Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus destroyed all of my .exe files (applications)


  • This topic is locked This topic is locked
16 replies to this topic

#1 Marnel

Marnel

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 25 January 2015 - 09:30 AM

DDS Scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.21.2
Run by user at 22:15:29 on 2015-01-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.63.1033.18.3977.2771 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\progra~2\optimi~1\OptProCrash.exe
C:\Windows\System32\igfxtray.exe
D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WUDFHost.exe
svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
uSearch Bar = Preserve
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - <orphaned>
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GarenaPlus] "D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.ph/com/EGamesPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: Interfaces\{19681AF9-0116-4AD2-A0A5-B72A75F7100B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{598DDEF2-1503-45DC-B1E1-DA6B54F68BE9} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{795FDB82-EDFE-4304-A293-01AFA7CEDC08} : NameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=492&aid=333&itype=n&ver=13892&tm=492&src=ds&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-10-22 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-10-22 42624]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-1-18 28600]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-1-18 119272]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-1-18 43064]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-22 46136]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-10-22 105088]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-10-22 223872]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-22 96896]
.
=============== Created Last 30 ================
.
2015-01-21 13:36:55 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2015-01-21 13:36:23 -------- d-----w- C:\ProgramData\RogueKiller
2015-01-20 15:20:50 103140 --sh--r- C:\sino.exe
2015-01-04 05:14:10 983040 ----a-w- C:\Windows\FeedingFrenzy.scr
2014-12-28 05:32:23 -------- d-----w- C:\Users\user\AppData\Roaming\EA
.
==================== Find3M  ====================
.
2013-01-09 11:25:05 498027 ----a-w- C:\Program Files (x86)\Yahoo Messenger.exe
.
============= FINISH: 22:20:32.50 ===============
 
 
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2012 9:16:54 AM
System Uptime: 1/21/2015 10:12:35 PM (0 hours ago)
.
Motherboard: ECS |  | H61H2-MV
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz | SOCKET 0 | 2900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 46 GiB total, 6.489 GiB free.
D: is FIXED (NTFS) - 419 GiB total, 0.893 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP224: 1/21/2015 8:54:31 PM - Removed Aurora World
RP225: 1/21/2015 10:02:49 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.07)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Steady Video Plug-In 
AMD VISION Engine Control Center
Avira
BitTorrent
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.4
CPUID HWMonitor 1.20
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Escape Rosecliff Island
Feeding Frenzy Deluxe 5.7.18.1
Garena - League of Legends
Garena Plus
Google Chrome
Google Update Helper
Hammer Heads Deluxe 1.1
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Java 7 Update 21
Java Auto Updater
K-Lite Codec Pack 6.6.0 (Full)
KakaoTalk
League of Legends
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 32.0.3 (x86 en-US)
NVIDIA PhysX
particleIllusion 3.0.9
Pizza Frenzy Deluxe 1.0
Plants vs. Zombies
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RegClean Pro
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Settings Manager
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VLC media player
Windows Movie Maker 2.6
WinRAR 4.11 (32-bit)
XSplit Broadcaster
Yahoo! Messenger
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 25 January 2015 - 02:13 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 25 January 2015 - 02:13 PM

Hello Machiavelli thank you for replying here are the two logs. BTW I don't know why but my CPU Usage spikes to 100% my RAM is fine but my PC is running so slow.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by user (administrator) on BAUTISTA on 26-01-2015 03:15:26
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\Run: [GarenaPlus] => D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {1e89a37d-d3c1-11e3-b835-7427ea02c1d4} - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {fe4555c4-de52-11e3-b727-7427ea02c1d4} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-02] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=333&itype=a&ver=15005&tm=492&src=hmp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {26314958-A633-434B-84F0-AFD107022F56} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1402821012&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EX47508475084&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {76C29BD2-9684-423D-A99A-EFA15D8DFD55} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -  No File
DPF: HKLM-x32 {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=333&itype=a&ver=15005&tm=492&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\user.js
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: Quick Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\Extensions\quick_start@gmail.com [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-24]
CHR Extension: (DefaultTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2014-01-04] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2015-01-24] () [File not signed]
R2 DefaultTabUpdate; C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2014-01-06] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 rqryii; C:\Users\user\Desktop\CCE\ccekrnl.dat [374792 2012-07-09] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2015-01-21] ()
S3 dump_wmimmc; \??\D:\GAMES\ONLINE GAMES\PSO2_Full_Client_2.0221.4\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\ONLINE GAMES\Garena Plus\Room\safedrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hxsyol; \??\D:\GAMES\ONLINE GAMES\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S2 S; C [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 03:15 - 2015-01-26 03:15 - 00021961 _____ () C:\Users\user\Desktop\FRST.txt
2015-01-26 03:15 - 2015-01-26 03:15 - 00000000 ____D () C:\FRST
2015-01-26 03:14 - 2015-01-26 03:14 - 02129920 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-01-26 00:21 - 2015-01-26 00:21 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 00:21 - 2015-01-26 00:21 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 00:21 - 2015-01-26 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 00:20 - 2015-01-26 00:20 - 04813544 _____ (Piriform Ltd) C:\Users\user\Downloads\CCleanerSetup.exe
2015-01-26 00:19 - 2015-01-26 00:19 - 00822416 _____ (%VENDOR%) C:\Users\user\Downloads\Ccleaner_Setup.exe
2015-01-26 00:16 - 2015-01-26 00:16 - 00297168 _____ () C:\Windows\Minidump\012615-21746-01.dmp
2015-01-25 23:49 - 2015-01-26 00:01 - 00000173 _____ () C:\Users\user\Desktop\xIcbYvy31HB.ini
2015-01-25 23:48 - 2015-01-25 23:54 - 00000000 ____D () C:\Users\user\Desktop\applications
2015-01-25 23:43 - 2015-01-25 23:52 - 07059972 _____ () C:\Users\user\Desktop\xIcbYvy31HB.exe
2015-01-25 20:17 - 2015-01-25 20:17 - 00008790 _____ () C:\Users\user\Downloads\If_I_Stay_2014_720p.torrent
2015-01-25 17:11 - 2015-01-25 17:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\LolClient
2015-01-25 17:10 - 2015-01-25 17:10 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-01-25 17:09 - 2015-01-25 18:47 - 00000805 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-01-25 16:41 - 2015-01-25 16:44 - 00097416 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.episodes.001.622.movies.1.12.specials.tv.specials.ova.torrent
2015-01-25 16:35 - 2015-01-25 16:40 - 00101162 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.completing.series.001.589.torrent
2015-01-25 14:08 - 2015-01-25 14:08 - 00319422 _____ () C:\Users\user\Downloads\Mouse Recorder.exe
2015-01-25 13:18 - 2015-01-25 13:18 - 00001962 _____ () C:\Windows\PFRO.log
2015-01-25 13:15 - 2015-01-25 13:15 - 00000000 ____D () C:\Users\user\Documents\wondertouch
2015-01-25 13:00 - 2015-01-25 13:00 - 02752088 _____ () C:\Users\user\Downloads\LoLInstaller.exe
2015-01-25 13:00 - 2015-01-25 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Garena
2015-01-25 12:56 - 2015-01-26 01:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\GarenaPlus
2015-01-25 12:56 - 2015-01-25 12:56 - 00000857 _____ () C:\Users\Public\Desktop\Garena+.lnk
