Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger and remote controller were found on computer


  • This topic is locked This topic is locked
28 replies to this topic

#1 yeltsyn

yeltsyn

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 02 February 2015 - 09:12 AM

I was referred on this forum by buddy215, as he has found keyloggers and a lot more on my computer, including some that are capable of controlling my computer. He referred me here as he mentioned that there may be more than what has been found and removed. I checked my IP on project honeypot and it listed some of the things that it committed such as spamming other people. Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Demo (administrator) on DEMO-PC on 02-02-2015 21:59:25
Running from C:\Users\Demo\Desktop
Loaded Profiles: Demo (Available profiles: Demo & Test & Guest)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Facebook Inc.) C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-17] (VIA)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [Facebook Update] => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-05] (Facebook Inc.)
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Sun Broadband Wireless\Sun Broadband Wireless
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {005420b2-1200-11e3-8047-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0969e5c9-a5c8-11e3-b65c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0aa1e71e-99f3-11e3-a450-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac923-0865-11e3-95c0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac94f-0865-11e3-95c0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac95b-0865-11e3-95c0-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0dd4003f-6c5b-11e3-b6dc-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0f2c7b40-318a-11e3-91cd-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0f2c7ba3-318a-11e3-91cd-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {11437ac2-51cc-11e3-a0e4-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {1190ec93-6dea-11e3-a326-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {12457c13-4454-11e3-a4c5-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {16a37a09-2cd4-11e3-9bda-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {16a37a1f-2cd4-11e3-9bda-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {17788dde-3643-11e3-a388-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {25a26165-059a-11e3-8941-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {28a9cb58-5d6f-11e3-8584-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {29509693-d808-11e3-8b9a-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2b65fbb4-df23-11e3-b34d-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2d5c5860-82ef-11e3-8eab-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2e19df15-e8ca-11e3-88ab-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3115ec8c-8341-11e3-a572-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {32c12dea-0fbc-11e3-9723-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3688b636-fda0-11e2-8200-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {39e12deb-9d3c-11e3-8d47-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3aba6f5a-0ad4-11e3-9a38-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3cd1f928-8498-11e3-889e-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3d4ed826-3b04-11e3-a0c5-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3daecb8b-5a39-11e3-bb00-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3e13bf24-3262-11e3-9c1b-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {4adb2ed3-be0f-11e3-8310-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {50bec882-5bfe-11e3-bce0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {56eee415-2742-11e3-8fa4-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {5da6beb9-6baa-11e3-8461-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {64fc1805-0982-11e3-b930-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {65892913-950d-11e3-adc1-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {66ee51a4-1102-11e3-881a-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {6a0f72b7-24fa-11e3-8e80-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {71a1e4cc-fe9b-11e3-ba38-1078d2571942} - J:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {722ef59a-ea31-11e3-9d87-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {91b39794-8a7a-11e3-b025-d8046a7bd431} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {97c87edc-0af4-11e3-88a4-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {9c527c0b-5100-11e3-80c7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {a0b62f9e-0aed-11e3-92c7-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {a5a27aed-949d-11e3-9ca7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {abb2b2dd-d67a-11e3-ac8c-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {ad6a1fb2-95d6-11e3-9909-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b389af57-44f5-11e3-80a1-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b7bd7a9d-2b57-11e3-8832-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b9f7636c-f681-11e2-8f85-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {bc8bd07c-9a88-11e3-adff-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {c22e3f69-4043-11e3-85df-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {c8d0016b-8483-11e3-ae0e-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {cbf5cb19-b496-11e3-b32c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {cbf5cb71-b496-11e3-b32c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {d7496381-5814-11e3-bef3-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {d879abf7-6235-11e3-9658-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dacfb13b-81b9-11e3-b35c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dbb0915f-f393-11e2-a381-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dc6b3caf-3885-11e3-ad84-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {de77d030-fc50-11e3-9a17-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e094873a-3a4a-11e3-813b-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e2add783-256f-11e3-b215-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e87f21f3-0023-11e3-8e09-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {eb97a5a8-2697-11e3-bfeb-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {ec476a43-6adb-11e3-80c6-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {f2cd2cf8-62fc-11e3-a0b7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {fb5cff40-2121-11e3-a1d2-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {fef76ae9-6c6f-11e3-8603-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Demo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st QuickRes.lnk
ShortcutTarget: 1st QuickRes.lnk -> C:\Program Files (x86)\1stQRes\1stqres.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartgooglesearch.blogspot.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: @eximion.com/KalydoPlayer -> C:\Users\Demo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Demo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: facebook.com/fbDesktopPlugin -> C:\Users\Demo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-02]
FF HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-01-27]
FF Extension: No Name - C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Matthew Williamson) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhneppoibdckggbphlddbkdfnipiklp [2014-07-05]
CHR Extension: (Google Drive) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-06]
CHR Extension: (YouTube) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (Guitarist's Reference) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2012-12-13]
CHR Extension: (Adblock Plus) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-04]
CHR Extension: (Google Search) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (Skyline Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfikbdbjhcikedkehojkcdpbaaahjjjk [2013-01-31]
CHR Extension: (Full Screen Weather) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-11-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]
CHR Extension: (Digital Clock) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2012-11-27]
CHR Extension: (Island Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakknllcnbolbdkpnoichbhabdjeajm [2013-01-31]
CHR Extension: (Fileminx) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-19]
