Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web browser redirecting to adultcameras.info


  • This topic is locked This topic is locked
2 replies to this topic

#1 AdeQ

AdeQ

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 31 January 2015 - 11:54 AM

Few days ago i encountered an issue that from time to time my web browser (Google Chrome) redirects me to the ,,adultcameras.info'' website. When i was using Steam overlay we browser it happened in there too. I don't know what to do. Here i paste the logs from FRST(and Addition).

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Adrian (administrator) on ADRIAN-KOMPUTER on 31-01-2015 17:47:53
Running from E:\
Loaded Profiles: Adrian (Available profiles: Adrian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Arcabit) C:\Program Files\Arcabit\Common\ArcaConfSV.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Arcabit) C:\Program Files\Arcabit\ArcaAgent\ArcaRemoteSvc.exe
(Arcabit) C:\Program Files\Arcabit\ArcaTools\ArcaBackup\ArcaBackupService.exe
(Arcabit) C:\Program Files\Arcabit\ArcaUpdate\update.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Arcabit) C:\Program Files\Arcabit\ArcaVir\ArcaMainSV.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Arcabit) C:\Program Files\Arcabit\ArcaVir\AVMenu.exe
(Spotify Ltd) C:\Users\Adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe
() C:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe
(ArcaBit) C:\Program Files\Arcabit\Common\ArcaTasksService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVMENU] => C:\Program Files\Arcabit\ArcaVir\AVMenu.exe [556016 2014-12-19] (Arcabit)
HKLM\...\Run: [ARCACLEAN] => C:\Program Files\Arcabit\ArcaVir\ArcaClean.exe [60056 2014-11-04] (ArcaBit)
HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Run: [Spotify Web Helper] => C:\Users\Adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-11] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1698090437-1361364037-516066693-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1698090437-1361364037-516066693-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\x1ffi9wo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1698090437-1361364037-516066693-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Adrian\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1698090437-1361364037-516066693-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Adrian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1698090437-1361364037-516066693-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF Extension: BPH Sign Plugin - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\x1ffi9wo.default\Extensions\SignPlugin@bph.pl [2013-04-09]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.pl/
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dysk Google) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Minicraft) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmcbnimmnfgkejageekigoemiclmapo [2013-03-06]
CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-06]
CHR Extension: (Adblock Plus) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-06]
CHR Extension: (Szukaj w Google) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-06]
CHR Extension: (Alienware Theme) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\edniapajcmmgfcgpbjeelocndjnmhikl [2013-09-21]
CHR Extension: (Twitch Stream) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaicoojlfoococemdcaollmhaiolole [2014-09-10]
CHR Extension: (Arcane Legends) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-03-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-28]
CHR Extension: (Strumienie z Ruczaju) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfopjimlhbikohbmjagioiomhmfhodam [2013-08-18]
CHR Extension: (Pocket Legends) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-06]
CHR HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Adrian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-21]
CHR HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABConfSV; C:\Program Files\Arcabit\common\arcaconfsv.exe [206304 2014-11-04] (Arcabit)
R2 ABMainSV; C:\Program Files\Arcabit\arcavir\arcamainsv.exe [239800 2015-01-19] (Arcabit)
R2 ArcaRemoteService; C:\Program Files\Arcabit\arcaagent\arcaremotesvc.exe [1007656 2014-11-27] (Arcabit)
R2 AVBackup; C:\Program Files\Arcabit\arcatools\arcabackup\arcabackupservice.exe [257304 2014-11-04] (Arcabit)
R2 AVTasks2; C:\Program Files\Arcabit\common\arcatasksservice.exe [200136 2014-11-04] (ArcaBit)
R2 AVUpdate; C:\Program Files\Arcabit\arcaupdate\update.exe [326296 2014-12-29] (Arcabit)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-26] (BitRaider, LLC)
S4 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-02] ()
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32984 2013-07-12] (Razer)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759248 2013-10-27] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ABFLT; C:\Program Files\Arcabit\ArcaVir\ABFLT.sys [85232 2014-11-04] (ArcaBit)
S3 ABndis; C:\Windows\System32\DRIVERS\abndis.sys [49904 2014-11-04] (ArcaBit)