2015-01-25 12:55 - 2015-01-26 01:48 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-01-25 11:14 - 2015-01-25 11:18 - 71409120 _____ () C:\Users\user\Downloads\Garena+_Install.exe
2015-01-25 10:15 - 2015-01-25 10:18 - 25543261 _____ () C:\Users\user\Downloads\cce_2.5.242177.201_x64.zip
2015-01-25 10:10 - 2015-01-25 10:15 - 00007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-01-25 09:53 - 2015-01-25 09:53 - 00245680 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 09:49 - 2015-01-26 00:16 - 00000336 _____ () C:\Windows\setupact.log
2015-01-25 09:49 - 2015-01-25 09:50 - 00737672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 09:49 - 2015-01-25 09:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 07:44 - 2015-01-25 07:44 - 00000556 _____ () C:\Users\Public\Desktop\Touch.lnk
2015-01-25 07:41 - 2015-01-25 07:44 - 42311075 _____ (Touch 3Claws ) C:\Users\user\Downloads\SetupTouch_int(1).exe
2015-01-25 05:46 - 2015-01-25 05:46 - 00224768 _____ () C:\Users\user\Downloads\lyricsplugin-wmplayer.msi
2015-01-25 04:30 - 2015-01-25 04:30 - 00038379 _____ () C:\Users\user\Downloads\[kickass.so]taylor.swift.1989.deluxe.edition.2014.flac.dmt.torrent
2015-01-25 03:05 - 2015-01-25 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 23:40 - 2015-01-24 23:40 - 09052192 _____ (Cheat Engine ) C:\Users\user\Downloads\CheatEngine64.exe
2015-01-24 23:21 - 2015-01-24 23:21 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-24 23:02 - 2015-01-24 23:02 - 00002290 _____ () C:\Users\user\Desktop\Safe Money.lnk
2015-01-24 22:46 - 2015-01-24 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-24 22:46 - 2015-01-24 22:45 - 00002092 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-24 22:45 - 2015-01-26 01:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-24 22:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-24 22:44 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-24 22:23 - 2015-01-24 22:24 - 02351936 _____ (Kaspersky Lab) C:\Users\user\Downloads\kis15.0.1.415en_es_pt_fr_de_it_ru_6887.exe
2015-01-24 20:05 - 2015-01-24 20:06 - 05164232 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayerDevelopment.exe
2015-01-23 22:09 - 2015-01-23 22:09 - 00000026 _____ () C:\Users\user\Desktop\asdasdasdasd.txt
2015-01-23 20:38 - 2015-01-23 20:38 - 00000011 _____ () C:\Users\user\Desktop\#.txt
2015-01-23 02:59 - 2015-01-23 14:19 - 00000000 ____D () C:\Users\user\Desktop\yeah!
2015-01-21 22:21 - 2015-01-21 22:21 - 00007063 _____ () C:\Users\user\Desktop\attach.txt
2015-01-21 22:21 - 2015-01-21 22:20 - 00011022 _____ () C:\Users\user\Desktop\dds.txt
2015-01-21 22:14 - 2014-10-26 02:43 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2015-01-21 21:38 - 2015-01-26 00:13 - 00000000 ____D () C:\Users\user\Desktop\CCE
2015-01-21 21:36 - 2015-01-21 21:36 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2015-01-21 21:36 - 2015-01-21 21:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-21 21:30 - 2015-01-21 21:32 - 00003136 _____ () C:\Users\user\Desktop\Rkill.txt
2015-01-12 21:33 - 2015-01-12 21:33 - 00001307 _____ () C:\Users\user\Desktop\Play Plants vs. Zombies.lnk
2015-01-11 15:24 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Minecraft Vids
2015-01-08 03:11 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Mods minecraft
2015-01-08 01:27 - 2015-01-08 01:59 - 00000000 ____D () C:\Users\user\Desktop\PS Xhae
2015-01-07 20:09 - 2015-01-25 05:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-07 20:07 - 2015-01-07 20:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-07 17:51 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\user\Desktop\Buknoy
2015-01-06 17:08 - 2015-01-06 17:08 - 00000026 _____ () C:\Users\user\Desktop\Coordinates Nether World.txt
2015-01-06 13:33 - 2015-01-06 13:33 - 00000032 _____ () C:\Users\user\Desktop\Coordinates.txt
2014-12-28 13:32 - 2014-12-28 13:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\EA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 03:16 - 2012-10-22 09:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 00:22 - 2014-08-02 23:57 - 00959269 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 00:22 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 00:22 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 00:21 - 2012-10-22 10:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 00:17 - 2012-10-22 09:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 00:16 - 2013-12-12 21:06 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-26 00:16 - 2013-09-30 05:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 00:16 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 00:00 - 2013-04-26 02:29 - 16284672 ___SH () C:\Users\user\Desktop\Thumbs.db
2015-01-25 22:52 - 2014-01-18 01:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-01-25 20:18 - 2014-01-19 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-01-25 17:09 - 2013-12-26 04:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-01-25 15:56 - 2014-01-31 13:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2015-01-25 12:44 - 2014-10-23 07:04 - 00000000 ____D () C:\Program Files\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2015-01-25 12:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-25 12:24 - 2014-01-07 10:40 - 00778356 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 12:24 - 2009-07-14 13:13 - 00778356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 12:11 - 2014-04-23 05:48 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-25 09:41 - 2014-01-18 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-25 07:52 - 2014-11-26 17:36 - 00000000 ____D () C:\Users\user\Desktop\Inventory A+
2015-01-25 07:52 - 2014-10-20 15:48 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-01-25 07:52 - 2014-10-15 08:02 - 00000000 __SHD () C:\ProgramData\GLBHJF
2015-01-25 07:52 - 2014-05-04 07:07 - 00000000 ____D () C:\Program Files\particleIllusion 3.0
2015-01-25 07:52 - 2014-05-04 06:55 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2015-01-25 07:52 - 2014-04-04 09:47 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-25 07:52 - 2014-03-14 19:42 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater
2015-01-25 07:52 - 2014-01-19 20:23 - 00000000 ____D () C:\Program Files (x86)\Fraps Cracked
2015-01-25 07:52 - 2013-06-15 21:40 - 00424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2015-01-25 07:52 - 2013-02-06 09:53 - 00000000 ____D () C:\Program Files\TeraCopy
2015-01-25 07:52 - 2012-10-22 10:00 - 00000000 ____D () C:\Program Files (x86)\USB Disk Security
2015-01-25 07:44 - 2014-10-13 02:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Touch
2015-01-25 07:38 - 2014-10-13 02:30 - 00000000 ____D () C:\TouchDefence
2015-01-24 23:56 - 2012-10-22 10:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 23:52 - 2012-10-22 10:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:52 - 2012-10-22 10:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 23:52 - 2012-10-22 10:05 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:48 - 2014-10-20 15:06 - 02873600 _____ (Power Software Ltd) C:\Users\user\Downloads\PowerISO6-x64.exe
2015-01-24 23:48 - 2014-03-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
2015-01-24 23:48 - 2014-01-06 17:43 - 00000000 ____D () C:\Program Files (x86)\DefaultTab
2015-01-24 23:48 - 2013-04-26 01:56 - 00000000 ____D () C:\Program Files\Photoshop
2015-01-24 23:09 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-24 23:09 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-24 23:09 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-24 20:06 - 2014-04-23 18:02 - 00000000 ____D () C:\Users\user\AppData\Local\Unity
2015-01-24 15:11 - 2012-10-22 09:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 15:11 - 2012-10-22 09:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 15:01 - 2014-04-09 08:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 21:07 - 2014-01-09 07:34 - 00000000 ____D () C:\Windows\pss
2015-01-21 14:22 - 2014-03-20 16:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-20 23:19 - 2009-07-14 10:34 - 00000256 _____ () C:\Windows\system.ini
2015-01-19 16:32 - 2014-10-25 11:22 - 00000000 ____D () C:\Users\user\Desktop\Folders
2015-01-16 20:09 - 2014-07-05 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft
2015-01-16 00:00 - 2014-12-19 02:09 - 00000000 ____D () C:\Users\user\Desktop\Xhae
2015-01-11 13:12 - 2014-12-20 15:18 - 00000166 _____ () C:\Users\user\Desktop\Coords.txt
2015-01-07 20:08 - 2012-10-22 10:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 13:13 - 2009-07-14 10:34 - 00001181 _____ () C:\Windows\win.ini
2015-01-01 20:38 - 2014-01-18 01:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2015-01-01 20:34 - 2014-03-20 16:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\PopCapv1003
2014-12-31 14:18 - 2014-12-20 20:55 - 00000000 ____D () C:\Users\user\Desktop\Tuts
 