CHR Extension: (3D Parking) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgjnhabcgahcfdembgboapbefikbmld [2012-12-13]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2012-11-27]
CHR Extension: (Bastion) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2012-12-13]
CHR Extension: (Gmail) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [kgbppieccdbeegcnekkgcnhdkloboddo] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-01-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HPSLPSVC; C:\Users\Demo\AppData\Local\Temp\7zS7E8C\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206216 2013-10-04] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-12-06] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-29] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
U4 Messenger; No ImagePath
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 21:59 - 2015-02-02 21:59 - 00031880 _____ () C:\Users\Demo\Desktop\FRST.txt
2015-02-02 21:59 - 2015-02-02 21:59 - 00000000 ____D () C:\FRST
2015-02-02 21:54 - 2015-02-02 21:58 - 02131456 _____ (Farbar) C:\Users\Demo\Desktop\FRST64.exe
2015-02-02 19:51 - 2015-02-02 19:51 - 09125024 _____ () C:\Users\Test\Downloads\Combined Face Replacer.zip
2015-02-02 18:15 - 2015-02-02 19:22 - 00002081 _____ () C:\Users\Test\Desktop\english.txt
2015-02-01 21:33 - 2015-02-01 21:33 - 02347384 _____ (ESET) C:\Users\Test\Downloads\esetsmartinstaller_enu.exe
2015-02-01 21:33 - 2015-02-01 21:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-01 21:31 - 2015-02-01 21:31 - 00001018 _____ () C:\Users\Test\Desktop\JRT.txt
2015-02-01 21:27 - 2015-02-01 21:27 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 21:25 - 2015-02-01 21:26 - 01707939 _____ (Thisisu) C:\Users\Test\Downloads\JRT.exe
2015-02-01 21:24 - 2015-02-01 21:24 - 00005430 _____ () C:\Users\Test\Desktop\AdwCleaner[S1].txt
2015-02-01 21:22 - 2015-02-01 21:22 - 00000556 _____ () C:\Windows\PFRO.log
2015-02-01 21:16 - 2015-02-02 21:45 - 00096220 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:16 - 2015-02-02 21:41 - 00001008 _____ () C:\Windows\setupact.log
2015-02-01 21:16 - 2015-02-01 21:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 20:52 - 2015-02-01 20:56 - 02194432 _____ () C:\Users\Test\Desktop\AdwCleaner.exe
2015-01-31 17:33 - 2015-01-31 17:33 - 00028748 _____ () C:\Users\Test\Desktop\lucy.(2014).eng.1cd.(5989342).zip
2015-01-31 17:28 - 2015-01-31 18:37 - 00000000 ____D () C:\Users\Test\Downloads\Alexander and the Terrible, Horrible, No Good, Very Bad Day (2014)
2015-01-31 14:37 - 2015-01-31 15:08 - 105342339 _____ () C:\Users\Test\Desktop\mb_warband_upgrade_1100_to_1166.exe
2015-01-31 14:36 - 2015-01-31 14:36 - 00000000 ____D () C:\Users\Test\Desktop\Mount&Blade Warband Savegames
2015-01-30 18:00 - 2015-01-30 18:18 - 103908756 _____ () C:\Users\Test\Desktop\mb_warband_upgrade_1100_to_1165.zip
2015-01-30 17:15 - 2015-01-30 18:18 - 00000000 ____D () C:\Users\Test\Documents\Mount&Blade Warband Savegames
2015-01-30 17:13 - 2015-02-02 20:42 - 00000000 ____D () C:\Users\Test\Documents\Mount&Blade Warband
2015-01-30 17:13 - 2015-02-01 13:28 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Mount&Blade Warband
2015-01-30 17:12 - 2015-01-30 17:12 - 00000889 _____ () C:\Users\Test\Desktop\Mount and Blade Warband.lnk
2015-01-30 17:12 - 2015-01-30 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade Warband
2015-01-30 17:07 - 2015-01-31 17:33 - 00000000 ____D () C:\Users\Test\Downloads\Lucy.2014.1080p.Dual-WOLVERDONFILMES.COM
2015-01-30 17:07 - 2015-01-30 17:07 - 00040560 _____ () C:\Users\Test\Desktop\[kickass.so]lucy.2014.bluray.1080p.dual.audio.torrent
2015-01-30 17:07 - 2015-01-30 17:07 - 00003643 ____R () C:\Users\Test\Downloads\Lucy.2014.1080p.Dual-WOLVERDONFILMES.COM.srt
2015-01-30 16:30 - 2015-01-30 16:39 - 00000000 ____D () C:\Users\Test\Downloads\MB_WARBAND_R.G.ILITA
2015-01-26 01:05 - 2015-01-26 01:05 - 00212628 _____ () C:\Users\Test\Desktop\MISTAKENLY MEANT FOR YOU [TO BE PUBLISHED].txt
2015-01-23 22:34 - 2015-01-23 22:34 - 00000726 _____ () C:\Users\Test\Desktop\horseisle2.txt
2015-01-19 19:00 - 2015-01-19 19:00 - 00426846 _____ () C:\Users\Test\Desktop\speedo-backup.wft
2015-01-18 22:19 - 2015-01-18 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response
2015-01-18 16:27 - 2015-01-20 20:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Test\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Demo\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-01-16 16:20 - 2015-01-16 16:20 - 00000979 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-16 12:40 - 2015-02-02 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 12:40 - 2015-01-16 12:40 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 12:40 - 2015-01-16 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 12:40 - 2015-01-16 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 12:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 12:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 12:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 18:10 - 2015-01-14 18:21 - 00000000 ____D () C:\Users\Test\Downloads\The Judge (2014)
2015-01-14 18:10 - 2015-01-14 18:10 - 00033333 _____ () C:\Users\Test\Desktop\os3h18s.zip
2015-01-14 16:56 - 2015-01-14 18:10 - 00000000 ____D () C:\Users\Test\Downloads\Perfect Sisters (2014)
2015-01-09 20:27 - 2015-01-10 14:26 - 00000000 ____D () C:\ProgramData\RELOADED
2015-01-09 20:14 - 2015-01-09 20:14 - 00001232 _____ () C:\Users\Test\Desktop\Play Dishonored nosTEAM.lnk
2015-01-09 17:27 - 2015-01-18 16:39 - 00000000 ____D () C:\Users\Test\Desktop\Quotes
2015-01-08 18:29 - 2015-01-08 18:33 - 40673334 _____ () C:\Users\Test\Desktop\Nogizaka46 - Natsuno Free&Easy.mp4
2015-01-06 21:10 - 2013-04-23 16:50 - 01531392 _____ (Home of Gamehacking) C:\Users\Test\Desktop\sims3v15056+4tr.exe
2015-01-06 21:10 - 2013-04-23 16:21 - 00010891 _____ () C:\Users\Test\Desktop\sILeNt heLLsCrEAm.nfo
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 21:49 - 2009-07-14 12:45 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 21:49 - 2009-07-14 12:45 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 21:33 - 2013-02-19 19:54 - 00000000 ____D () C:\Users\Test\AppData\Roaming\vlc
2015-02-02 20:26 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 03:28 - 2013-05-03 09:38 - 00000000 ____D () C:\Users\Test\Desktop\Games
2015-02-02 02:58 - 2014-03-29 19:36 - 00000000 ____D () C:\Users\Demo\Desktop\WindForge.HI2U
2015-02-02 02:56 - 2014-02-20 15:18 - 00000000 ____D () C:\Users\Demo\Desktop\Utility
2015-02-02 02:56 - 2014-02-15 20:25 - 00000000 ___RD () C:\Users\Demo\Desktop\Games
2015-02-02 02:54 - 2014-11-23 16:49 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-02-01 21:21 - 2014-08-01 18:02 - 00000000 ____D () C:\AdwCleaner
2015-02-01 21:16 - 2014-06-16 20:01 - 00000000 ____D () C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2015-02-01 21:16 - 2013-02-20 15:20 - 00000000 ____D () C:\Users\Test\AppData\Roaming\uTorrent
2015-02-01 21:15 - 2013-07-27 13:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 21:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Cursors
2015-02-01 21:09 - 2014-10-29 19:23 - 00000000 ____D () C:\Users\Test\Desktop\apk
2015-02-01 21:09 - 2014-10-29 19:22 - 00000000 ____D () C:\Users\Test\Desktop\gta4
2015-02-01 21:09 - 2014-03-16 21:27 - 00000000 ____D () C:\Users\Test\Desktop\Banished_V1.00_32bit-64bit_Trainer_plus9
2015-02-01 13:20 - 2013-03-10 09:24 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2015-01-30 17:13 - 2013-07-04 17:55 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-27 19:46 - 2014-10-01 17:05 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 19:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-16 16:20 - 2013-12-29 21:05 - 00000000 ____D () C:\Users\Test\AppData\Roaming\WinRAR
2015-01-16 16:20 - 2012-11-05 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-16 12:59 - 2014-10-29 19:27 - 00000000 ____D () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
2015-01-16 12:59 - 2014-10-17 12:38 - 00000000 ____D () C:\Windows\pss
2015-01-16 12:56 - 2012-11-11 13:51 - 00000000 ____D () C:\Users\Demo\AppData\Local\CRE
2015-01-16 12:32 - 2013-07-04 18:28 - 00000000 ____D () C:\Program Files (x86)\Cube World
2015-01-13 23:32 - 2013-03-04 14:21 - 00002050 __RSH () C:\ProgramData\ntuser.pol
2015-01-09 20:27 - 2013-02-22 19:14 - 00000000 ____D () C:\Users\Test\Documents\My Games
2015-01-07 20:31 - 2015-01-01 15:39 - 00330752 _____ () C:\Users\Test\Documents\Newsletter.pub
2015-01-05 21:45 - 2013-02-23 21:00 - 00000000 ___RD () C:\Users\Test\Desktop\Anime pics
 