R3 ABndisMP; C:\Windows\System32\DRIVERS\abndis.sys [49904 2014-11-04] (ArcaBit)
R1 arcawfp; C:\Windows\System32\drivers\arcawfp.sys [60104 2015-01-31] (NetFilterSDK.com)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-09-20] ()
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-28] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-06] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-10] (Echobit, LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-09-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-18] ()
S3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 ABWFP; \??\C:\Program Files\Arcabit\ArcaVir\ABWFP.sys [X]
S3 catchme; \??\C:\1234\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ESEADriver2; \??\C:\Users\Adrian\AppData\Local\Temp\ESEADriver2.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 RzDxgk; \??\C:\Windows\system32\drivers\RzDxgk.sys [X]
S0 RzFilter; system32\drivers\RzFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\FRST
2015-01-31 17:18 - 2015-01-31 17:18 - 00067344 _____ () C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 14:36 - 2015-01-31 17:33 - 00000668 _____ () C:\Windows\PFRO.log
2015-01-31 13:42 - 2015-01-31 17:37 - 00028525 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 13:39 - 2015-01-31 17:33 - 00000560 _____ () C:\Windows\setupact.log
2015-01-31 13:39 - 2015-01-31 13:39 - 00297032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 13:39 - 2015-01-31 13:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 13:26 - 2015-01-31 13:28 - 00005128 _____ () C:\Users\Adrian\Desktop\Rkill.txt
2015-01-22 18:50 - 2015-01-22 18:56 - 00639400 _____ (Oracle Corporation) C:\Users\Adrian\Desktop\chromeinstall-8u31.exe
2015-01-19 13:24 - 2015-01-30 23:43 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Purplizer
2015-01-18 16:57 - 2015-01-18 16:57 - 00000549 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000549 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
2015-01-09 18:10 - 2015-01-31 17:13 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppPBZTE MF823
2015-01-09 18:10 - 2015-01-31 17:13 - 00000000 ____D () C:\Program Files (x86)\ZTE MF823
2015-01-04 22:51 - 2015-01-30 23:32 - 00000000 ____D () C:\Users\Adrian\Documents\Assassin's Creed Unity
2015-01-04 22:50 - 2015-01-04 22:50 - 00000835 _____ () C:\Users\Adrian\Desktop\Assassin`s Creed Unity.lnk
2015-01-04 20:58 - 2015-01-20 13:54 - 00000000 ____D () C:\Users\Adrian\Desktop\Wizytówka
2015-01-01 01:47 - 2015-01-01 01:47 - 00000000 ____D () C:\Users\Adrian\Documents\WBGames
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 17:41 - 2009-07-14 05:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:41 - 2009-07-14 05:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:38 - 2013-03-06 18:00 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 17:34 - 2014-11-04 17:57 - 00060104 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\arcawfp.sys
2015-01-31 17:34 - 2014-10-10 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 17:33 - 2013-03-06 16:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-31 17:33 - 2013-03-06 16:46 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 17:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 17:32 - 2014-10-13 17:02 - 00000000 ____D () C:\AdwCleaner
2015-01-31 17:32 - 2013-12-30 01:44 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Spotify
2015-01-31 17:32 - 2013-10-05 23:37 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Battle.net
2015-01-31 17:32 - 2013-03-06 17:43 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Skype
2015-01-31 17:24 - 2013-03-06 16:46 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:38 - 2014-10-11 22:10 - 00000000 ____D () C:\Qoobox
2015-01-31 13:30 - 2013-05-25 21:35 - 00000000 ____D () C:\Users\Adrian\AppData\Local\CrashDumps
2015-01-31 13:30 - 2013-04-18 15:10 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\uTorrent
2015-01-31 13:30 - 2013-03-06 17:22 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Winamp
2015-01-31 13:30 - 2013-03-06 17:04 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\DAEMON Tools Pro
2015-01-31 13:22 - 2014-10-14 12:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-31 12:28 - 2014-10-10 15:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 12:28 - 2014-10-10 15:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 23:43 - 2013-10-19 21:53 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TS3Client
2015-01-30 17:51 - 2013-03-29 09:32 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Overwolf
2015-01-29 17:19 - 2013-08-15 18:48 - 00000000 ____D () C:\ProgramData\ipla
2015-01-29 17:18 - 2013-08-15 18:48 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\ipla
2015-01-28 22:52 - 2014-09-21 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-27 02:28 - 2013-03-06 16:46 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 20:00 - 2013-12-30 01:48 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Spotify
2015-01-26 18:08 - 2011-04-12 14:21 - 16125148 _____ () C:\Windows\system32\perfh015.dat
