-06 10:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\gleam
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:38 - 2009-07-13 21:13 - 00797278 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-20 23:37 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Darbam
2015-01-20 23:34 - 2013-11-12 06:30 - 01334715 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 23:30 - 2013-11-12 23:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-20 23:27 - 2009-07-13 20:51 - 00204126 _____ () C:\Windows\setupact.log
2015-01-20 23:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-20 23:17 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VMware
2015-01-20 23:17 - 2014-03-07 21:22 - 00000000 ____D () C:\ProgramData\VMware
2015-01-20 23:17 - 2013-11-12 23:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-20 23:10 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\VMware
2015-01-20 23:09 - 2014-11-27 05:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Acrylic Wi-Fi Free
2015-01-20 23:01 - 2014-11-02 08:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PortForward.com
2015-01-20 23:00 - 2013-11-12 23:25 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 22:57 - 2010-11-20 19:47 - 00311742 _____ () C:\Windows\PFRO.log
2015-01-20 22:48 - 2013-11-13 07:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 22:40 - 2013-11-16 08:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 22:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 12:41 - 2013-11-16 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-18 12:38 - 2014-03-16 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-16 04:01 - 2013-11-16 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2015-01-14 22:31 - 2013-11-16 01:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2015-01-14 05:48 - 2013-11-13 07:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 05:48 - 2013-11-13 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 05:48 - 2013-11-13 07:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:49 - 2013-11-12 06:48 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-13 22:46 - 2013-11-12 06:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-13 07:00 - 2013-11-18 09:47 - 04796798 _____ () C:\Windows\System32\webservice4.log
2015-01-13 04:05 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Privātās lietas
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ACEStream
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.ACEStream
2015-01-06 09:32 - 2014-10-09 21:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-06 09:32 - 2013-11-16 08:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 18:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-12-29 01:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-12-29 00:32 - 2013-11-18 09:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\cache
2014-12-24 01:21 - 2013-11-17 12:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-13 22:46:36
Restore point made on: 2015-01-15 02:06:39
Restore point made on: 2015-01-20 00:20:28
Restore point made on: 2015-01-20 22:54:50
Restore point made on: 2015-01-20 22:55:22
Restore point made on: 2015-01-20 23:17:06
 
==================== Memory info =========================== 
 
Percentage of memory in use: 8%
Total physical RAM: 16244.14 MB
Available physical RAM: 14926.23 MB
Total Pagefile: 16242.34 MB
Available Pagefile: 14944.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.94 GB) (Free:58.07 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:740.79 GB) NTFS
Drive g: (ADATA UFD) (Removable) (Total:7.32 GB) (Free:7.32 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 9628EE43)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4673F7EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.3 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
 
LastRegBack: 2015-01-14 02:20
 
==================== End Of Log ============================
 
DDS LOG:
 
DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Admin at 11:39:33 on 2015-01-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.371.1033.18.16244.14015 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ads.ads-ki.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{88BDAD2B-5E98-4725-BF50-DCD1E5A3DA76} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9188B68E-9C17-4DDC-B885-2C9379AA4869}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{9188B68E-9C17-4DDC-B885-2C9379AA4869}\254555D275966496 : DHCPNameServer = 10.2.16.1 78.154.142.11 85.254.217.1
TCP: Interfaces\{9188B68E-9C17-4DDC-B885-2C9379AA4869}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9188B68E-9C17-4DDC-B885-2C9379AA4869}\845514755494D224539333D224836364 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9188B68E-9C17-4DDC-B885-2C9379AA4869}\C41696D6163702E6564777F627B6 : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w3waknfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://ads.ads-ki.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-11-13 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-11-13 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-13 20024]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-11-7 31560]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-13 55856]
R1 TRLNDISMON;Tarlogic NDIS Monitor Driver;C:\Windows\System32\drivers\TRLNDISMON.sys [2014-11-27 29856]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-8-26 1685880]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run pakalpojums;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2449592]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-23 1148744]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-13 14904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-11-13 2451456]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-9-2 390672]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-7-22 140600]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-9-5 1390904]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-11-13 172704]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2013-4-23 69088]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-11-13 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-29 452088]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-13 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-13 791608]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-18 38216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-5 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-4 1795912]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-13 19819848]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-11-15 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-11-15 21872]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-18 1471792]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-9 19784]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-10-17 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-12 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-11-13 315536]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-11-12 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-12 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2015-01-21 18:16:07 -------- d-----w- C:\FRST
2015-01-21 07:13:44 -------- d-----w- C:\Program Files\HitmanPro
2015-01-21 07:01:58 -------- d-----w- C:\Windows\System32\appmgmt
2015-01-21 06:55:26 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2015-01-21 06:49:19 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-21 06:39:37 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-21 06:36:22 -------- d-sh--w- C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 09:31:03 -------- d-----w- C:\Users\Admin\AppData\Roaming\Kutools for Excel
2015-01-20 09:30:57 -------- d-----w- C:\ProgramData\Licenses
2015-01-20 08:47:25 -------- d-----w- C:\Users\Admin\AppData\Local\Microsoft_Corporation
2015-01-20 08:47:23 -------- d-----w- C:\Users\Admin\AppData\Roaming\DataRecommendations
2015-01-20 08:20:31 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96D22948-4BE1-46B2-AA5B-5A5645AA5B1D}\mpengine.dll
2015-01-16 10:08:39 -------- d-----w- C:\Users\Admin\AppData\Roaming\DeleteSkypeHistory-SE
2015-01-10 17:58:24 -------- d-----w- C:\Games
.
==================== Find3M  ====================
.
2015-01-14 13:48:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 13:48:06 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-06 02:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:17 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 17:06:52 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-11-06 17:06:52 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-11-06 17:06:33 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-11-06 17:06:33 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-30 02:10:36 6880968 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-30 02:10:36 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-30 02:10:34 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-30 02:10:34 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-10-30 02:10:34 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-30 02:10:34 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-30 02:10:34 1090704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-10-30 02:10:33 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-27 00:34:52 4066553 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 11:39:39,96 ===============
 
edit: added DDS logs

Attached Files


Edited by Friikijs, 21 January 2015 - 04:52 AM.


BC AdBot (Login to Remove)

 


m

#2 Friikijs

Friikijs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 22 January 2015 - 01:51 AM

I'm sorry for replying to my own topic, I just wanted to do an update since I needed to get the computer working and I did some steps by myself.

 

I did a system restore from the earliest possible point, and I got everything back to running BUT I still have that ads.ads-ki.com malware that keeps crashing my browsers and setting it as homepage.

I tried getting it out of registry from these places:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing "NewTabPageShow" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = "http://www.<random>.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes "DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "C:\Program Files\Mozilla Firefox\firefox.exe http://www.<random>.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>".

It did delete it at that time but after a restart everything went back to beginning and I kept getting thrown out of Chrome while redirecting to ads.ads-ki.com homepage.

I would really appreciate any comments and advice.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:06 PM

Posted 24 January 2015 - 05:02 PM

Greetings Friikijs and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do the following for me.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Please rerun FRST making sure to place a check mark in Addtition.txt and copy/paste the reports in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt
  • RogueKiller log
  • FRST log
  • Addition log

Edited by Oh My!, 24 January 2015 - 05:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Friikijs

Friikijs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 25 January 2015 - 05:47 AM

Thank you kindly for taking your time and replying to my topic. So the RogueKiller detected the IAT/EAT hook.
 