==================== Files in the root of some directories =======
 
2014-04-11 18:43 - 2013-06-19 12:23 - 0000088 _____ () C:\Program Files (x86)\update-oblivion.bat
2014-04-11 18:43 - 2012-06-15 18:24 - 0003153 _____ () C:\Program Files (x86)\www.nosteam.ro.html
2013-02-16 15:56 - 2013-02-16 15:56 - 0001456 _____ () C:\Users\Demo\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-11-06 08:47 - 2013-02-21 19:32 - 0027136 _____ () C:\Users\Demo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-15 19:32 - 2013-02-08 20:25 - 0130034 _____ () C:\Users\Demo\AppData\Local\debuggee.mdmp
2012-12-03 18:41 - 2012-12-03 18:41 - 0007607 _____ () C:\Users\Demo\AppData\Local\Resmon.ResmonCfg
2012-11-06 07:50 - 2013-12-08 18:30 - 0004610 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Demo\AppData\Local\Temp\avgnt.exe
C:\Users\Demo\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Demo\AppData\Local\Temp\Quarantine.exe
C:\Users\Test\AppData\Local\Temp\cabex.dll
C:\Users\Test\AppData\Local\Temp\Quarantine.exe
C:\Users\Test\AppData\Local\Temp\sqlite3.dll
C:\Users\Test\AppData\Local\Temp\VARemove.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 01:31
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 02 February 2015 - 12:53 PM

Hello yeltsyn,
 

I'm Stan and I will be helping you with this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

Thank you for the provided logs. I will review them as fast as I can and I will be back with further instructions. Meanwhile, please, try to work with the system as little as you can. If possible, disconnect the system from the Internet and connect only when you need to post or read instructions for additional steps.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 02 February 2015 - 07:02 PM

Hi Stan.  

Thank you for your response.  I can only respond in the evenings too, for I go to the university during daytime.  A slight delay is better than having no response at all. :) I would be waiting for your reply.



#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 04 February 2015 - 12:34 AM

Hello yeltsyn,
 
Before continuing, I want to ask you couple of questions that will throw some light over the case.

  • Are you familiar with the change of the start page of Internet Explorer? Did you set by yourself or you don't know how this happened?
  • Do you experience any slowdowns/misbehavior of the system? Are there other noticeable problems present?
  • I see that you have ESET Online Scanner on your system. I guess it was previously run on the system. What results popped out then? Were there any detections?
  • Have you intentionally installed the following extensions in Google Chrome:
Skyline Runner
Island Runner
3D Parking

 
********************

 Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove that program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
 
********************
 
This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   692bytes   5 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.
 
********************
 
Please, start Malwarebytes' Anti-Malware.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Click on Quarantine All and then choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 
After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
 
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
********************
 
Please, start again FRST. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan of the system and post the results in your next comment.
 
********************
 
In your next post, I will be waiting for:

  • Fixlog.txt
  • Log from Malwarebytes' Anti-Malware
  • FRST.txt
  • Addition.txt
  • How is your computer running now? Is the system running fine?

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 February 2015 - 06:04 AM

 

 

  • Are you familiar with the change of the start page of Internet Explorer? Did you set by yourself or you don't know how this happened?

No, I am not familiar with it.  It looks like a fake google search webpage.

 

 

  • Do you experience any slowdowns/misbehavior of the system? Are there other noticeable problems present?