==================== Files in the root of some directories =======
 
2013-06-15 21:40 - 2015-01-25 07:52 - 0424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2014-06-15 16:30 - 2014-06-15 16:30 - 0000000 _____ () C:\Users\user\AppData\Roaming\bitlord_log.txt
2014-03-25 15:15 - 2014-09-28 07:26 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2014-04-25 04:27 - 2014-04-25 04:27 - 0000038 ___SH () C:\Users\user\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-05-06 00:49 - 2014-12-15 03:06 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 20:44 - 2014-06-15 20:44 - 0000218 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-01-25 10:10 - 2015-01-25 10:15 - 0007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2013-03-08 16:34 - 2014-02-20 23:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 08:09
 
==================== End Of Log ============================
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by user at 2015-01-26 03:16:16
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
particleIllusion 3.0.9 (HKLM\...\{7ACFC44D-C367-4046-8FD2-C43F0664F4D3}   // gene~BAB03DBF_is1) (Version:  - GenArts, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.1 - Systweak Inc) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Touch version 1.1 (HKLM-x32\...\{06A4EEFC-8692-48AB-9709-BFC268D7196C}_is1) (Version: 1.1 - Touch 3Claws)
Unity Web Player (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
25-01-2015 12:11:19 Removed League of Legends
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-25 10:23 - 2015-01-25 10:23 - 00000821 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D80115A-B97F-4D3A-AEB9-26CE254436FC} - System32\Tasks\gg_uac_daemon_user => D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {0F107F86-55AA-4732-9ECF-2C807073E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {1680CE1E-78A8-445C-84A9-2C832B2E40F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {24B97489-E6AB-4CDD-AB01-2C6306C5CAC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {28697AAA-6066-415D-8F1A-DC13D1C74BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {55390104-93D8-4D47-954B-B988D583CF39} - System32\Tasks\{4100E0D1-1D42-49FB-99F4-8E82392962A7} => pcalua.exe -a "C:\Users\user\Downloads\dxwebsetup (1).exe" -d C:\Users\user\Downloads
Task: {5EA35B19-AB0A-40FD-B7B9-B18DA8CC93A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {5F650CA3-26A3-45CC-9002-0B58A20C48D8} - System32\Tasks\{3D2EA903-206E-4A57-8527-5337C32AF768} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {717E1ACD-17A6-461F-8BCF-254F32E42090} - System32\Tasks\{D92CD866-4062-47E7-91DF-8FB8FB860042} => pcalua.exe -a C:\Users\user\AppData\Roaming\.minecraft\Uninstall.exe -d C:\Users\user\AppData\Roaming\.minecraft
Task: {BA844042-1019-408B-B7FE-DA04641457B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C6EE4F5F-0D2E-44DD-A59C-3A1D9DBFC550} - System32\Tasks\{63C5E50E-84F0-4E09-81A1-1E1A9B2EAE82} => pcalua.exe -a C:\Users\user\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\user\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5920
Task: {D34EB5E2-97E7-4ED8-8BF3-4E5664101588} - System32\Tasks\{5EB0A5EB-5EF4-4226-9257-D0CBA1B438EB} => pcalua.exe -a "D:\GAMES\LAN GAMES\Diablo II\Copy of Diablo II.exe" -d "D:\GAMES\LAN GAMES\Diablo II"
Task: {DA055CDB-108D-4D86-86C9-0C700E75BAD6} - System32\Tasks\{0C4D2E39-1641-4A3D-A6D8-AD03574926D5} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {DF5BE9C5-4670-4DC3-BDC4-CF5EE5481F0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {F7D319F0-217B-4EC3-9D51-ED116B1DC515} - System32\Tasks\{F807A5D2-6E6D-4F0C-815F-8BE0282084BB} => pcalua.exe -a "C:\Users\user\Desktop\Photoshop\Portable Adobe Photoshop CS4  Special Edition.exe" -d C:\Users\user\Desktop\Photoshop
Task: {FD4E9959-A752-4C4A-8B2C-DAEA6560AD0F} - System32\Tasks\{7F3D87BD-CAC5-49D0-917D-B6F5D28C1FBF} => pcalua.exe -a "C:\Users\user\Downloads\dotNetFx35setup (1).exe" -d C:\Users\user\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-06 09:53 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-10-22 10:08 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-02-06 09:53 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00055896 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
2014-01-04 21:44 - 2014-01-04 21:44 - 00143488 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
2014-01-06 17:43 - 2014-01-06 17:43 - 00107520 _____ () C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
2015-01-20 20:20 - 2015-01-20 20:20 - 09981528 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe
2015-01-16 12:27 - 2015-01-16 12:27 - 06794328 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\BBtalk.exe
2015-01-20 20:20 - 2015-01-20 20:20 - 00560216 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggspawn.dll
2014-01-04 21:44 - 2013-10-29 14:08 - 02869720 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00111192 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\CommonLib.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00040024 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\DibModule.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00034392 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\VersionModule.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00057944 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\FileLoader.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00093784 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\PluginKernel.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00493656 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\CxImage.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00031832 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\PluginModule.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00177240 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\fs\YYFileSystem.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00380504 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\Http.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00191064 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lame_enc.DLL
2015-01-20 20:20 - 2015-01-20 20:20 - 00226392 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\TaskManagerLib.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00112728 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\UILayout.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00964696 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\XLL.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00061528 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\sqlite3.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00231000 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\StatsPlugin.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00961112 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\ggplugin.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00199256 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ImageModule.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00161880 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\libmpg123.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 02947672 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggdownloader.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00072280 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\AudioMixerLib.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00023128 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\ClientTcp.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 01551960 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\libzmq.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00962648 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\GaFileTransfer.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00251480 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\MediaEngine.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00032856 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ServerMemAlloc.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00523352 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\RSALib.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00074840 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\lib\delay_load\UdtLib.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00153688 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\xIM.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00596568 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\xim\plugin_msn.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00467032 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\xim\plugin_xmpp.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00201304 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\xim\plugin_yahoo.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00107608 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\PlatformPlugin.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00243288 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\PluginNews.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00404056 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\GarenaTalkPlugin.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00293464 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\DailyTaskPlugin.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00222808 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\Plugins\GameSalePlugin.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00073304 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\InputHook.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 02456152 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\Overlay.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00110680 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\CommonLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00069720 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\PluginKernel.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00039512 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\DibModule.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00388696 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\ImageModule.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00823896 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\gagmhook.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00047704 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lollauncher.dll
2015-01-16 13:24 - 2015-01-16 13:24 - 00029272 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\VersionModule.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00454600 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\sqlite3.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00115288 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00036440 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00431192 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\exchndl.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00083544 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\FileManager.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00059480 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\FileSystem.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00380504 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\Http.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00053336 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\InputHookLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00048216 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\IPCLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00062040 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\LangLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00096344 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\audiohost.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00141400 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00036952 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\MP3Saver.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00244824 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\libmp3lame.DLL
2015-01-16 12:27 - 2015-01-16 12:27 - 01054296 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00062552 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\ResLib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00105560 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\PngModule.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00134232 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\TcpClient.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00143960 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\UdpClient.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00117336 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\UILayout.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00872536 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\UILib.dll
2015-01-16 12:27 - 2015-01-16 12:27 - 00062040 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\lib\XmlUIModule.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo Messenger!.lnk => C:\Windows\pss\Yahoo Messenger!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KakaoTalk => "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB Antivirus => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2520790421-254736193-3744350732-500 - Administrator - Disabled)
Guest (S-1-5-21-2520790421-254736193-3744350732-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2520790421-254736193-3744350732-1003 - Limited - Enabled)
user (S-1-5-21-2520790421-254736193-3744350732-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2015 00:17:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x6cc
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (01/26/2015 00:07:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x6b8
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (01/26/2015 00:06:00 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Error: (01/26/2015 00:06:00 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Error: (01/26/2015 00:05:35 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (01/25/2015 05:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LoL.exe, version: 1.0.0.29, time stamp: 0x4d002eb2
Faulting module name: LoL.exe, version: 1.0.0.29, time stamp: 0x4d002eb2
Exception code: 0xc0000005
Fault offset: 0x00040565
Faulting process id: 0x1474
Faulting application start time: 0xLoL.exe0
Faulting application path: LoL.exe1
Faulting module path: LoL.exe2
Report Id: LoL.exe3
 
Error: (01/25/2015 00:11:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/25/2015 00:11:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/25/2015 10:52:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x7bc
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (01/25/2015 09:50:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x5d8
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
 
System errors:
=============
Error: (01/26/2015 00:19:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/26/2015 00:18:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/26/2015 00:18:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/26/2015 00:17:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
 
Error: (01/26/2015 00:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The S service failed to start due to the following error: 
%%2
 
Error: (01/26/2015 00:16:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
%%1053
 
Error: (01/26/2015 00:16:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.
 
Error: (01/26/2015 00:16:46 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0xfffffa821a4582c8, 0x0000000000000002, 0x0000000000000000, 0xfffff88001e80075)C:\Windows\MEMORY.DMP012615-21746-01
 
Error: (01/26/2015 00:16:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:15:11 AM on ‎1/‎26/‎2015 was unexpected.
 
Error: (01/26/2015 00:13:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\user\Desktop\CCE\ccekrnl.dat has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (01/26/2015 00:17:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c806cc01d038ba58a8686fC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe9fddc829-a4ad-11e4-8da8-7427ea02c1d4
 
Error: (01/26/2015 00:07:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c806b801d038b90a6fcc9fC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe51be13a5-a4ac-11e4-8cc5-7427ea02c1d4
 
Error: (01/26/2015 00:06:00 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Error: (01/26/2015 00:06:00 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Error: (01/26/2015 00:05:35 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsm.exe1
 
Error: (01/25/2015 05:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LoL.exe1.0.0.294d002eb2LoL.exe1.0.0.294d002eb2c000000500040565147401d0387ebdeb6105D:\GAMES\ONLINE GAMES\GameData\Apps\LoLPH\LoL.exeD:\GAMES\ONLINE GAMES\GameData\Apps\LoLPH\LoL.exe04934ef9-a472-11e4-b41a-7427ea02c1d4
 
Error: (01/25/2015 00:11:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (01/25/2015 00:11:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (01/25/2015 10:52:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c807bc01d03849ebf4f584C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe33817a71-a43d-11e4-b148-7427ea02c1d4
 
Error: (01/25/2015 09:50:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c805d801d038414c0d1126C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe9a18958d-a434-11e4-aba8-7427ea02c1d4
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-04 00:51:08.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:07.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 26%
Total physical RAM: 3977.05 MB
Available physical RAM: 2926.07 MB
Total Pagefile: 7952.29 MB
Available Pagefile: 6433.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:46.28 GB) (Free:3.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GAMES DRIVE) (Fixed) (Total:419.48 GB) (Free:10.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73DBDD46)
Partition 1: (Active) - (Size=46.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=419.5 GB) - (Type=05)
 
==================== End Of Log ============================

Edited by Marnel, 25 January 2015 - 02:30 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 25 January 2015 - 02:32 PM

Hey, :)
Well done.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 25 January 2015 - 04:14 PM

Scans:

 

Adwcleaner[R0]:

# AdwCleaner v4.109 - Report created 26/01/2015 at 04:23:33
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : user - BAUTISTA
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : 70e6ca8c
Service Found : DefaultTabSearch
Service Found : DefaultTabUpdate
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\invalidprefs.js
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\searchplugins\default-search.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\user.js
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\il1dvo6n.default\user.js
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjavt8eh.default-1389747203138\user.js
File Found : C:\users\user\daemonprocess.txt
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\defaulttab
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\RegClean Pro
Folder Found : C:\Program Files (x86)\SoftwareUpdater
Folder Found : C:\Program Files\Uninstaller
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found : C:\ProgramData\WindowsProtectManger
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\users\user\AppData\Roaming\defaulttab
Folder Found : C:\users\user\AppData\Roaming\FirefoxToolbar
Folder Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\Extensions\quick_start@gmail.com
Folder Found : C:\users\user\AppData\Roaming\OpenCandy
Folder Found : C:\users\user\AppData\Roaming\PerformerSoft
Folder Found : C:\users\user\AppData\Roaming\Systweak
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : HKLM\SOFTWARE\SoftwareUpdater
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\supWindowsProtectManger
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=492&aid=333&itype=a&ver=15005&tm=492&src=hmp
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
[6jaxo2qg.default] - Line Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP43889F70-8A40-455[...]
[6jaxo2qg.default] - Line Found : user_pref("browser.search.defaultenginename", "default-search.net");
[6jaxo2qg.default] - Line Found : user_pref("browser.search.order.1", "default-search.net");
[6jaxo2qg.default] - Line Found : user_pref("browser.search.selectedEngine", "default-search.net");
[6jaxo2qg.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=492&aid=333&itype=a&ver=15005&tm=492&src=hmp");
[6jaxo2qg.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"quick_start@gmail.com\":{\"d\":\"C:\\\\Users\\\\user\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\6jaxo2qg.default\\\\extensions\\\\[...]
[6jaxo2qg.default] - Line Found : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p=");
 
-\\ Google Chrome v40.0.2214.91
 
 
*************************
 
AdwCleaner[R0].txt - [11192 octets] - [26/01/2015 04:23:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11253 octets] ##########
 