2015-01-26 18:08 - 2011-04-12 14:21 - 05452560 _____ () C:\Windows\system32\perfc015.dat
2015-01-26 18:08 - 2009-07-14 06:13 - 00006260 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 01:18 - 2014-05-14 20:53 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-24 23:39 - 2013-03-06 18:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:39 - 2013-03-06 18:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 23:39 - 2013-03-06 18:00 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-20 14:14 - 2013-03-09 13:49 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Skyrim
2015-01-19 13:22 - 2014-06-02 20:10 - 00000000 ____D () C:\ProgramData\Overwolf
2015-01-18 17:14 - 2013-03-08 21:55 - 00000000 ____D () C:\ProgramData\Steam
2015-01-18 17:00 - 2013-10-12 13:10 - 00000000 ____D () C:\Users\Adrian\AppData\Local\My Games
2015-01-18 17:00 - 2013-03-07 17:41 - 00000000 ____D () C:\Users\Adrian\Documents\My Games
2015-01-18 00:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 08:07 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 22:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 17:31 - 2014-03-05 16:42 - 00007605 _____ () C:\Users\Adrian\AppData\Local\resmon.resmoncfg
2015-01-03 11:10 - 2013-10-10 20:54 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2015-01-03 01:28 - 2013-10-11 17:59 - 00000000 ____D () C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2013-10-01 21:20 - 2013-10-01 20:21 - 0012005 _____ () C:\Users\Adrian\AppData\Roaming\alsoft.ini
2013-07-29 23:01 - 2013-08-01 10:13 - 0034816 _____ () C:\Users\Adrian\AppData\Roaming\RZR_0020b24f4ecc9eb82ea9c47d1df4.db
2013-12-19 15:19 - 2014-10-10 15:24 - 0000179 _____ () C:\Users\Adrian\AppData\Roaming\WB.CFG
2013-12-11 21:47 - 2014-12-17 21:50 - 0007168 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 11:00 - 2014-04-05 11:00 - 0000000 ___SH () C:\Users\Adrian\AppData\Local\LumaEmu
2014-12-16 23:07 - 2014-12-16 23:07 - 0006918 _____ () C:\Users\Adrian\AppData\Local\recently-used.xbel
2014-03-05 16:42 - 2015-01-04 17:31 - 0007605 _____ () C:\Users\Adrian\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\Adrian\jagex_cl_runescape_LIVE.dat
C:\Users\Adrian\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 22:48
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Adrian at 2015-01-31 17:48:23
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Arcabit (Enabled - Up to date) {3D4BAC72-8320-7261-922E-53298162DC7D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Arcabit (Enabled - Up to date) {862A4D96-A51A-7DEF-A89E-685BFAE596C0}
FW: Arcabit Firewall (Enabled) {05702D57-C94F-7339-B971-FA1C7FB19B06}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Assassin`s Creed Unity» 1.2.0.0 (HKLM-x32\...\«Assassin`s Creed Unity»_is1) (Version: 1.2.0.0 - Ubisoft)
µTorrent (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
Aktualizacje NVIDIA 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
Alien Rage - Unlimited (HKLM-x32\...\Steam App 217920) (Version:  - CI Games)
ALLMediaServer (HKLM-x32\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 0.94 - ALLCinema Ltd.)
ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version:  - ALLCinema Ltd.)
Any Video Converter 5.6.2 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Arcabit (HKLM\...\Arcabit) (Version: 2014 - Arcabit)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) <==== ATTENTION!
Detektor Winampa (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dustforce (HKLM-x32\...\Steam App 65300) (Version:  - Hitbox Team)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
From Dust (HKLM-x32\...\{578485F8-60F3-4C61-9183-0698E581B902}) (Version: 1.00.003 - Ubisoft)
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{1B5A737F-ADEC-46DF-9539-B49D0828A175}) (Version: 1.00.000 - Piranha Bytes)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
ipla 2.8.4 (HKLM-x32\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
MailShare (HKLM\...\{5846E720-C188-478F-B501-45EA1ACC44D1}_is1) (Version: 2.1.5 - MailShare.pl)
Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mumble 1.2.4 (HKLM-x32\...\{62C4063B-948A-4C89-801B-A0B64DE4FF5B}) (Version: 1.2.4 - Thorvald Natvig)
NEO Scavenger (HKLM-x32\...\Steam App 248860) (Version:  - Blue Bottle Games)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 141218.99200 - Square Enix Ltd)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
OlliOlli (HKLM-x32\...\Steam App 274250) (Version:  - Roll7)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Panel sterowania NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Playfire (HKLM-x32\...\{a578a869-0c77-485f-978c-b022027fd9ff}) (Version: 0.0.52.0 - Playfire)
Playfire (x32 Version: 0.0.52.0 - Playfire) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.17 - Razer Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Robocraft version 0.3.204 (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.204 - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.0.0 - Rockstar Games)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SOE Web Installer (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Spotify (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Wars® Knights of the Old Republic® COLLECTION (HKLM-x32\...\{18B4F6B3-C2FA-4615-BB61-7DF02E16AA4E}) (Version: 1.00.0000 - LucasArts)