No noticeable problems, except that google wants me to type a captcha every time I search.  Sometimes, it displays the words "We're sorry" and doesn't let me search because my computer is sending automated queries.

 

 

  • I see that you have ESET Online Scanner on your system. I guess it was previously run on the system. What results popped out then? Were there any detections?

I recently opened a topic here, on the forum "Am I infected?".  This is the link to my topic: http://www.bleepingcomputer.com/forums/t/565274/i-cant-access-google-because-of-automated-queries/ 

My helper required me to install and run ESET Online Scanner.

 

Here is the log: 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f6444e2c323894d9f452c6337de1c3f
# engine=22251
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-01 07:53:58
# local_time=2015-02-02 03:53:58 (+0800, Taipei Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 611619 19018723 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5786447 174450288 0 0
# scanned=417384
# found=85
# cleaned=84
# scan_time=20470
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=71B40E6E0A290129E0F0BADDF5FB0C0B83931CF1 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$R1NRD16.zip"
sh=B034BA5465CFA2109D81478B7D9E5149EA8BB04B ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RC111QH.zip"
sh=562BBB85407F4935D607FA43EF70CE5393451D11 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RLU8TON.zip"
sh=70DC5C021E62A6EB22B559B423E0A9DF26118956 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RSNV6NU.zip"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=232E9307CA737BF5BC24F7D2AC43A5ECDC90891F ft=1 fh=0e90513f52ca5fb3 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=53E8E12875A924F7FC677EC88A5ADF9229A39F59 ft=1 fh=9f4da6734ca6e94d vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe.vir"
sh=0501995068D611571638D8538FAFCEFBB35F0F17 ft=1 fh=737298c364a8bc5b vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostage.exe.vir"
sh=F76A2F6D978121EFB35F40113898860D5E0020D0 ft=1 fh=485e04bbc5de2cd5 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.51.exe.vir"
sh=DA86A043E1519CC31A69C46B7C536B7BEC28FC1F ft=1 fh=382342b3ccb2b8bd vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir"
sh=D8CC99E55B13E0965239AFE51F49996537A17DA7 ft=1 fh=3044abf3494d8a5c vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v2.18.exe.vir"
sh=D0F57118B38C42D5B30915A9ED0640294F63018A ft=1 fh=c38836ed2fa50518 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir"
sh=E179C2BD03717364DEAA0932F6493128E1B92901 ft=1 fh=6c8389960282f754 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.57.exe.vir"
sh=8C7BA92F8674F9D37B040D90C3E4182E81C0405D ft=1 fh=4c2da10d68fe0666 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir"
sh=9A1A181DC9C254E499BA0C2E03E465431CEDFCAA ft=1 fh=ac8bb93429cc4950 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe.vir"
sh=8AA603D3E7FFCB4117746543B2012E7B140E70BB ft=1 fh=7afcb4e0fc6e29e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll.vir"
sh=8C1CB25BB10CAE26F898CAE09C5CE29C8C25D0CF ft=1 fh=2671dd250fe983b5 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\Conduit\Chrome\CT3289075\CHUninstaller.exe.vir"
sh=9E25A856ACC5C4AF25FDAB5DDFDC9A329BC36231 ft=1 fh=d971216b9dbedb12 vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\Conduit\Chrome\CT3289075\UninstallerUI.exe.vir"
sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\NativeMessaging\CT3289075\1_0_0_10\TBMessagingHost.exe.vir"
sh=FEFE2A148E52A40A6A50C4FF7874F9C6F938910C ft=1 fh=a6e6b06e2f656293 vn="Win32/Toolbar.Babylon.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Test\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=07F2E033678F173CBB9292C877AC5038807262E5 ft=1 fh=2d281943605f0a72 vn="a variant of Win32/Toolbar.Babylon.AD potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Test\AppData\Roaming\BabSolution\Shared\GUninstaller.exe.vir"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=F5CEC54C9AAC59167BA95EC8077438BE381FBA3D ft=1 fh=6b9d0ee107127394 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CustoPackTools\utils\ask\AskInstallChecker.exe"
sh=C57AE913C12AC5C23D05DE6478EE63CC9F2399C2 ft=1 fh=19726e4289477f04 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CustoPackTools\utils\ask\askToolbarInstaller.exe"
sh=8F32875C50C828F12A5187957A7E6C63C0E97618 ft=1 fh=1d6a4f5c120f3a0c vn="Win32/HackTool.Crack.CQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Electronic Arts\The Sims 4 Digital Deluxe Edition\Game\Bin\3dmgame.dll"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=9D4BC95217FABCC09CC8F387253C5448B114D20D ft=1 fh=27b77563cac91378 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LCPDFR\LCPDFR Diagnostics Tool.exe"
sh=E958C3DE77D20E62D0C7D6C6A1C8029435F6B661 ft=1 fh=f5611d7220f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Windforge\Bin\steam_api.dll"
sh=D3F2257D15FFD9675B4FE5A92E35807D8ABC9AB0 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\ac3sptrainer.rar"
sh=65A297B1DC50DCC993796C4E73AC047A4D87E122 ft=0 fh=0000000000000000 vn="Win32/GameHack.QJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Warcraft III.rar"
sh=AA1356F25CDDCC7FB04222005D51506C50DCED68 ft=1 fh=6dbe8fdf489521c7 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\7.Days.To.Die.Alpha.6.1.Fixed.[DerpTeam]\7 Days To Die Alpha 6.1\steam_api.dll"
sh=17831F553EFFF89A3E531E3A84C03A2E56AEB5BB ft=1 fh=fc7e5bea12b52419 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\7.Days.To.Die.Alpha.6.1.Fixed.[DerpTeam]\7 Days To Die Alpha 6.1\crack\steam_api64.dll"
sh=1300A7E147313F072023CB715498EAE9039DA824 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Obsidium.AG trojan (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Crack\Trainer\Trainer.zip"
sh=18FF2F815F0648A9CDE767398BBE0C9A00BB4007 ft=0 fh=0000000000000000 vn="a variant of Java/PSW.OnLineGames.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Minecraft\minecraft-2.jar"
sh=691E7CD546C43BFCF5C8A1CA5018171998A9F26F ft=1 fh=b6ae811b3a01b23e vn="Win32/GameHack.QJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Warcraft III\w3l.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Utility\ccsetup408.exe"
sh=E9E69C03A8EA64DC79D2C712A9A35B47652AC3ED ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\WindForge.HI2U\hi-windf.iso"