 
Adwcleaner[S0]:
# AdwCleaner v4.109 - Report created 26/01/2015 at 04:26:58
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : user - BAUTISTA
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : 70e6ca8c
[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsProtectManger
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files (x86)\defaulttab
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\users\user\AppData\Roaming\defaulttab
Folder Deleted : C:\users\user\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\users\user\AppData\Roaming\OpenCandy
Folder Deleted : C:\users\user\AppData\Roaming\PerformerSoft
Folder Deleted : C:\users\user\AppData\Roaming\Systweak
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\users\user\daemonprocess.txt
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\invalidprefs.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\searchplugins\default-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default\user.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\il1dvo6n.default\user.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjavt8eh.default-1389747203138\user.js
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsProtectManger
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP43889F70-8A40-455[...]
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=492&aid=333&itype=a&ver=15005&tm=492&src=hmp");
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"quick_start@gmail.com\":{\"d\":\"C:\\\\Users\\\\user\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\6jaxo2qg.default\\\\extensions\\\\[...]
[6jaxo2qg.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=492&aid=333&itype=a&ver=15005&tm=492&src=ds&p=");
 
-\\ Google Chrome v40.0.2214.91
 
 
*************************
 
AdwCleaner[R0].txt - [11434 octets] - [26/01/2015 04:23:33]
AdwCleaner[S0].txt - [10388 octets] - [26/01/2015 04:26:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10449 octets] ##########
 
 
Malwarebytes Anti-Malware:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 1/26/2015 4:31:47 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Starting, 
Protection, 1/26/2015 4:31:47 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Started, 
Protection, 1/26/2015 4:31:47 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Starting, 
Protection, 1/26/2015 4:32:15 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Started, 
Update, 1/26/2015 4:32:27 AM, SYSTEM, BAUTISTA, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 1/26/2015 4:32:27 AM, SYSTEM, BAUTISTA, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 1/26/2015 4:32:57 AM, SYSTEM, BAUTISTA, Manual, Malware Database, 2014.11.20.6, 2015.1.25.10, 
Protection, 1/26/2015 4:32:58 AM, SYSTEM, BAUTISTA, Protection, Refresh, Starting, 
Protection, 1/26/2015 4:32:58 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Stopping, 
Protection, 1/26/2015 4:32:58 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Stopped, 
Protection, 1/26/2015 4:33:02 AM, SYSTEM, BAUTISTA, Protection, Refresh, Success, 
Protection, 1/26/2015 4:33:02 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Starting, 
Protection, 1/26/2015 4:33:03 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Started, 
Scan, 1/26/2015 4:54:07 AM, SYSTEM, BAUTISTA, Manual, Start:1/26/2015 4:34:06 AM, Duration:14 min 46 sec, Threat Scan, Completed, 1 Malware Detection, 18 Non-Malware Detections, 
Protection, 1/26/2015 4:55:26 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Starting, 
Protection, 1/26/2015 4:55:26 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Started, 
Protection, 1/26/2015 4:55:26 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Starting, 
Protection, 1/26/2015 4:57:59 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Starting, 
Protection, 1/26/2015 4:58:00 AM, SYSTEM, BAUTISTA, Protection, Malware Protection, Started, 
Protection, 1/26/2015 4:58:00 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Starting, 
Protection, 1/26/2015 5:00:47 AM, SYSTEM, BAUTISTA, Protection, Malicious Website Protection, Started, 
 
(end)
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by user on Mon 01/26/2015 at  5:02:03.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{76C29BD2-9684-423D-A99A-EFA15D8DFD55}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\6jaxo2qg.default\minidumps [173 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/26/2015 at  5:07:02.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by user (administrator) on BAUTISTA on 26-01-2015 05:07:30
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\Run: [GarenaPlus] => D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {1e89a37d-d3c1-11e3-b835-7427ea02c1d4} - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {fe4555c4-de52-11e3-b727-7427ea02c1d4} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {26314958-A633-434B-84F0-AFD107022F56} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 rqryii; C:\Users\user\Desktop\CCE\ccekrnl.dat [374792 2012-07-09] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2015-01-21] ()
S3 dump_wmimmc; \??\D:\GAMES\ONLINE GAMES\PSO2_Full_Client_2.0221.4\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\ONLINE GAMES\Garena Plus\Room\safedrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hxsyol; \??\D:\GAMES\ONLINE GAMES\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S0 ohcmj; System32\drivers\ombsuyy.sys [X]
S2 S; C [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 05:07 - 2015-01-26 05:07 - 00018623 _____ () C:\Users\user\Desktop\FRST.txt
2015-01-26 05:07 - 2015-01-26 05:07 - 00000977 _____ () C:\Users\user\Desktop\JRT.txt
2015-01-26 05:02 - 2015-01-26 05:02 - 00000000 ____D () C:\Windows\ERUNT
2015-01-26 04:32 - 2015-01-26 05:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 04:31 - 2015-01-26 04:31 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 04:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 04:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 04:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 04:23 - 2015-01-26 04:27 - 00000000 ____D () C:\AdwCleaner
2015-01-26 04:21 - 2015-01-26 04:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-26 04:21 - 2015-01-26 04:22 - 01707939 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2015-01-26 04:21 - 2015-01-26 04:21 - 02194432 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2015-01-26 03:15 - 2015-01-26 05:07 - 00000000 ____D () C:\FRST
2015-01-26 03:14 - 2015-01-26 03:14 - 02129920 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-01-26 00:21 - 2015-01-26 00:21 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 00:21 - 2015-01-26 00:21 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 00:21 - 2015-01-26 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 00:20 - 2015-01-26 00:20 - 04813544 _____ (Piriform Ltd) C:\Users\user\Downloads\CCleanerSetup.exe
2015-01-26 00:19 - 2015-01-26 00:19 - 00822416 _____ (%VENDOR%) C:\Users\user\Downloads\Ccleaner_Setup.exe
2015-01-26 00:16 - 2015-01-26 00:16 - 00297168 _____ () C:\Windows\Minidump\012615-21746-01.dmp
2015-01-25 23:49 - 2015-01-26 00:01 - 00000173 _____ () C:\Users\user\Desktop\xIcbYvy31HB.ini
2015-01-25 23:48 - 2015-01-25 23:54 - 00000000 ____D () C:\Users\user\Desktop\applications
2015-01-25 23:43 - 2015-01-25 23:52 - 07059972 _____ () C:\Users\user\Desktop\xIcbYvy31HB.exe
2015-01-25 20:17 - 2015-01-25 20:17 - 00008790 _____ () C:\Users\user\Downloads\If_I_Stay_2014_720p.torrent
2015-01-25 17:11 - 2015-01-25 17:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\LolClient
2015-01-25 17:10 - 2015-01-25 17:10 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-01-25 17:09 - 2015-01-25 18:47 - 00000805 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-01-25 16:41 - 2015-01-25 16:44 - 00097416 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.episodes.001.622.movies.1.12.specials.tv.specials.ova.torrent
2015-01-25 16:35 - 2015-01-25 16:40 - 00101162 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.completing.series.001.589.torrent
2015-01-25 14:08 - 2015-01-25 14:08 - 00319422 _____ () C:\Users\user\Downloads\Mouse Recorder.exe
2015-01-25 13:18 - 2015-01-26 04:57 - 00006536 _____ () C:\Windows\PFRO.log
2015-01-25 13:15 - 2015-01-25 13:15 - 00000000 ____D () C:\Users\user\Documents\wondertouch
2015-01-25 13:00 - 2015-01-25 13:00 - 02752088 _____ () C:\Users\user\Downloads\LoLInstaller.exe
2015-01-25 13:00 - 2015-01-25 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Garena
2015-01-25 12:56 - 2015-01-26 05:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\GarenaPlus
2015-01-25 12:56 - 2015-01-25 12:56 - 00000857 _____ () C:\Users\Public\Desktop\Garena+.lnk
2015-01-25 12:55 - 2015-01-26 05:01 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-01-25 11:14 - 2015-01-25 11:18 - 71409120 _____ () C:\Users\user\Downloads\Garena+_Install.exe
2015-01-25 10:15 - 2015-01-25 10:18 - 25543261 _____ () C:\Users\user\Downloads\cce_2.5.242177.201_x64.zip
2015-01-25 10:10 - 2015-01-25 10:15 - 00007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-01-25 09:53 - 2015-01-25 09:53 - 00245680 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 09:49 - 2015-01-26 05:04 - 00000728 _____ () C:\Windows\setupact.log
2015-01-25 09:49 - 2015-01-25 09:50 - 00737672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 09:49 - 2015-01-25 09:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 07:44 - 2015-01-25 07:44 - 00000556 _____ () C:\Users\Public\Desktop\Touch.lnk
2015-01-25 07:41 - 2015-01-25 07:44 - 42311075 _____ (Touch 3Claws ) C:\Users\user\Downloads\SetupTouch_int(1).exe
2015-01-25 05:46 - 2015-01-25 05:46 - 00224768 _____ () C:\Users\user\Downloads\lyricsplugin-wmplayer.msi
2015-01-25 04:30 - 2015-01-25 04:30 - 00038379 _____ () C:\Users\user\Downloads\[kickass.so]taylor.swift.1989.deluxe.edition.2014.flac.dmt.torrent
2015-01-25 03:05 - 2015-01-25 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 23:40 - 2015-01-24 23:40 - 09052192 _____ (Cheat Engine ) C:\Users\user\Downloads\CheatEngine64.exe
2015-01-24 23:21 - 2015-01-24 23:21 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-24 23:02 - 2015-01-24 23:02 - 00002290 _____ () C:\Users\user\Desktop\Safe Money.lnk
2015-01-24 22:46 - 2015-01-24 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-24 22:46 - 2015-01-24 22:45 - 00002092 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-24 22:45 - 2015-01-26 04:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-24 22:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-24 22:44 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-24 22:23 - 2015-01-24 22:24 - 02351936 _____ (Kaspersky Lab) C:\Users\user\Downloads\kis15.0.1.415en_es_pt_fr_de_it_ru_6887.exe
2015-01-24 20:05 - 2015-01-24 20:06 - 05164232 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayerDevelopment.exe
2015-01-23 22:09 - 2015-01-23 22:09 - 00000026 _____ () C:\Users\user\Desktop\asdasdasdasd.txt
2015-01-23 20:38 - 2015-01-23 20:38 - 00000011 _____ () C:\Users\user\Desktop\#.txt
2015-01-23 02:59 - 2015-01-23 14:19 - 00000000 ____D () C:\Users\user\Desktop\yeah!
2015-01-21 22:14 - 2014-10-26 02:43 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2015-01-21 21:38 - 2015-01-26 05:06 - 00000000 ____D () C:\Users\user\Desktop\CCE
2015-01-21 21:36 - 2015-01-21 21:36 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2015-01-21 21:36 - 2015-01-21 21:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-12 21:33 - 2015-01-12 21:33 - 00001307 _____ () C:\Users\user\Desktop\Play Plants vs. Zombies.lnk
2015-01-11 15:24 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Minecraft Vids
2015-01-08 03:11 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Mods minecraft
2015-01-08 01:27 - 2015-01-08 01:59 - 00000000 ____D () C:\Users\user\Desktop\PS Xhae
2015-01-07 20:09 - 2015-01-25 05:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-07 20:07 - 2015-01-07 20:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-07 17:51 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\user\Desktop\Buknoy
2015-01-06 17:08 - 2015-01-06 17:08 - 00000026 _____ () C:\Users\user\Desktop\Coordinates Nether World.txt
2015-01-06 13:33 - 2015-01-06 13:33 - 00000032 _____ () C:\Users\user\Desktop\Coordinates.txt
2014-12-28 13:32 - 2014-12-28 13:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\EA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 05:03 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 05:03 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 05:02 - 2014-08-02 23:57 - 00966427 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 04:58 - 2012-10-22 09:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 04:57 - 2013-12-12 21:06 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-26 04:57 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 04:54 - 2014-10-15 08:02 - 00000000 __SHD () C:\ProgramData\GLBHJF
2015-01-26 04:54 - 2009-07-14 15:46 - 00000000 ____D () C:\Windows\RemotePackages
2015-01-26 04:16 - 2012-10-22 09:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 00:21 - 2012-10-22 10:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 00:16 - 2013-09-30 05:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 00:00 - 2013-04-26 02:29 - 16284672 ___SH () C:\Users\user\Desktop\Thumbs.db
2015-01-25 22:52 - 2014-01-18 01:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-01-25 20:18 - 2014-01-19 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-01-25 17:09 - 2013-12-26 04:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-01-25 15:56 - 2014-01-31 13:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2015-01-25 12:44 - 2014-10-23 07:04 - 00000000 ____D () C:\Program Files\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2015-01-25 12:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-25 12:24 - 2014-01-07 10:40 - 00778356 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 12:24 - 2009-07-14 13:13 - 00778356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 09:41 - 2014-01-18 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-25 07:52 - 2014-11-26 17:36 - 00000000 ____D () C:\Users\user\Desktop\Inventory A+
2015-01-25 07:52 - 2014-10-20 15:48 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-01-25 07:52 - 2014-05-04 07:07 - 00000000 ____D () C:\Program Files\particleIllusion 3.0
2015-01-25 07:52 - 2014-04-04 09:47 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-25 07:52 - 2014-01-19 20:23 - 00000000 ____D () C:\Program Files (x86)\Fraps Cracked
2015-01-25 07:52 - 2013-06-15 21:40 - 00424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2015-01-25 07:52 - 2013-02-06 09:53 - 00000000 ____D () C:\Program Files\TeraCopy
2015-01-25 07:52 - 2012-10-22 10:00 - 00000000 ____D () C:\Program Files (x86)\USB Disk Security
2015-01-25 07:44 - 2014-10-13 02:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Touch
2015-01-25 07:38 - 2014-10-13 02:30 - 00000000 ____D () C:\TouchDefence
2015-01-24 23:56 - 2012-10-22 10:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 23:52 - 2012-10-22 10:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:52 - 2012-10-22 10:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 23:52 - 2012-10-22 10:05 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:48 - 2014-03-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
2015-01-24 23:48 - 2013-04-26 01:56 - 00000000 ____D () C:\Program Files\Photoshop
2015-01-24 23:09 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-24 23:09 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-24 23:09 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-24 20:06 - 2014-04-23 18:02 - 00000000 ____D () C:\Users\user\AppData\Local\Unity
2015-01-24 15:11 - 2012-10-22 09:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 15:11 - 2012-10-22 09:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 15:01 - 2014-04-09 08:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 21:07 - 2014-01-09 07:34 - 00000000 ____D () C:\Windows\pss
2015-01-21 14:22 - 2014-03-20 16:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-20 23:19 - 2009-07-14 10:34 - 00000256 _____ () C:\Windows\system.ini
2015-01-19 16:32 - 2014-10-25 11:22 - 00000000 ____D () C:\Users\user\Desktop\Folders
2015-01-16 20:09 - 2014-07-05 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft
2015-01-16 00:00 - 2014-12-19 02:09 - 00000000 ____D () C:\Users\user\Desktop\Xhae
2015-01-11 13:12 - 2014-12-20 15:18 - 00000166 _____ () C:\Users\user\Desktop\Coords.txt
2015-01-07 20:08 - 2012-10-22 10:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 13:13 - 2009-07-14 10:34 - 00001181 _____ () C:\Windows\win.ini
2015-01-01 20:38 - 2014-01-18 01:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2015-01-01 20:34 - 2014-03-20 16:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\PopCapv1003
2014-12-31 14:18 - 2014-12-20 20:55 - 00000000 ____D () C:\Users\user\Desktop\Tuts
 