Farbars Minitoolbox log:
Ran by Admin (administrator) on 25-01-2015 at 12:17:22
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1 activate.adobe.com  
127.0.0.1 nlsk.neulion.com
127.0.0.1 cap.cyberlink.com
 
========================= IP Configuration: ================================
 
Intel® Centrino® Wireless-N 2230 = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.220.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.106.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Admin-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : homerouter.cpe
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 60-36-DD-BE-4C-82
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 60-36-DD-BE-4C-82
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : homerouter.cpe
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 60-36-DD-BE-4C-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d1c2:8a1d:60ae:e1ea%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : sv�tdiena, 2015. gada 25. janv�r� 11:36:22
   Lease Expires . . . . . . . . . . : pirmdiena, 2015. gada 26. janv�r� 11:36:22
   Default Gateway . . . . . . . . . : fe80::5ef9:6aff:fe19:b86e%14
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 341849821
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-13-F4-4B-00-E0-4C-36-00-0E
   DNS Servers . . . . . . . . . . . : fe80::5ef9:6aff:fe19:b86e%14
                                       192.168.1.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-E0-4C-36-00-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 60-36-DD-BE-4C-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VMware Network Adapter VMnet1:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1dc:c505:498d:64a9%19(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.220.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 604000342
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-13-F4-4B-00-E0-4C-36-00-0E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac7b:ba55:5867:3a30%20(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.106.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 620777558
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-13-F4-4B-00-E0-4C-36-00-0E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.homerouter.cpe:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : homerouter.cpe
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{FB25B507-B748-46CF-B24E-849E7BE6444A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C9E3F74C-3C73-4190-B79F-677A80D0B2F7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::5ef9:6aff:fe19:b86e
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2a00:1450:400f:805::2000
 216.58.209.142
 
 
Pinging google.com [216.58.209.142] with 32 bytes of data:
Reply from 216.58.209.142: bytes=32 time=20ms TTL=50
Reply from 216.58.209.142: bytes=32 time=41ms TTL=50
 
Ping statistics for 216.58.209.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 41ms, Average = 30ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::5ef9:6aff:fe19:b86e
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=131ms TTL=40
Reply from 98.139.183.24: bytes=32 time=131ms TTL=40
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 131ms, Maximum = 131ms, Average = 131ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...60 36 dd be 4c 82 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...60 36 dd be 4c 82 ......Microsoft Virtual WiFi Miniport Adapter
 14...60 36 dd be 4c 81 ......Intel® Centrino® Wireless-N 2230
 13...00 e0 4c 36 00 0e ......Realtek PCIe FE Family Controller
 11...60 36 dd be 4c 85 ......Bluetooth Device (Personal Area Network)
 19...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 20...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    281
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    281
    192.168.106.0    255.255.255.0         On-link     192.168.106.1    276
    192.168.106.1  255.255.255.255         On-link     192.168.106.1    276
  192.168.106.255  255.255.255.255         On-link     192.168.106.1    276
    192.168.220.0    255.255.255.0         On-link     192.168.220.1    276
    192.168.220.1  255.255.255.255         On-link     192.168.220.1    276
  192.168.220.255  255.255.255.255         On-link     192.168.220.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.220.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.106.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.220.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.106.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     41 ::/0                     fe80::5ef9:6aff:fe19:b86e
  1    306 ::1/128                  On-link
 19    276 fe80::/64                On-link
 20    276 fe80::/64                On-link
 14    281 fe80::/64                On-link
 19    276 fe80::1dc:c505:498d:64a9/128
                                    On-link
 20    276 fe80::ac7b:ba55:5867:3a30/128
                                    On-link
 14    281 fe80::d1c2:8a1d:60ae:e1ea/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
 20    276 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63568] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\vsocklib.dll [63568] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67664] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\vsocklib.dll [67664] (VMware, Inc.)
 