sh=307E7AE762F9E3CCAECD9AA141ED368214E10423 ft=1 fh=3b38a08aeca3a57a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Downloads\avira_free_antivirus_en.exe"
sh=99DAC8228AD53731D9C878DB55ADAF246F124E7D ft=1 fh=0dc5f169debdac09 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Downloads\CustoPacks-1.0.0.40.exe"
sh=CE0F5005E55B6D39B15D07B2327271794C0C997D ft=1 fh=5a6af193914d31cb vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\soft\Plants vs Zombies\Plants vs Zombies +3 Trainer 1.0.0.1051.exe"
sh=22305C7E1E635C82AE6E4EB21A718A19154BE9DC ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcgfhagdikiadbckmcmjhmkagibmmlla\1.0.1_0\background.js"
sh=13F1BA1706ED1CEC20E124FC01D289B857DB0942 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcgfhagdikiadbckmcmjhmkagibmmlla\1.0.1_0\content.js"
sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\CheatEngine64.exe"
sh=412C1D08BEAAAE58BA3E4C9913987BC4DD69C87F ft=1 fh=4fd6604aecdc70ed vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\DH_patch-FIX.exe"
sh=40A86CEE83374A71FDFF6057660D8F6B60DF6C21 ft=1 fh=3702c3e34a89d6d6 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Far Cry 3.EXE"
sh=AF672B66179D30AEB5A09D97A11C1FCFDE771DF2 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\2. LCPD First Response 1.0d_2 Automatic Install (Alternative).zip"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Cheat Engine 6.2\standalonephase1.dat"
sh=32F2F22399F6E32FCAB17359D8CDCC8A015B9F29 ft=0 fh=0000000000000000 vn="a variant of MSIL/Hoax.Agent.NAD application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\3ds emulatorx + bios by draco.rar"
sh=4A7A620B2E1F779A945DCA1AC67FEFAFE4C54482 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\728c978339ccf685dfb6.zip"
sh=BA65274CFB1DE64C37724995E6937BB959DBCFAF ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\ACR-FX2+4trn.rar"
sh=379578312FBC7B602C891E2BF2733B5326D3A581 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\assassinumecrdx9-ch.zip"
sh=CD9B3766FA5FC4F35BF5740A90E962127C3C0B60 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\eMu3Ds_Setup.zip"
sh=CB41078BA61A5B7E14AD3FCE1ADEBB10BF50F398 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Crack\Trainer\acr_plus3_trainer.zip"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\ccsetup405.exe"
sh=8A324746091B39CAE5343CAC323E60621CD23629 ft=1 fh=ec691b604c2e1869 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\FFSetup3.0.1.1.exe"
sh=E179C2BD03717364DEAA0932F6493128E1B92901 ft=1 fh=6c8389960282f754 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\vpsetup.exe"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\documents\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\documents\Cheat Engine 6.2\standalonephase1.dat"
sh=8A324746091B39CAE5343CAC323E60621CD23629 ft=1 fh=ec691b604c2e1869 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\executable\FFSetup3.0.1.1.exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\executable\Shockwave_Installer_Slim.exe"
sh=F27A51138D02C8701172427C99FDD45B671D00D4 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\rarzip\FFSetup3.0.1.1.zip"
sh=BDFDDD99453FCB6D566CC162E43028F710AE714B ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\rarzip\Minecraft.rar"
sh=B87690DE76392D41E16B30A33F88A0856FB065F9 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\9874351327-ASCIII105.rar"
sh=D3F2257D15FFD9675B4FE5A92E35807D8ABC9AB0 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\ac3sptrainer.rar"
sh=3F4B357B8789C13EA738047C60FAFA44F75CEC48 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\AmnesiaTheDarkDescent14Trainer.zip"
sh=FF5183D63960B2CCD8D51A6CB73B579715028DCC ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\cube_alpha_trainer_+6.rar"
sh=1914FC0E74647E5F2120BAB71BC615D1A26EAC6A ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\fc3trainer2.rar"
sh=01DDC152DCCE4C7600ED7F0F140215237CA39FB2 ft=1 fh=b492841779fc3ea6 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\Sims 3 Trainer.exe"
sh=17831F553EFFF89A3E531E3A84C03A2E56AEB5BB ft=1 fh=fc7e5bea12b52419 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\7 Days To Die Alpha 6.1\crack\steam_api64.dll"
sh=FEADF69DA924F049F94F8D09BD702AAEA881AA80 ft=1 fh=c71c001159fa3598 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\dont_starve\bin\steam_api.dll"
sh=473E235207DDFE9AB1D44EB5179F8C0A99616368 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\GTA 4\Mods\RZR AND 1.0.7.0.zip"
sh=7DA66DB669C6E2AA54F174F2B2371DBE79245E48 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.CQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Documents\The Sims 4 - 2.iso"
sh=D43C1C126224AEE9756D91F617D1F4A9BED2F984 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Dont_Starve_26July_82208.7z"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Shockwave_Installer_Slim.exe"
sh=D22F0F5B136A553E24728668C0ED43B97B045055 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Sony Vegas Pro 13.0.zip"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=473E235207DDFE9AB1D44EB5179F8C0A99616368 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="D:\RZR AND 1.0.7.0.zip"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Backup GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=5FB8B25116127316455EFCF4C4C4D7B522EE6FAB ft=1 fh=08b64282b1facfc5 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Games\Dishonored PC full game + DLC ^^nosTEAM^^\Dishonored nosTEAM.part1.exe"
sh=ADCECC3D4C5435C9EB0004BCA85ED14D3BDDE3EE ft=1 fh=3e69c08b095cb53b vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Installed Games\Borderlands - The Pre-Sequel\Binaries\Win32\steam_api.dll"
sh=E09BCB4512B6688BF29D807752A29C9BD3DF55C6 ft=1 fh=d14900a5f1f9ee72 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Installed Games\Dishonored\Dishonored nosTEAM\Binaries\Win32\steam_api.dll"
sh=A29F1BB7C30DA497BD0EDC63AADD441D412C8E0C ft=1 fh=ed22d35fce23deb5 vn="a variant of Generik.GMLQFZM trojan (cleaned by deleting - quarantined)" ac=C fn="D:\Installed Games\Far Cry 3 Blood Dragon\bin\ubiorbitapi_r2_loader.dll"
sh=096BED0083F0764D6135CAAE2DF625692D44A8DF ft=1 fh=30ab0b02d7d818b6 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="D:\Installed Games\Watch_Dogs\bin\3dmGameDll.dll"
 

 

 

  • Have you intentionally installed the following extensions in Google Chrome:
Skyline Runner
Island Runner
3D Parking

No, did not installed these extensions.  These extensions did not even appear on the extensions page of Google Chrome.