==================== Files in the root of some directories =======
 
2013-06-15 21:40 - 2015-01-25 07:52 - 0424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2014-06-15 16:30 - 2014-06-15 16:30 - 0000000 _____ () C:\Users\user\AppData\Roaming\bitlord_log.txt
2014-03-25 15:15 - 2014-09-28 07:26 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2014-04-25 04:27 - 2014-04-25 04:27 - 0000038 ___SH () C:\Users\user\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-05-06 00:49 - 2014-12-15 03:06 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 20:44 - 2014-06-15 20:44 - 0000218 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-01-25 10:10 - 2015-01-25 10:15 - 0007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2013-03-08 16:34 - 2014-02-20 23:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 08:09
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by user at 2015-01-26 05:08:13
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
particleIllusion 3.0.9 (HKLM\...\{7ACFC44D-C367-4046-8FD2-C43F0664F4D3}   // gene~BAB03DBF_is1) (Version:  - GenArts, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Touch version 1.1 (HKLM-x32\...\{06A4EEFC-8692-48AB-9709-BFC268D7196C}_is1) (Version: 1.1 - Touch 3Claws)
Unity Web Player (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-25 10:23 - 2015-01-25 10:23 - 00000821 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F107F86-55AA-4732-9ECF-2C807073E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {1680CE1E-78A8-445C-84A9-2C832B2E40F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {24B97489-E6AB-4CDD-AB01-2C6306C5CAC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {28697AAA-6066-415D-8F1A-DC13D1C74BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {55390104-93D8-4D47-954B-B988D583CF39} - System32\Tasks\{4100E0D1-1D42-49FB-99F4-8E82392962A7} => pcalua.exe -a "C:\Users\user\Downloads\dxwebsetup (1).exe" -d C:\Users\user\Downloads
Task: {5EA35B19-AB0A-40FD-B7B9-B18DA8CC93A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {5F650CA3-26A3-45CC-9002-0B58A20C48D8} - System32\Tasks\{3D2EA903-206E-4A57-8527-5337C32AF768} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {717E1ACD-17A6-461F-8BCF-254F32E42090} - System32\Tasks\{D92CD866-4062-47E7-91DF-8FB8FB860042} => pcalua.exe -a C:\Users\user\AppData\Roaming\.minecraft\Uninstall.exe -d C:\Users\user\AppData\Roaming\.minecraft
Task: {BA844042-1019-408B-B7FE-DA04641457B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C53D1F72-9B5D-4255-A6E2-5720D4208E34} - System32\Tasks\gg_uac_daemon_user => D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {C6EE4F5F-0D2E-44DD-A59C-3A1D9DBFC550} - System32\Tasks\{63C5E50E-84F0-4E09-81A1-1E1A9B2EAE82} => pcalua.exe -a C:\Users\user\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\user\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5920
Task: {D34EB5E2-97E7-4ED8-8BF3-4E5664101588} - System32\Tasks\{5EB0A5EB-5EF4-4226-9257-D0CBA1B438EB} => pcalua.exe -a "D:\GAMES\LAN GAMES\Diablo II\Copy of Diablo II.exe" -d "D:\GAMES\LAN GAMES\Diablo II"
Task: {DA055CDB-108D-4D86-86C9-0C700E75BAD6} - System32\Tasks\{0C4D2E39-1641-4A3D-A6D8-AD03574926D5} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {DF5BE9C5-4670-4DC3-BDC4-CF5EE5481F0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {F7D319F0-217B-4EC3-9D51-ED116B1DC515} - System32\Tasks\{F807A5D2-6E6D-4F0C-815F-8BE0282084BB} => pcalua.exe -a "C:\Users\user\Desktop\Photoshop\Portable Adobe Photoshop CS4  Special Edition.exe" -d C:\Users\user\Desktop\Photoshop
Task: {FD4E9959-A752-4C4A-8B2C-DAEA6560AD0F} - System32\Tasks\{7F3D87BD-CAC5-49D0-917D-B6F5D28C1FBF} => pcalua.exe -a "C:\Users\user\Downloads\dotNetFx35setup (1).exe" -d C:\Users\user\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-20 20:20 - 2015-01-20 20:20 - 00055896 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00560216 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggspawn.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo Messenger!.lnk => C:\Windows\pss\Yahoo Messenger!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KakaoTalk => "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB Antivirus => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2520790421-254736193-3744350732-500 - Administrator - Disabled)
Guest (S-1-5-21-2520790421-254736193-3744350732-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2520790421-254736193-3744350732-1003 - Limited - Enabled)
user (S-1-5-21-2520790421-254736193-3744350732-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-04 00:51:08.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:07.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 33%
Total physical RAM: 3977.05 MB
Available physical RAM: 2646.35 MB
Total Pagefile: 7952.29 MB
Available Pagefile: 6381.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:46.28 GB) (Free:4.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GAMES DRIVE) (Fixed) (Total:419.48 GB) (Free:10.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73DBDD46)
Partition 1: (Active) - (Size=46.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=419.5 GB) - (Type=05)
 
==================== End Of Log ============================

Edited by Marnel, 25 January 2015 - 04:15 PM.