**** End of log ****
 
RogueKiller log:
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Mode : Scan -- Date : 01/25/2015  12:24:37
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] AppServices.exe(3236) -- C:\Users\Admin\AppData\Roaming\Identities\AppServices.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Run | reg_svr : "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Run | reg_svr : "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://ads.ads-ki.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://ads.ads-ki.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com  
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 nlsk.neulion.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cap.cyberlink.com
 
¤¤¤ Antirootkit : 7 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x3c2a3f19 (jmp 0xffffffffc5003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xfffffffffd2a3f19 (jmp 0xffffffff86003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x812a3f19 (jmp 0xa003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x622a3f19 (jmp 0xffffffffeb003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x522a3f19 (jmp 0xffffffffdb003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x522a3f19 (jmp 0xffffffffdb003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x522a3f19 (jmp 0xffffffffdb003f09)
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] w3waknfg.default : user_pref("browser.startup.homepage", "http://ads.ads-ki.com"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000LM024 HN-M SCSI Disk Device +++++
--- User ---
[MBR] 858b4342e3b1e334bd409ab158719c3b
[BSP] 1f5a73ac25a28ba3422bda12575e2752 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 858b4342e3b1e334bd409ab158719c3b
[BSP] 1f5a73ac25a28ba3422bda12575e2752 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
 