 

The system seems to be running fine, other than the captcha.  I can see no system changes.

I will be doing the scans and the logs will be posted as soon as I am done.

 



#6 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 February 2015 - 06:55 AM

Here is the contents of the logs.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015

Ran by Demo at 2015-02-04 19:06:58 Run:1
Running from C:\Users\Demo\Desktop
Loaded Profiles: Demo (Available profiles: Demo & Test & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [Not Found] 
CHR HKLM-x32\...\Chrome\Extension: [kgbppieccdbeegcnekkgcnhdkloboddo] - No Path
AlternateDataStreams: C:\ProgramData\TEMP:10698F4B
AlternateDataStreams: C:\ProgramData\TEMP:6764D965
AlternateDataStreams: C:\Users\Test\AppData\Local\CVHcKDHNu35LD:yqoOGDYoPngsYpznz8BW
AlternateDataStreams: C:\Users\Test\AppData\Local\Temp:tzmXFlq4p7aCdGcq5GGeC6rGl6
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kgbppieccdbeegcnekkgcnhdkloboddo" => Key deleted successfully.
C:\ProgramData\TEMP => ":10698F4B" ADS removed successfully.
C:\ProgramData\TEMP => ":6764D965" ADS removed successfully.
C:\Users\Test\AppData\Local\CVHcKDHNu35LD => ":yqoOGDYoPngsYpznz8BW" ADS removed successfully.
C:\Users\Test\AppData\Local\Temp => ":tzmXFlq4p7aCdGcq5GGeC6rGl6" ADS removed successfully.
EmptyTemp: => Removed 191.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:07:23 ====
 