#6 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 26 January 2015 - 03:18 AM

Bump



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 26 January 2015 - 10:47 AM

Why are you bumping me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 26 January 2015 - 11:17 AM

Oh no sorry I posted that so it will be on the 1st page.



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 26 January 2015 - 12:07 PM

Hey, :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 26 January 2015 - 12:44 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/26/2015
Scan Time: 4:34:06 AM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.25.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335841
Time Elapsed: 14 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [2b26c334226784b2141fe911b44e60a0], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2520790421-254736193-3744350732-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [2b26c334226784b2141fe911b44e60a0], 
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [3d14c82f692054e2a3788a6ec43e8a76], 
PUP.Optional.RelatedSearchs.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [3d14c82f692054e2a3788a6ec43e8a76], 
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, Quarantined, [5100de19e1a887af09500a89ed16b24e], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, Quarantined, [272a589f4a3f2214005788fad42fe51b], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [044d2dca6e1b7eb88e1bd0f392717888], 
 
Registry Values: 2
PUP.Optional.RelatedSearchs.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [3d14c82f692054e2a3788a6ec43e8a76], 
PUP.Optional.RelatedSearchs.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [4e033fb8a4e562d477a430c819e9a15f], 
 
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[1f32787f0188ca6c30d1b0f0cb3a06fa]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[2a27a651abde68ce3cc6c9d79b6ada26]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[f061d91e5e2b82b46f94267aeb1a09f7]
 
Folders: 1
PUP.Optional.Datamngr.A, C:\Users\user\AppData\LocalLow\DataMngr, Quarantined, [68e9ca2d494014227898d473ae557a86], 
 
Files: 6
Trojan.Monder, C:\ProgramData\GLBHJF\BBG.01, Quarantined, [6ae7c53204853ff72eed9e9023deb64a], 
PUP.Ardamax, C:\ProgramData\GLBHJF\BBG.02, Quarantined, [eb6634c397f2ea4c0db965c8f40dcb35], 
PUP.Optional.Linkey.A, C:\Windows\Temp\b3017161\SettingsManagerSetup.exe, Quarantined, [88c98f6899f0c67069fd79327190ce32], 
PUP.Optional.OpenCandy, C:\Users\user\Downloads\PowerISO6-x64.exe, Quarantined, [f160ad4ae4a555e1fa860dbefe07728e], 
PUP.Optional.MindSpark.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mywebface.dl.tb.ask.com_0.localstorage-journal, Quarantined, [3c15f8ffcabf0432b0aa579bc143f709], 
PUP.Optional.Datamngr.A, C:\Users\user\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Quarantined, [68e9ca2d494014227898d473ae557a86], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 26 January 2015 - 01:15 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: E - E:\AutoRun.exe
    HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {1e89a37d-d3c1-11e3-b835-7427ea02c1d4} - E:\AutoRun.exe
    HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {fe4555c4-de52-11e3-b727-7427ea02c1d4} - E:\AutoRun.exe
    ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 28 January 2015 - 08:30 PM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015