+++++ PhysicalDrive1: ATA SAMSUNG SSD SM84 SCSI Disk Device +++++
--- User ---
[MBR] d6b1e47ee6571441c881711ef950d27f
[BSP] 71b466da172a4b0e6cb598255ce212b2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 488384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] d6b1e47ee6571441c881711ef950d27f
[BSP] 71b466da172a4b0e6cb598255ce212b2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 488384 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Admin (administrator) on ADMIN-PC on 25-01-2015 12:37:06
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\Admin\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-19] (Spotify Ltd)
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.)
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Policies\Explorer: [] 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.ads-ki.com
HKU\S-1-5-21-2465858509-87567637-2065152485-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w3waknfg.default
FF Homepage: hxxp://ads.ads-ki.com
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dict-enlv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\salidzinilv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sslv.xml
FF Extension: Pushbullet - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w3waknfg.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-01-21]
FF Extension: Reddit Enhancement Suite - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w3waknfg.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-01-21]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w3waknfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google prezentācijas) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Google dokumenti) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-16]
CHR Extension: (Google disks) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Pushbullet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-01-21]
CHR Extension: (Google meklēšana) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (LoL Stream Browser) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2015-01-21]
CHR Extension: (Google izklājlapas) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-11-16]
CHR Extension: (Webcam Toy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-01-21]
CHR Extension: (Google maks) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-09-29] () [File not signed]
R1 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [29856 2014-08-18] (Tarlogic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-25] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
U3 aje1ds4h; C:\Windows\System32\Drivers\aje1ds4h.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 12:37 - 2015-01-25 12:37 - 00022780 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-25 12:35 - 2015-01-25 12:35 - 02129920 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-25 12:28 - 2015-01-25 12:28 - 00000000 ____D () C:\Users\Admin\Desktop\VĪRUSU ĶERŠANA
2015-01-25 12:22 - 2015-01-25 12:22 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-25 12:22 - 2015-01-25 12:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-25 12:19 - 2015-01-25 12:19 - 15431256 _____ () C:\Users\Admin\Desktop\RogueKiller.exe
2015-01-25 12:17 - 2015-01-25 12:17 - 00017645 _____ () C:\Users\Admin\Downloads\Result.txt
2015-01-25 12:16 - 2015-01-25 12:16 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-01-25 11:36 - 2015-01-25 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2015-01-23 14:35 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-23 14:35 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-23 14:35 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 14:35 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-23 14:35 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-23 14:35 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-23 14:34 - 2014-12-12 07:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-23 14:34 - 2014-12-12 07:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-23 14:34 - 2014-12-12 07:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-23 14:34 - 2014-12-12 07:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-23 14:34 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-23 14:34 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-23 14:34 - 2014-12-12 07:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 20:16 - 2015-01-25 12:37 - 00000000 ____D () C:\FRST
2015-01-21 19:20 - 2015-01-21 19:20 - 00001442 _____ () C:\Users\Admin\Downloads\software_removal_tool.log