MBAM:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/4/2015
Scan Time: 7:14:34 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.04.04
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Demo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 491621
Time Elapsed: 25 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64, Quarantined, [947e9d7d5e2c3df928baa4fde122a55b], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys, Delete-on-Reboot, [c80d14a2d90969f4e1998490482c2e1b], 
PUP.Optional.OutBrowse, C:\Users\Test\Downloads\Windows 7 Loader.exe, Quarantined, [c74bce4c137769cdeb8b05d606fb847c], 
PUP.Optional.OutBrowse.gen, C:\Users\Test\Downloads\Windows7 Loader Activator.exe, Quarantined, [7b97b96193f7e5514b00dc3d7c860000], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Demo (administrator) on DEMO-PC on 04-02-2015 19:47:24
Running from C:\Users\Demo\Desktop
Loaded Profiles: Demo (Available profiles: Demo & Test & Guest)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-17] (VIA)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [Facebook Update] => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-05] (Facebook Inc.)
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Sun Broadband Wireless\Sun Broadband Wireless
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {005420b2-1200-11e3-8047-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0969e5c9-a5c8-11e3-b65c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0aa1e71e-99f3-11e3-a450-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac923-0865-11e3-95c0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac94f-0865-11e3-95c0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0d6ac95b-0865-11e3-95c0-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0dd4003f-6c5b-11e3-b6dc-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0f2c7b40-318a-11e3-91cd-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {0f2c7ba3-318a-11e3-91cd-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {11437ac2-51cc-11e3-a0e4-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {1190ec93-6dea-11e3-a326-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {12457c13-4454-11e3-a4c5-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {16a37a09-2cd4-11e3-9bda-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {16a37a1f-2cd4-11e3-9bda-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {17788dde-3643-11e3-a388-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {25a26165-059a-11e3-8941-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {28a9cb58-5d6f-11e3-8584-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {29509693-d808-11e3-8b9a-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2b65fbb4-df23-11e3-b34d-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2d5c5860-82ef-11e3-8eab-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {2e19df15-e8ca-11e3-88ab-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3115ec8c-8341-11e3-a572-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {32c12dea-0fbc-11e3-9723-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3688b636-fda0-11e2-8200-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {39e12deb-9d3c-11e3-8d47-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3aba6f5a-0ad4-11e3-9a38-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3cd1f928-8498-11e3-889e-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3d4ed826-3b04-11e3-a0c5-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3daecb8b-5a39-11e3-bb00-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {3e13bf24-3262-11e3-9c1b-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {4adb2ed3-be0f-11e3-8310-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {50bec882-5bfe-11e3-bce0-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {56eee415-2742-11e3-8fa4-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {5da6beb9-6baa-11e3-8461-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {64fc1805-0982-11e3-b930-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {65892913-950d-11e3-adc1-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {66ee51a4-1102-11e3-881a-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {6a0f72b7-24fa-11e3-8e80-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {71a1e4cc-fe9b-11e3-ba38-1078d2571942} - J:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {722ef59a-ea31-11e3-9d87-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {91b39794-8a7a-11e3-b025-d8046a7bd431} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {97c87edc-0af4-11e3-88a4-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {9c527c0b-5100-11e3-80c7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {a0b62f9e-0aed-11e3-92c7-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {a5a27aed-949d-11e3-9ca7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {abb2b2dd-d67a-11e3-ac8c-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {ad6a1fb2-95d6-11e3-9909-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b389af57-44f5-11e3-80a1-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b7bd7a9d-2b57-11e3-8832-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {b9f7636c-f681-11e2-8f85-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {bc8bd07c-9a88-11e3-adff-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {c22e3f69-4043-11e3-85df-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {c8d0016b-8483-11e3-ae0e-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {cbf5cb19-b496-11e3-b32c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {cbf5cb71-b496-11e3-b32c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {d7496381-5814-11e3-bef3-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {d879abf7-6235-11e3-9658-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dacfb13b-81b9-11e3-b35c-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dbb0915f-f393-11e2-a381-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {dc6b3caf-3885-11e3-ad84-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {de77d030-fc50-11e3-9a17-1078d2571942} - I:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e094873a-3a4a-11e3-813b-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e2add783-256f-11e3-b215-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {e87f21f3-0023-11e3-8e09-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {eb97a5a8-2697-11e3-bfeb-1078d2571942} - H:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {ec476a43-6adb-11e3-80c6-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {f2cd2cf8-62fc-11e3-a0b7-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {fb5cff40-2121-11e3-a1d2-1078d2571942} - F:\AutoRun.exe
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\MountPoints2: {fef76ae9-6c6f-11e3-8603-1078d2571942} - G:\AutoRun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Demo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st QuickRes.lnk
ShortcutTarget: 1st QuickRes.lnk -> C:\Program Files (x86)\1stQRes\1stqres.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartgooglesearch.blogspot.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: @eximion.com/KalydoPlayer -> C:\Users\Demo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Demo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: facebook.com/fbDesktopPlugin -> C:\Users\Demo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-1672708364-4241952335-2601737160-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-02]
FF HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-01-27]
FF Extension: No Name - C:\Users\Demo\AppData\Roaming\Mozilla\Firefox\Profiles\n91ilmzi.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Matthew Williamson) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhneppoibdckggbphlddbkdfnipiklp [2014-07-05]
CHR Extension: (Google Drive) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-06]
CHR Extension: (YouTube) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (Guitarist's Reference) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2012-12-13]
CHR Extension: (Adblock Plus) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-04]
CHR Extension: (Google Search) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (Skyline Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfikbdbjhcikedkehojkcdpbaaahjjjk [2013-01-31]
CHR Extension: (Full Screen Weather) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-11-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]
CHR Extension: (Digital Clock) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2012-11-27]
CHR Extension: (Island Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakknllcnbolbdkpnoichbhabdjeajm [2013-01-31]
CHR Extension: (Fileminx) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-19]
CHR Extension: (3D Parking) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgjnhabcgahcfdembgboapbefikbmld [2012-12-13]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2012-11-27]
CHR Extension: (Bastion) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2012-12-13]