StarForge (HKLM-x32\...\Steam App 227680) (Version:  - CodeHatch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System.Data.SQLite v1.0.90.0 (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.90.0 - System.Data.SQLite Team)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1) (Version: 1 - )
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-1698090437-1361364037-516066693-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1698090437-1361364037-516066693-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1698090437-1361364037-516066693-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1698090437-1361364037-516066693-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1698090437-1361364037-516066693-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1698090437-1361364037-516066693-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-10-13 19:38 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10B76FE3-6695-4B2E-842E-C70EDE5C0525} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {173ADCE1-FB64-4B66-A984-DB09435698F8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {1A6E6B43-5134-48F3-97EE-0616574EBCB0} - System32\Tasks\{40FAE2B5-3394-45C6-A49A-C930373A6095} => E:\DFInstall\DFCD\INSTALL.EXE [1996-09-05] ()
Task: {2BFD7FBF-A3FF-4957-81EB-F5052DE5D022} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {50E32CA3-8960-4275-8DA0-65CB050D2124} - System32\Tasks\{18295092-810A-4C20-B2AB-ED74976CB54F} => E:\Dead Space\Dead Space 3\__Installer\Touchup.exe
Task: {7CF10FF7-1282-455A-8F6B-D8CF8388F1EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {7F5142ED-9594-4B0B-B5FC-6AE32ECB3C61} - System32\Tasks\{73956340-2C71-4452-883E-E11AAF82A423} => E:\DFInstall\DFCD\INSTALL.EXE [1996-09-05] ()
Task: {9B21DEBD-ABD3-466F-A957-0F4D7E4830CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {BC42AEAD-C96B-493A-A4FE-A18A2DA0592B} - System32\Tasks\{74FC3637-F15C-4DA6-A970-CB0FDB17E4C5} => E:\DFInstall\DFCD\INSTALL.EXE [1996-09-05] ()
Task: {C6C2D551-D40C-4236-AD06-9F3482821CFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {C6C76EB3-5D06-4CC7-BD36-CE8A07002EC0} - System32\Tasks\{ECA0C791-8A1D-4F6D-A455-EE67408D353A} => E:\Dead Space\Dead Space 3\__Installer\Cleanup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-06 16:54 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-06 17:43 - 2014-08-02 19:31 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-25 08:31 - 2014-12-29 12:34 - 00066824 _____ () C:\Program Files\Arcabit\arcavir\arcascan\scanenginedll.dll
2014-11-04 17:56 - 2014-12-04 17:10 - 00397384 _____ () C:\Program Files\Arcabit\Common\ProtocolFilters.dll
2014-11-04 17:56 - 2014-12-04 17:10 - 00162544 _____ () C:\Program Files\Arcabit\Common\nfapi.dll
2014-12-28 19:15 - 2015-01-30 19:56 - 00483432 _____ () C:\Program Files\Arcabit\arcavir\arcascan\ScanEngineCon.exe
2014-12-28 14:23 - 2015-01-06 20:31 - 06221544 _____ () C:\Program Files\Arcabit\arcavir\arcascan\V8.dll
2015-01-27 02:28 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 02:28 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 02:28 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 02:28 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: EslWireHelper => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\startupfolder: C:^Users^Adrian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailShare.lnk => C:\Windows\pss\MailShare.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => C:\Program Files (x86)\Origin\Origin.exe -AutoStart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_257F9E5159429344AA5489535C1FAD3E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\OSCAR Editor X7\\OscarEditor.exe" Minimum
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Adrian\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\Adrian\AppData\Roaming\Web Cake\WebCakeDesktop.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Adrian\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1698090437-1361364037-516066693-500 - Administrator - Disabled)
Adrian (S-1-5-21-1698090437-1361364037-516066693-1000 - Administrator - Enabled) => C:\Users\Adrian
Gość (S-1-5-21-1698090437-1361364037-516066693-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1698090437-1361364037-516066693-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Kontroler magistrali zarządzania systemem
Description: Kontroler magistrali zarządzania systemem
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2015 05:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2015 02:38:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2015 01:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Usługa Windows Search jest zatrzymywana, ponieważ wystąpił problem z indeksatorem: The catalog is corrupt.
 