2015-01-21 19:14 - 2015-01-21 19:14 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 19:13 - 2015-01-21 19:14 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-21 19:02 - 2015-01-21 19:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 18:53 - 2015-01-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-01-21 18:52 - 2015-01-21 18:53 - 30668968 _____ (Riot Games) C:\Users\Admin\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-01-21 16:02 - 2015-01-25 11:46 - 00002225 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 16:02 - 2015-01-21 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-21 16:00 - 2015-01-25 12:05 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 16:00 - 2015-01-25 11:36 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 16:00 - 2015-01-21 16:00 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2015-01-21 16:00 - 2015-01-21 16:00 - 00003940 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-21 16:00 - 2015-01-21 16:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-21 11:39 - 2015-01-21 11:39 - 00025316 _____ () C:\Users\Admin\Desktop\dds.txt
2015-01-21 11:39 - 2015-01-21 11:39 - 00004858 _____ () C:\Users\Admin\Desktop\attach.txt
2015-01-21 11:29 - 2015-01-21 10:16 - 00021205 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-21 09:13 - 2015-01-21 09:13 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-21 09:01 - 2015-01-21 09:01 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-21 08:49 - 2015-01-21 08:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-21 08:39 - 2015-01-21 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 08:36 - 2015-01-21 08:36 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 14:15 - 2009-07-21 16:03 - 00000306 _____ () C:\Users\Admin\Desktop\READ ME.txt
2015-01-20 14:15 - 2009-07-21 16:01 - 00053248 _____ () C:\Users\Admin\Desktop\PASSWORD FORM4.xls
2015-01-20 14:13 - 2015-01-20 14:13 - 00018601 _____ () C:\Users\Admin\Downloads\PASSWORD FORM4.zip
2015-01-20 11:59 - 2015-01-20 11:59 - 00018432 _____ () C:\Users\Admin\Desktop\tests.xlsx
2015-01-20 11:31 - 2015-01-20 11:31 - 00000000 ____D () C:\Users\Admin\Documents\Kutools for Excel
2015-01-20 11:31 - 2015-01-20 11:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Kutools for Excel
2015-01-20 11:30 - 2015-01-20 11:30 - 00000000 ____D () C:\Users\Public\Documents\Kutools for Excel
2015-01-20 11:11 - 2015-01-20 11:21 - 00129230 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsm
2015-01-20 10:47 - 2015-01-20 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DataRecommendations
2015-01-20 10:45 - 2015-01-20 10:45 - 00010057 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsx
2015-01-19 15:54 - 2015-01-19 15:55 - 13356544 _____ () C:\Users\Admin\Desktop\APJ_CESIS_1KARTA_2014.09.15_2Re&Re.xls
2015-01-18 20:33 - 2015-01-18 20:33 - 00030969 _____ () C:\Users\Admin\Downloads\[kickass.so]john.wick.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2015-01-16 12:08 - 2015-01-22 01:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DeleteSkypeHistory-SE
2015-01-15 11:02 - 2015-01-15 11:02 - 00017121 _____ () C:\Users\Admin\Desktop\RemoveStyles.xlam
2015-01-15 11:01 - 2015-01-15 11:01 - 00036352 _____ () C:\Users\Admin\Desktop\RemoveStyles03.xla
2015-01-12 11:54 - 2015-01-12 11:54 - 00061146 _____ () C:\Users\Admin\Desktop\Izmaiņas kopā + izmaksas.xlsx
2015-01-12 11:04 - 2015-01-12 11:04 - 00205399 _____ () C:\Users\Admin\Desktop\nolikums.zip
2015-01-11 13:33 - 2015-01-11 13:33 - 00017646 _____ () C:\Users\Admin\Downloads\[kickass.so]dumb.and.dumber.to.2014.720p.hdrip.x264.aac.kingdom.torrent
2015-01-10 20:00 - 2015-01-10 20:00 - 00001599 _____ () C:\Users\Admin\Desktop\Counter Strike 1.6 (p48).lnk
2015-01-10 19:58 - 2015-01-10 20:05 - 00000000 ____D () C:\Games
2015-01-08 22:05 - 2015-01-08 22:05 - 00044662 _____ () C:\Users\Admin\Documents\What.We.Do.in.the.Shadows.2014.LIMITED.BDRip.X264-AMIABLE.torrent
2015-01-07 18:42 - 2015-01-07 18:40 - 00004173 _____ () C:\Users\Admin\Desktop\config.cfg
2015-01-07 10:01 - 2015-01-07 10:01 - 00305152 _____ () C:\Users\Admin\Desktop\Darbu daudzumu saraksts_A2 km 71,170-77,911.xls
2015-01-07 09:04 - 2015-01-07 09:04 - 01284608 _____ () C:\Users\Admin\Desktop\TBuvniecibas_tame.xls
2015-01-06 16:21 - 2015-01-06 16:21 - 00001349 _____ () C:\Users\Admin\Desktop\Apliecinājums.rtfd.zip
2015-01-02 21:32 - 2015-01-02 21:32 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_715147_hd_3000.m3u8