Ran by user at 2015-01-29 07:42:40 Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {1e89a37d-d3c1-11e3-b835-7427ea02c1d4} - E:\AutoRun.exe
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\MountPoints2: {fe4555c4-de52-11e3-b727-7427ea02c1d4} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MF8449CD1-8083-4CBE-8CC4-488DA5CDFD7D&SearchSource=55&CUI=&UM=6&UP=SP43889F70-8A40-455B-A54A-5C2798A2B8E1&SSPV=
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2520790421-254736193-3744350732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-2520790421-254736193-3744350732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e89a37d-d3c1-11e3-b835-7427ea02c1d4}" => Key deleted successfully.
HKCR\CLSID\{1e89a37d-d3c1-11e3-b835-7427ea02c1d4} => Key not found. 
"HKU\S-1-5-21-2520790421-254736193-3744350732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4555c4-de52-11e3-b727-7427ea02c1d4}" => Key deleted successfully.
HKCR\CLSID\{fe4555c4-de52-11e3-b727-7427ea02c1d4} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaIconsOverlay" => Key deleted successfully.
HKCR\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
EmptyTemp: => Removed 993.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 07:44:28 ====
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by user (administrator) on BAUTISTA on 29-01-2015 07:51:23
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\wmi64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\Run: [GarenaPlus] => D:\GAMES\ONLINE GAMES\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-02] (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.lnk
ShortcutTarget: Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.lnk -> C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2520790421-254736193-3744350732-1000 -> {26314958-A633-434B-84F0-AFD107022F56} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6jaxo2qg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\ONLINE GAMES\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2520790421-254736193-3744350732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-24]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
U2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 rqryii; C:\Users\user\Desktop\CCE\ccekrnl.dat [374792 2012-07-09] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2015-01-21] ()
S3 dump_wmimmc; \??\D:\GAMES\ONLINE GAMES\PSO2_Full_Client_2.0221.4\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\ONLINE GAMES\Garena Plus\Room\safedrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hxsyol; \??\D:\GAMES\ONLINE GAMES\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S0 ohcmj; System32\drivers\ombsuyy.sys [X]
S2 S; C [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 07:52 - 2015-01-29 07:52 - 01620229 _____ () C:\Users\user\Downloads\Unconfirmed 446872.crdownload
2015-01-29 07:51 - 2015-01-29 07:51 - 00018074 _____ () C:\Users\user\Desktop\FRST.txt
2015-01-29 07:42 - 2015-01-29 07:42 - 02130432 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-01-29 00:06 - 2015-01-29 00:06 - 00000651 _____ () C:\Users\user\Desktop\auto click.smr
2015-01-28 17:55 - 2015-01-28 17:55 - 00021781 _____ () C:\Users\user\Downloads\[kickass.so]the.flash.2014.s01e11.the.sound.and.the.fury.web.dl.x264.aac.torrent
2015-01-27 08:35 - 2015-01-27 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 04:45 - 2015-01-27 04:45 - 00210700 _____ () C:\Users\user\Downloads\hacked.rar
2015-01-27 04:37 - 2015-01-28 00:11 - 00000173 _____ () C:\Users\user\Desktop\xIcbYvy31HB.ini
2015-01-27 04:37 - 2015-01-27 04:38 - 00000000 ____D () C:\Users\user\Desktop\applications
2015-01-27 04:36 - 2015-01-27 04:37 - 07059972 _____ () C:\Users\user\Desktop\xIcbYvy31HB.exe
2015-01-26 23:51 - 2015-01-27 00:18 - 160828821 _____ () C:\Users\user\Documents\HunterXHunter - 43.avi
2015-01-26 12:36 - 2015-01-27 08:25 - 00000000 ____D () C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}
2015-01-26 09:17 - 2015-01-26 09:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\freemkvtomp4converter
2015-01-26 09:14 - 2015-01-26 09:14 - 00003212 _____ () C:\Windows\System32\Tasks\{D14202EC-F9D1-4662-87A3-041237080A69}
2015-01-26 09:05 - 2015-01-26 09:05 - 00000680 _____ () C:\Users\Public\Desktop\Free MKV To AVI Converter.lnk
2015-01-26 09:05 - 2015-01-26 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MKV To AVI Converter
2015-01-26 09:04 - 2015-01-26 09:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Convert Audio Free
2015-01-26 09:02 - 2015-01-26 09:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software
2015-01-26 09:02 - 2015-01-26 09:11 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software
2015-01-26 09:00 - 2015-01-26 09:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-26 08:56 - 2015-01-26 08:56 - 00769552 _____ ( ) C:\Users\user\Downloads\mkvtoavi_setup(1).exe
2015-01-26 08:55 - 2015-01-26 08:57 - 09846483 _____ (Convert Audio Free) C:\Users\user\Downloads\mkvtoavi_setup.exe
2015-01-26 05:22 - 2015-01-26 05:22 - 00000000 ____D () C:\Windows\Sun
2015-01-26 05:21 - 2013-06-15 21:40 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-01-26 05:21 - 2013-06-15 21:40 - 00788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-01-26 05:20 - 2015-01-26 05:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 05:20 - 2015-01-26 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 05:18 - 2015-01-26 05:18 - 00639400 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u31.exe
2015-01-26 05:02 - 2015-01-26 05:02 - 00000000 ____D () C:\Windows\ERUNT
2015-01-26 04:32 - 2015-01-29 07:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 04:31 - 2015-01-26 04:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 04:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 04:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 04:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 04:23 - 2015-01-26 04:27 - 00000000 ____D () C:\AdwCleaner
2015-01-26 03:15 - 2015-01-29 07:51 - 00000000 ____D () C:\FRST
2015-01-26 00:21 - 2015-01-26 00:21 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 00:21 - 2015-01-26 00:21 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 00:21 - 2015-01-26 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 00:20 - 2015-01-26 00:20 - 04813544 _____ (Piriform Ltd) C:\Users\user\Downloads\CCleanerSetup.exe
2015-01-26 00:19 - 2015-01-26 00:19 - 00822416 _____ (%VENDOR%) C:\Users\user\Downloads\Ccleaner_Setup.exe
2015-01-26 00:16 - 2015-01-26 00:16 - 00297168 _____ () C:\Windows\Minidump\012615-21746-01.dmp
2015-01-25 20:17 - 2015-01-25 20:17 - 00008790 _____ () C:\Users\user\Downloads\If_I_Stay_2014_720p.torrent
2015-01-25 17:11 - 2015-01-25 17:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\LolClient
2015-01-25 17:10 - 2015-01-26 09:31 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-01-25 17:09 - 2015-01-25 18:47 - 00000805 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-01-25 16:41 - 2015-01-25 16:44 - 00097416 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.episodes.001.622.movies.1.12.specials.tv.specials.ova.torrent
2015-01-25 16:35 - 2015-01-25 16:40 - 00101162 _____ () C:\Users\user\Downloads\[kickass.so]one.piece.completing.series.001.589.torrent
2015-01-25 14:08 - 2015-01-25 14:08 - 00319422 _____ () C:\Users\user\Desktop\Mouse Recorder.exe
2015-01-25 13:18 - 2015-01-29 07:46 - 00011024 _____ () C:\Windows\PFRO.log
2015-01-25 13:15 - 2015-01-25 13:15 - 00000000 ____D () C:\Users\user\Documents\wondertouch
2015-01-25 13:00 - 2015-01-25 13:00 - 02752088 _____ () C:\Users\user\Downloads\LoLInstaller.exe
2015-01-25 13:00 - 2015-01-25 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Garena
2015-01-25 12:56 - 2015-01-29 07:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\GarenaPlus
2015-01-25 12:56 - 2015-01-25 12:56 - 00000857 _____ () C:\Users\Public\Desktop\Garena+.lnk
2015-01-25 12:55 - 2015-01-29 07:41 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-01-25 11:14 - 2015-01-25 11:18 - 71409120 _____ () C:\Users\user\Downloads\Garena+_Install.exe
2015-01-25 10:15 - 2015-01-25 10:18 - 25543261 _____ () C:\Users\user\Downloads\cce_2.5.242177.201_x64.zip
2015-01-25 10:10 - 2015-01-28 16:11 - 00007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-01-25 09:53 - 2015-01-25 09:53 - 00245680 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 09:49 - 2015-01-29 07:46 - 00000896 _____ () C:\Windows\setupact.log
2015-01-25 09:49 - 2015-01-25 09:50 - 00737672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 09:49 - 2015-01-25 09:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 04:30 - 2015-01-25 04:30 - 00038379 _____ () C:\Users\user\Downloads\[kickass.so]taylor.swift.1989.deluxe.edition.2014.flac.dmt.torrent
2015-01-24 23:40 - 2015-01-24 23:40 - 09052192 _____ (Cheat Engine ) C:\Users\user\Downloads\CheatEngine64.exe
2015-01-24 23:21 - 2015-01-24 23:21 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-24 22:46 - 2015-01-24 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-24 22:46 - 2015-01-24 22:45 - 00002092 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-24 22:45 - 2015-01-29 07:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-24 22:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-24 22:44 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-24 22:23 - 2015-01-24 22:24 - 02351936 _____ (Kaspersky Lab) C:\Users\user\Downloads\kis15.0.1.415en_es_pt_fr_de_it_ru_6887.exe
2015-01-24 20:05 - 2015-01-24 20:06 - 05164232 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayerDevelopment.exe
2015-01-23 02:59 - 2015-01-23 14:19 - 00000000 ____D () C:\Users\user\Desktop\yeah!
2015-01-21 21:38 - 2015-01-26 05:06 - 00000000 ____D () C:\Users\user\Desktop\CCE
2015-01-21 21:36 - 2015-01-21 21:36 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2015-01-21 21:36 - 2015-01-21 21:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-12 21:33 - 2015-01-12 21:33 - 00001307 _____ () C:\Users\user\Desktop\Play Plants vs. Zombies.lnk
2015-01-11 15:24 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Minecraft Vids
2015-01-08 03:11 - 2015-01-11 15:25 - 00000000 ____D () C:\Users\user\Desktop\Mods minecraft
2015-01-08 01:27 - 2015-01-08 01:59 - 00000000 ____D () C:\Users\user\Desktop\PS Xhae
2015-01-07 20:09 - 2015-01-25 05:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-07 20:07 - 2015-01-07 20:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-07 17:51 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\user\Desktop\Buknoy
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 07:51 - 2014-08-02 23:57 - 00970373 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 07:47 - 2013-04-26 02:29 - 16296960 ___SH () C:\Users\user\Desktop\Thumbs.db
2015-01-29 07:47 - 2012-10-22 09:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 07:46 - 2013-12-12 21:06 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-29 07:46 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 07:16 - 2012-10-22 09:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 01:05 - 2014-09-03 08:01 - 00000000 ____D () C:\LOLHT Configs v2
2015-01-28 21:22 - 2014-01-18 01:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-01-28 18:16 - 2014-01-19 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-01-26 09:11 - 2014-05-03 22:11 - 00001413 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-26 05:21 - 2013-06-15 21:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 05:20 - 2013-06-15 21:40 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-26 05:20 - 2013-06-15 21:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-26 05:20 - 2013-06-15 21:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-26 05:20 - 2013-06-15 21:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 05:03 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 05:03 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 04:54 - 2014-10-15 08:02 - 00000000 __SHD () C:\ProgramData\GLBHJF
2015-01-26 04:54 - 2009-07-14 15:46 - 00000000 ____D () C:\Windows\RemotePackages
2015-01-26 00:21 - 2012-10-22 10:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 00:16 - 2013-09-30 05:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 17:09 - 2013-12-26 04:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-01-25 15:56 - 2014-01-31 13:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2015-01-25 12:44 - 2014-10-23 07:04 - 00000000 ____D () C:\Program Files\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2015-01-25 12:44 - 2013-07-04 22:11 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2015-01-25 12:44 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-25 12:24 - 2014-01-07 10:40 - 00778356 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 12:24 - 2009-07-14 13:13 - 00778356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 09:41 - 2014-01-18 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-25 07:52 - 2014-11-26 17:36 - 00000000 ____D () C:\Users\user\Desktop\Inventory A+
2015-01-25 07:52 - 2014-05-04 07:07 - 00000000 ____D () C:\Program Files\particleIllusion 3.0
2015-01-25 07:52 - 2014-04-04 09:47 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-25 07:52 - 2014-01-19 20:23 - 00000000 ____D () C:\Program Files (x86)\Fraps Cracked
2015-01-25 07:52 - 2013-06-15 21:40 - 00424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2015-01-25 07:52 - 2013-02-06 09:53 - 00000000 ____D () C:\Program Files\TeraCopy
2015-01-25 07:52 - 2012-10-22 10:00 - 00000000 ____D () C:\Program Files (x86)\USB Disk Security
2015-01-24 23:56 - 2012-10-22 10:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 23:52 - 2012-10-22 10:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:52 - 2012-10-22 10:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 23:52 - 2012-10-22 10:05 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:48 - 2014-03-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
2015-01-24 23:48 - 2013-04-26 01:56 - 00000000 ____D () C:\Program Files\Photoshop
2015-01-24 23:09 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-24 23:09 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-24 23:09 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-24 20:06 - 2014-04-23 18:02 - 00000000 ____D () C:\Users\user\AppData\Local\Unity
2015-01-24 15:11 - 2012-10-22 09:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 15:11 - 2012-10-22 09:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 15:01 - 2014-04-09 08:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 21:07 - 2014-01-09 07:34 - 00000000 ____D () C:\Windows\pss
2015-01-21 14:22 - 2014-03-20 16:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-20 23:19 - 2009-07-14 10:34 - 00000256 _____ () C:\Windows\system.ini
2015-01-19 16:32 - 2014-10-25 11:22 - 00000000 ____D () C:\Users\user\Desktop\Folders
2015-01-16 20:09 - 2014-07-05 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft
2015-01-16 00:00 - 2014-12-19 02:09 - 00000000 ____D () C:\Users\user\Desktop\Xhae
2015-01-07 20:08 - 2012-10-22 10:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 13:13 - 2009-07-14 10:34 - 00001181 _____ () C:\Windows\win.ini
2015-01-01 20:38 - 2014-01-18 01:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2015-01-01 20:34 - 2014-03-20 16:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\PopCapv1003
2014-12-31 14:18 - 2014-12-20 20:55 - 00000000 ____D () C:\Users\user\Desktop\Tuts
 