Szczegóły:
Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Nie można zainicjować indeksu.
 
Szczegóły:
Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Nie można zainicjować aplikacji.
 
Kontekst: aplikacja Windows
 
Szczegóły:
Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Nie można zainicjować obiektu programu zbierającego.
 
Kontekst: aplikacja Windows, wykaz SystemIndex
 
Szczegóły:
Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.TripoliIndexer>.
 
Kontekst: aplikacja Windows, wykaz SystemIndex
 
Szczegóły:
Nie można odnaleźć elementu.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.JetPropStore>.
 
Kontekst: aplikacja Windows, wykaz SystemIndex
 
Szczegóły:
Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/31/2015 01:40:39 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Usługa Windows Search nie może załadować informacji z magazynu właściwości.
 
Kontekst: aplikacja Windows, wykaz SystemIndex
 
Szczegóły:
Serwer indeksu zawartości nie może zaktualizować informacji albo uzyskać do nich dostępu z powodu błędu bazy danych. Zatrzymaj i uruchom ponownie usługę wyszukiwania. Jeżeli problem będzie się powtarzać, zresetuj i ponownie przeszukaj indeks zawartości. W niektórych przypadkach konieczne może być usunięcie i ponowne utworzenie indeksu zawartości.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
System errors:
=============
Error: (01/31/2015 05:35:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:23 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:19 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:15 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
Error: (01/31/2015 05:35:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-02 11:26:17.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-02 11:26:17.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-02 11:26:17.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-02 11:26:17.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-02 11:26:17.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-02 11:26:17.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-01 12:28:11.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-01 12:28:11.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-01 12:28:11.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-01 12:28:11.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8136.16 MB
Available physical RAM: 5568.84 MB
Total Pagefile: 16270.5 MB
Available Pagefile: 13053.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:79.29 GB) (Free:12.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:287.11 GB) (Free:3.13 GB) NTFS
Drive e: () (Fixed) (Total:286.14 GB) (Free:21.95 GB) NTFS
Drive f: () (Fixed) (Total:275.64 GB) (Free:3.76 GB) NTFS
Drive g: (CD-Action 01/2015 DVD2) (CDROM) (Total:7.9 GB) (Free:0 GB) UDF
Drive j: (Grid 2) (CDROM) (Total:3.03 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 36BFB50A)
Partition 1: (Active) - (Size=79.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=275.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:28 AM

Posted 03 February 2015 - 11:31 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:28 AM

Posted 07 February 2015 - 08:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users