2014-12-27 13:49 - 2014-12-27 13:49 - 00056931 _____ () C:\Users\Admin\Desktop\[kickass.so]orange.is.the.new.black.s02e13.webrip.x264.2hd.rartv.torrent
2014-12-27 00:13 - 2014-12-27 00:13 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_707919_hd_3000.m3u8
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 12:36 - 2013-11-16 18:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-25 11:48 - 2013-11-13 17:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 11:46 - 2014-10-06 20:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\gleam
2015-01-25 11:43 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:43 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:40 - 2009-07-14 07:13 - 00801510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:39 - 2013-11-12 16:30 - 01305273 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 11:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 11:36 - 2009-07-14 06:51 - 00204182 _____ () C:\Windows\setupact.log
2015-01-24 22:48 - 2013-11-13 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:48 - 2013-11-13 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 22:48 - 2013-11-13 17:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 16:51 - 2013-11-16 11:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2015-01-23 16:19 - 2014-07-31 13:52 - 00000000 ____D () C:\Users\Admin\Desktop\Darbam
2015-01-23 14:38 - 2013-11-12 16:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-23 14:36 - 2014-12-18 10:15 - 00000212 ____H () C:\Users\Admin\Documents\Drawing1.dwl2
2015-01-23 14:36 - 2014-12-18 10:15 - 00000060 ____H () C:\Users\Admin\Documents\Drawing1.dwl
2015-01-23 14:35 - 2013-11-12 16:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-23 14:26 - 2013-11-18 19:47 - 04867810 _____ () C:\Windows\system32\webservice4.log
2015-01-23 08:45 - 2013-11-16 11:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2015-01-23 08:44 - 2013-11-16 11:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-23 08:22 - 2013-11-13 09:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-22 16:18 - 2013-11-27 17:09 - 00002563 _____ () C:\Users\Admin\Documents\plot.log
2015-01-22 08:32 - 2010-11-21 05:47 - 00311536 _____ () C:\Windows\PFRO.log
2015-01-22 01:55 - 2014-11-27 15:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Acrylic Wi-Fi Free
2015-01-22 01:55 - 2014-11-02 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2015-01-22 01:55 - 2014-11-02 18:31 - 00000000 ____D () C:\Program Files (x86)\Portforward
2015-01-22 01:55 - 2014-03-16 22:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-22 01:55 - 2014-03-08 07:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VMware
2015-01-22 01:55 - 2014-03-08 07:22 - 00000000 ____D () C:\ProgramData\VMware
2015-01-22 01:55 - 2014-03-08 07:22 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-01-22 01:55 - 2014-03-08 07:22 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-01-22 01:55 - 2013-11-16 11:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-22 01:55 - 2013-11-13 17:14 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-22 01:55 - 2013-11-13 17:14 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-22 01:55 - 2013-11-13 09:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-22 01:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 01:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-01-21 18:53 - 2013-11-16 18:22 - 00000000 ____D () C:\Riot Games
2015-01-21 16:08 - 2013-11-18 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-01-21 16:08 - 2013-11-18 19:39 - 00000000 ____D () C:\ProgramData\Autodesk
2015-01-21 16:00 - 2013-11-16 11:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-21 15:56 - 2013-11-12 16:30 - 00000000 ____D () C:\Users\Admin
2015-01-21 09:10 - 2014-03-08 07:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\VMware
2015-01-13 14:05 - 2014-07-31 13:52 - 00000000 ____D () C:\Users\Admin\Desktop\Privātās lietas
2015-01-11 15:30 - 2014-11-02 17:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ACEStream
2015-01-11 15:30 - 2014-11-02 17:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.ACEStream
2015-01-08 09:55 - 2010-11-21 05:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 19:32 - 2014-10-10 07:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-06 19:32 - 2013-11-16 18:12 - 00000000 ____D () C:\ProgramData\Skype
2014-12-29 11:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-29 10:32 - 2013-11-18 19:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\cache
 