==================== Files in the root of some directories =======
 
2013-06-15 21:40 - 2015-01-25 07:52 - 0424299 _____ () C:\Program Files (x86)\Yahoo Messenger.exe
2014-06-15 16:30 - 2014-06-15 16:30 - 0000000 _____ () C:\Users\user\AppData\Roaming\bitlord_log.txt
2014-03-25 15:15 - 2014-09-28 07:26 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2014-04-25 04:27 - 2014-04-25 04:27 - 0000038 ___SH () C:\Users\user\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-05-06 00:49 - 2014-12-15 03:06 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 20:44 - 2014-06-15 20:44 - 0000218 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-01-25 10:10 - 2015-01-28 16:11 - 0007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2013-03-08 16:34 - 2014-02-20 23:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 08:09
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by user at 2015-01-29 07:52:23
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Free MKV To AVI Converter (HKLM-x32\...\{B8FC77D9-B285-4813-B282-38AB72FD3C97}) (Version: 1.0.0 - Convert Audio Free)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
particleIllusion 3.0.9 (HKLM\...\{7ACFC44D-C367-4046-8FD2-C43F0664F4D3}   // gene~BAB03DBF_is1) (Version:  - GenArts, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Unity Web Player (HKU\S-1-5-21-2520790421-254736193-3744350732-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2520790421-254736193-3744350732-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-25 10:23 - 2015-01-25 10:23 - 00000821 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F107F86-55AA-4732-9ECF-2C807073E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {1680CE1E-78A8-445C-84A9-2C832B2E40F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {24B97489-E6AB-4CDD-AB01-2C6306C5CAC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {28697AAA-6066-415D-8F1A-DC13D1C74BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {55390104-93D8-4D47-954B-B988D583CF39} - System32\Tasks\{4100E0D1-1D42-49FB-99F4-8E82392962A7} => pcalua.exe -a "C:\Users\user\Downloads\dxwebsetup (1).exe" -d C:\Users\user\Downloads
Task: {5EA35B19-AB0A-40FD-B7B9-B18DA8CC93A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {5F650CA3-26A3-45CC-9002-0B58A20C48D8} - System32\Tasks\{3D2EA903-206E-4A57-8527-5337C32AF768} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {717E1ACD-17A6-461F-8BCF-254F32E42090} - System32\Tasks\{D92CD866-4062-47E7-91DF-8FB8FB860042} => pcalua.exe -a C:\Users\user\AppData\Roaming\.minecraft\Uninstall.exe -d C:\Users\user\AppData\Roaming\.minecraft
Task: {BA844042-1019-408B-B7FE-DA04641457B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C6EE4F5F-0D2E-44DD-A59C-3A1D9DBFC550} - System32\Tasks\{63C5E50E-84F0-4E09-81A1-1E1A9B2EAE82} => pcalua.exe -a C:\Users\user\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\user\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5920
Task: {D34EB5E2-97E7-4ED8-8BF3-4E5664101588} - System32\Tasks\{5EB0A5EB-5EF4-4226-9257-D0CBA1B438EB} => pcalua.exe -a "D:\GAMES\LAN GAMES\Diablo II\Copy of Diablo II.exe" -d "D:\GAMES\LAN GAMES\Diablo II"
Task: {DA055CDB-108D-4D86-86C9-0C700E75BAD6} - System32\Tasks\{0C4D2E39-1641-4A3D-A6D8-AD03574926D5} => pcalua.exe -a "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632\PeggleNightsSetup.exe" -d "D:\51 PopCap Games (2011-02-24)\Peggle Nights v1.0.3.6632"
Task: {DF5BE9C5-4670-4DC3-BDC4-CF5EE5481F0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {F3EB3F16-450B-4B8A-97C5-C0CBAAE0C23B} - System32\Tasks\{D14202EC-F9D1-4662-87A3-041237080A69} => pcalua.exe -a "C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe" -c  /uninstall
Task: {F7D319F0-217B-4EC3-9D51-ED116B1DC515} - System32\Tasks\{F807A5D2-6E6D-4F0C-815F-8BE0282084BB} => pcalua.exe -a "C:\Users\user\Desktop\Photoshop\Portable Adobe Photoshop CS4  Special Edition.exe" -d C:\Users\user\Desktop\Photoshop
Task: {FD4E9959-A752-4C4A-8B2C-DAEA6560AD0F} - System32\Tasks\{7F3D87BD-CAC5-49D0-917D-B6F5D28C1FBF} => pcalua.exe -a "C:\Users\user\Downloads\dotNetFx35setup (1).exe" -d C:\Users\user\Downloads
Task: {FEAF4E3F-CFBA-4AA7-9B3E-A35B036FF397} - System32\Tasks\gg_uac_daemon_user => D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520790421-254736193-3744350732-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-06 09:53 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-01-26 12:36 - 2015-01-26 12:36 - 01277952 _____ () C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe
2015-01-20 20:20 - 2015-01-20 20:20 - 00055896 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-01-20 20:20 - 2015-01-20 20:20 - 00560216 _____ () D:\GAMES\ONLINE GAMES\Garena Plus\ggspawn.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 07816192 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avcodec-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00188416 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avutil-52.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 01425920 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avformat-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00336896 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swscale-2.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00096256 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swresample-0.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-27 08:18 - 2015-01-25 14:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 08:18 - 2015-01-25 14:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 08:18 - 2015-01-25 14:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo Messenger!.lnk => C:\Windows\pss\Yahoo Messenger!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KakaoTalk => "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB Antivirus => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2520790421-254736193-3744350732-500 - Administrator - Disabled)
Guest (S-1-5-21-2520790421-254736193-3744350732-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2520790421-254736193-3744350732-1003 - Limited - Enabled)
user (S-1-5-21-2520790421-254736193-3744350732-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/29/2015 07:52:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/29/2015 07:50:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2015 07:50:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2015 07:47:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/26/2015 09:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Touch.exe, version: 1.0.0.1, time stamp: 0x535212e7
Faulting module name: Touch.exe, version: 1.0.0.1, time stamp: 0x535212e7
Exception code: 0x40000015
Fault offset: 0x0002f050
Faulting process id: 0x36e8
Faulting application start time: 0xTouch.exe0
Faulting application path: Touch.exe1
Faulting module path: Touch.exe2
Report Id: Touch.exe3
 
Error: (01/26/2015 09:12:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/26/2015 09:12:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/26/2015 09:05:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/26/2015 09:05:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
 
System errors:
=============
Error: (01/29/2015 07:50:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (01/29/2015 07:50:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/29/2015 07:50:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/29/2015 07:48:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
ohcmj
 
Error: (01/29/2015 07:48:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/29/2015 07:46:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The S service failed to start due to the following error: 
%%2
 
Error: (01/29/2015 07:46:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
%%1053
 
Error: (01/29/2015 07:46:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.
 
Error: (01/27/2015 03:01:20 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/27/2015 04:54:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/29/2015 07:52:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (01/29/2015 07:50:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2015 07:50:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2015 07:47:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/26/2015 09:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Touch.exe1.0.0.1535212e7Touch.exe1.0.0.1535212e7400000150002f05036e801d03907bb6c6306D:\GAMES\ONLINE GAMES\Touch\Touch.exeD:\GAMES\ONLINE GAMES\Touch\Touch.exe0bb6e358-a4fb-11e4-8e60-7427ea02c1d4
 
Error: (01/26/2015 09:12:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (01/26/2015 09:12:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (01/26/2015 09:05:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (01/26/2015 09:05:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-04 00:51:08.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:08.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:51:07.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\C9FE671E063D7EF.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:08.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:50:07.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\55111774BE9A8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-04 00:48:41.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\109D56A106AF13228.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 44%
Total physical RAM: 3977.05 MB
Available physical RAM: 2210.56 MB
Total Pagefile: 7952.29 MB
Available Pagefile: 5910.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:46.28 GB) (Free:6.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GAMES DRIVE) (Fixed) (Total:419.48 GB) (Free:17.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73DBDD46)
Partition 1: (Active) - (Size=46.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=419.5 GB) - (Type=05)
 
==================== End Of Log ============================
 
ESET:
 
C:\Users\All Users\GLBHJF\BBG.exe a variant of Win32/KeyLogger.Ardamax.NBP application
C:\Users\All Users\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe a variant of Win32/Adware.MultiPlug.ED application
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\defaulttab\DefaultTabHost.exe.vir Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\defaulttab\DefaultTabSearch.exe.vir a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir a variant of Win32/SProtector.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RegCleanPro.exe.vir a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir a variant of MSIL/Vittalia.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir Win32/Vittalia.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\uninstall.exe.vir Win32/Vittalia.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir a variant of MSIL/Vittalia.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\defaulttab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\defaulttab\DefaultTab\update.exe.vir a variant of Win32/Toolbar.DefaultTab.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\ProgramData\GLBHJF\BBG.exe a variant of Win32/KeyLogger.Ardamax.NBP application cleaned by deleting - quarantined
C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe a variant of Win32/Adware.MultiPlug.ED application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/Somoto.N potentially unwanted application deleted - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000001 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000002 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000003 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\user\Downloads\Ccleaner_Setup.exe a variant of Win32/InstallCore.WC potentially unwanted application deleted - quarantined
C:\Users\user\Downloads\mkvtoavi_setup(1).exe a variant of Win32/InstallCore.TL potentially unwanted application deleted - quarantined
D:\Files\Myrel\T-Shirt Hell    Sizing Calculator_files\T-Shirt Hell    Sizing Calculator_files.lnk LNK/Agent.AV trojan cleaned by deleting - quarantined
 
 
My CPU Usage still spikes to 100%


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 29 January 2015 - 10:19 AM

Hey, :)

Do you know this entry:

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.lnk
ShortcutTarget: Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.lnk -> C:\ProgramData\{c22796e6-2c6d-f246-c227-796e62c65b98}\Download 5 Seconds of Summer (a.k.a. 5SOS) - 5 Seconds of Summer (Deluxe Edition) [2014-Album] [320kbps] [MP3] [Original CD Rip + Bonus] - StarkReleases Torrent - KickassTorrents.exe ()


And what to you mean with "My CPU Usage still spikes to 100%"?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:48 PM

Posted 29 January 2015 - 11:19 AM

Nope my sister downloaded that.. Oh about the CPU Usage it's fine now :)



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:48 AM

Posted 30 January 2015 - 02:30 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users