==================== Files in the root of some directories =======
 
2014-06-16 12:38 - 2014-06-16 12:38 - 0000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-24 20:58 - 2013-11-24 20:58 - 0159200 _____ () C:\Users\Admin\AppData\Roaming\CrashRpt1402.dll
2014-11-30 01:00 - 2014-12-07 02:23 - 0000170 _____ () C:\Users\Admin\AppData\Roaming\bleepNeulionPrefs.ini
2013-11-16 10:22 - 2013-11-16 11:43 - 0007606 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2013-11-18 19:42 - 2013-11-18 19:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 12:28
 
==================== End Of Log ============================
 
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Admin at 2015-01-25 12:37:24
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrylic Wi-Fi Free v2.1 (HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 2.1 - Tarlogic Security S.L.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Anker Precision Laser Gaming Mouse version 1.3 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.3 - ANKER Technology)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigiDoc Client (HKLM-x32\...\{51C04FFB-2E0C-4D0A-B0F9-BE7D5AF8EC1E}) (Version: 2.7.8.00 - AS Sertifitseerimiskeskus)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aaf3655f-6961-4be2-aa4e-6de4dc1dc8f4}) (Version: 16.1.5 - Intel Corporation)
IQ 100 (HKLM-x32\...\IQ 100) (Version:  - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
Latvian (Apostrofs v0.5; punkts) (HKLM\...\{F1EE54D1-D8CF-40F3-AF1D-C386F38DA067}) (Version: 1.0.3.40 - laacz unltd)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 ProPlus - lv-lv (HKLM\...\O365ProPlusRetail - lv-lv) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 lv) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 lv)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro v8.0.3.0 (HKLM-x32\...\Nero8030_Micro_is1) (Version:  - www.nero.com)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
PowerDirector (Version: 12.0 - CyberLink Corp.) Hidden
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM-x32\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-2465858509-87567637-2065152485-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2465858509-87567637-2065152485-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2465858509-87567637-2065152485-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2465858509-87567637-2065152485-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2465858509-87567637-2065152485-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
20-01-2015 10:20:23 Windows Update
21-01-2015 08:54:46 Checkpoint by HitmanPro
21-01-2015 08:55:19 Checkpoint by HitmanPro
21-01-2015 09:17:03 Removed Live! Cam Avatar Creator
21-01-2015 16:08:08 Removed Apple Application Support
21-01-2015 16:08:19 Removed Apple Software Update
21-01-2015 16:08:30 Removed Autodesk 360
21-01-2015 18:51:10 Removed League of Legends
21-01-2015 18:51:31 Removed League of Legends
21-01-2015 18:53:31 Installed Microsoft Visual C++ 2005 Redistributable
21-01-2015 18:53:42 Installed League of Legends
21-01-2015 18:53:49 Installed DirectX
23-01-2015 14:35:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-03-16 22:20 - 2014-10-13 19:54 - 00000913 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com  
127.0.0.1 nlsk.neulion.com
127.0.0.1 cap.cyberlink.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01CCB849-7817-411C-B20F-EE6C2CBAF184} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {22903C7E-EA76-4A68-9D06-D46BB004E82A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {4A5727D0-A192-4655-8B8A-EF19DFE73ECA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {56EF3322-CEDB-481F-8419-9547F9F91259} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {88C2620B-E49C-46FD-AABE-3BAF496A75DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {8A822587-ECDB-4E3A-B9BB-89706F0DE004} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A0187FEA-11FB-4252-88FD-5D814449503E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {BE07063A-4EC1-4130-B50B-35A773ACEB0B} - System32\Tasks\{230109AB-4CAE-44BC-9C4A-1645336803AB} => pcalua.exe -a C:\Users\Admin\Documents\IQ100B\SETUP.EXE -d C:\Users\Admin\Documents\IQ100B
Task: {D4236952-D032-47FF-97C0-F7A3CA206960} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD64963E-37E5-4246-9C8B-0D799A44EAF4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-13 17:16 - 2014-10-30 06:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-12 17:14 - 2014-10-30 04:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-09 02:56 - 2011-02-09 02:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2014-03-19 11:50 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-02 17:06 - 2012-08-08 20:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-11-16 18:05 - 2014-01-10 11:08 - 03353600 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2015-01-25 12:19 - 2015-01-25 12:19 - 15431256 _____ () C:\Users\Admin\Desktop\RogueKiller.exe
2013-11-13 17:16 - 2014-10-30 06:53 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-06 20:36 - 2014-10-06 20:35 - 00187392 __RSH () C:\Users\Admin\AppData\Roaming\gleam\nvm.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-11-16 18:05 - 2011-01-26 23:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2014-10-15 21:11 - 2014-10-15 21:11 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\192740d8e29e7df387d0d7686ae2b535\PSIClient.ni.dll
2015-01-23 14:06 - 2015-01-21 05:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-23 14:06 - 2015-01-21 05:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-23 14:06 - 2015-01-21 05:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-2465858509-87567637-2065152485-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2465858509-87567637-2065152485-500 - Administrator - Disabled)
Guest (S-1-5-21-2465858509-87567637-2065152485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2465858509-87567637-2065152485-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/25/2015 11:36:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2015 00:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 06:43:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 08:21:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 11:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 06:16:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 08:32:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/25/2015 00:22:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (01/25/2015 11:36:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (01/25/2015 11:36:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/25/2015 11:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/25/2015 11:36:21 AM) (Source: VMnetDHCP) (EventID: 2) (User: )
Description: Can't open C:\ProgramData\VMware\vmnetdhcp.conf: The system cannot find the file specified.
 / The system cannot find the file specified
 
Error: (01/24/2015 00:06:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (01/24/2015 00:06:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/24/2015 00:06:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/24/2015 00:06:22 PM) (Source: VMnetDHCP) (EventID: 2) (User: )
Description: Can't open C:\ProgramData\VMware\vmnetdhcp.conf: The system cannot find the file specified.
 / The system cannot find the file specified
 
Error: (01/23/2015 06:43:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 3 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/25/2015 11:36:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2015 00:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 06:43:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 08:21:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 11:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 06:16:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/22/2015 08:32:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16244.14 MB
Available physical RAM: 12052.02 MB
Total Pagefile: 32486.46 MB
Available Pagefile: 29136.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.94 GB) (Free:53.59 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:740.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:06 PM

Posted 25 January 2015 - 09:21 AM

Greetings,

Unfortunately there is evidence of illegal/cracked software on your computer. I am going to request you remove the software before continuing on. If you are willing to do so please let me know when that has been accomplished and we will continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:06 PM

Posted 26 January 2015 - 10:49 AM

I see you have been online since I last posted. Please let me know if you would to continue or have me close this Topic.

Thanks
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:06 PM

Posted 28 January 2015 - 11:47 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:06 PM

Posted 30 January 2015 - 09:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users