CHR Extension: (Gmail) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-01-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206216 2013-10-04] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-12-06] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S2 Service KMSELDI; D:\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Demo\AppData\Local\Temp\7zS7E8C\hpslpsvc64.dll [X]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-29] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
U4 Messenger; No ImagePath
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 19:47 - 2015-02-04 19:47 - 00031341 _____ () C:\Users\Demo\Desktop\FRST.txt
2015-02-04 19:47 - 2015-02-04 19:47 - 00001546 _____ () C:\Users\Demo\Desktop\mbam.txt
2015-02-04 19:43 - 2015-02-04 19:43 - 00000000 ____D () C:\Users\Demo\Desktop\old
2015-02-03 17:42 - 2015-02-03 17:43 - 00003674 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-02-03 17:42 - 2015-02-03 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-02-03 17:39 - 2015-02-03 17:39 - 00000000 ____D () C:\Users\Test\Downloads\KMSpico 9.1.3 Final
2015-02-03 17:28 - 2015-02-03 17:28 - 00123831 _____ () C:\Users\Test\Desktop\Setup_product_12054.exe
2015-02-03 17:21 - 2015-02-03 17:21 - 00002709 _____ () C:\Users\Test\Downloads\legitcheck.hta
2015-02-03 17:11 - 2013-08-04 01:19 - 36814336 _____ () C:\Users\Test\Desktop\Microsoft Toolkit.exe
2015-02-03 16:21 - 2015-02-03 16:21 - 00001043 _____ () C:\Users\Test\Desktop\Free Alarm Clock.lnk
2015-02-03 16:21 - 2015-02-03 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2015-02-03 16:21 - 2015-02-03 16:21 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2015-02-03 16:20 - 2015-02-03 16:21 - 01729768 _____ (Comfort Software Group ) C:\Users\Test\Downloads\FreeAlarmClockSetup.exe
2015-02-02 21:59 - 2015-02-04 19:47 - 00000000 ____D () C:\FRST
2015-02-02 21:54 - 2015-02-02 21:58 - 02131456 _____ (Farbar) C:\Users\Demo\Desktop\FRST64.exe
2015-02-02 19:51 - 2015-02-02 19:51 - 09125024 _____ () C:\Users\Test\Downloads\Combined Face Replacer.zip
2015-02-02 18:15 - 2015-02-02 19:22 - 00002081 _____ () C:\Users\Test\Desktop\english.txt
2015-02-01 21:33 - 2015-02-01 21:33 - 02347384 _____ (ESET) C:\Users\Test\Downloads\esetsmartinstaller_enu.exe
2015-02-01 21:33 - 2015-02-01 21:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-01 21:31 - 2015-02-01 21:31 - 00001018 _____ () C:\Users\Test\Desktop\JRT.txt
2015-02-01 21:27 - 2015-02-01 21:27 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 21:25 - 2015-02-01 21:26 - 01707939 _____ (Thisisu) C:\Users\Test\Downloads\JRT.exe
2015-02-01 21:24 - 2015-02-01 21:24 - 00005430 _____ () C:\Users\Test\Desktop\AdwCleaner[S1].txt
2015-02-01 21:22 - 2015-02-04 19:41 - 00001128 _____ () C:\Windows\PFRO.log
2015-02-01 21:16 - 2015-02-04 19:45 - 00268925 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:16 - 2015-02-04 19:44 - 00003360 _____ () C:\Windows\setupact.log
2015-02-01 21:16 - 2015-02-01 21:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 20:52 - 2015-02-01 20:56 - 02194432 _____ () C:\Users\Test\Desktop\AdwCleaner.exe
2015-01-31 17:33 - 2015-01-31 17:33 - 00028748 _____ () C:\Users\Test\Desktop\lucy.(2014).eng.1cd.(5989342).zip
2015-01-31 17:28 - 2015-01-31 18:37 - 00000000 ____D () C:\Users\Test\Downloads\Alexander and the Terrible, Horrible, No Good, Very Bad Day (2014)
2015-01-31 14:37 - 2015-01-31 15:08 - 105342339 _____ () C:\Users\Test\Desktop\mb_warband_upgrade_1100_to_1166.exe
2015-01-31 14:36 - 2015-01-31 14:36 - 00000000 ____D () C:\Users\Test\Desktop\Mount&Blade Warband Savegames
2015-01-30 18:00 - 2015-01-30 18:18 - 103908756 _____ () C:\Users\Test\Desktop\mb_warband_upgrade_1100_to_1165.zip
2015-01-30 17:15 - 2015-01-30 18:18 - 00000000 ____D () C:\Users\Test\Documents\Mount&Blade Warband Savegames
2015-01-30 17:13 - 2015-02-02 20:42 - 00000000 ____D () C:\Users\Test\Documents\Mount&Blade Warband
2015-01-30 17:13 - 2015-02-01 13:28 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Mount&Blade Warband
2015-01-30 17:12 - 2015-01-30 17:12 - 00000889 _____ () C:\Users\Test\Desktop\Mount and Blade Warband.lnk
2015-01-30 17:12 - 2015-01-30 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade Warband
2015-01-30 17:07 - 2015-01-31 17:33 - 00000000 ____D () C:\Users\Test\Downloads\Lucy.2014.1080p.Dual-WOLVERDONFILMES.COM
2015-01-30 17:07 - 2015-01-30 17:07 - 00040560 _____ () C:\Users\Test\Desktop\[kickass.so]lucy.2014.bluray.1080p.dual.audio.torrent
2015-01-30 17:07 - 2015-01-30 17:07 - 00003643 ____R () C:\Users\Test\Downloads\Lucy.2014.1080p.Dual-WOLVERDONFILMES.COM.srt
2015-01-30 16:30 - 2015-01-30 16:39 - 00000000 ____D () C:\Users\Test\Downloads\MB_WARBAND_R.G.ILITA
2015-01-26 01:05 - 2015-01-26 01:05 - 00212628 _____ () C:\Users\Test\Desktop\MISTAKENLY MEANT FOR YOU [TO BE PUBLISHED].txt
2015-01-23 22:34 - 2015-01-23 22:34 - 00000726 _____ () C:\Users\Test\Desktop\horseisle2.txt
2015-01-19 19:00 - 2015-01-19 19:00 - 00426846 _____ () C:\Users\Test\Desktop\speedo-backup.wft
2015-01-18 22:19 - 2015-01-18 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response
2015-01-18 16:27 - 2015-01-20 20:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Test\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000971 _____ () C:\Users\Demo\Desktop\SpeedFan.lnk
2015-01-18 16:27 - 2015-01-18 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-01-16 16:20 - 2015-01-16 16:20 - 00000979 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-16 12:40 - 2015-02-04 19:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 12:40 - 2015-01-16 12:40 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 12:40 - 2015-01-16 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 12:40 - 2015-01-16 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 12:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 12:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 12:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 18:10 - 2015-01-14 18:21 - 00000000 ____D () C:\Users\Test\Downloads\The Judge (2014)
2015-01-14 18:10 - 2015-01-14 18:10 - 00033333 _____ () C:\Users\Test\Desktop\os3h18s.zip
2015-01-14 16:56 - 2015-01-14 18:10 - 00000000 ____D () C:\Users\Test\Downloads\Perfect Sisters (2014)
2015-01-09 20:27 - 2015-01-10 14:26 - 00000000 ____D () C:\ProgramData\RELOADED
2015-01-09 20:14 - 2015-01-09 20:14 - 00001232 _____ () C:\Users\Test\Desktop\Play Dishonored nosTEAM.lnk
2015-01-09 17:27 - 2015-01-18 16:39 - 00000000 ____D () C:\Users\Test\Desktop\Quotes
2015-01-08 18:29 - 2015-01-08 18:33 - 40673334 _____ () C:\Users\Test\Desktop\Nogizaka46 - Natsuno Free&Easy.mp4
2015-01-06 21:10 - 2013-04-23 16:50 - 01531392 _____ (Home of Gamehacking) C:\Users\Test\Desktop\sims3v15056+4tr.exe
2015-01-06 21:10 - 2013-04-23 16:21 - 00010891 _____ () C:\Users\Test\Desktop\sILeNt heLLsCrEAm.nfo
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 19:46 - 2013-07-28 14:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 19:41 - 2014-10-01 17:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 19:41 - 2014-08-09 21:13 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Demo
2015-02-04 19:41 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 19:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-04 19:18 - 2013-02-05 16:13 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000UA.job
2015-02-04 19:15 - 2014-10-01 17:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 19:14 - 2009-07-14 12:45 - 00039184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 19:14 - 2009-07-14 12:45 - 00039184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 19:12 - 2012-11-07 09:34 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{65F87A94-816C-46DF-9A8B-13E0A01BE884}
2015-02-04 19:09 - 2013-03-04 14:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 19:09 - 2012-12-11 13:33 - 00000008 __RSH () C:\Users\Demo\ntuser.pol
2015-02-04 19:09 - 2012-11-05 05:14 - 00000000 ____D () C:\Users\Demo
2015-02-04 19:08 - 2014-10-02 23:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-04 19:06 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-04 19:02 - 2014-07-06 21:02 - 00000911 _____ () C:\Windows\Tasks\EPSON L120 Series Update {C122C28C-01A6-4C60-A202-4425F068EDDD}.job
2015-02-04 19:02 - 2014-07-06 21:02 - 00000725 _____ () C:\Windows\Tasks\EPSON L120 Series Invitation {C122C28C-01A6-4C60-A202-4425F068EDDD}.job
2015-02-04 19:02 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-04 18:44 - 2013-02-19 19:54 - 00000000 ____D () C:\Users\Test\AppData\Roaming\vlc
2015-02-04 18:23 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 17:17 - 2014-10-01 17:05 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 16:44 - 2014-09-25 17:06 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Test
2015-02-04 09:39 - 2013-02-20 16:32 - 00000000 ____D () C:\Users\Test\AppData\Local\Adobe
2015-02-03 19:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 18:05 - 2009-07-14 10:34 - 00000615 _____ () C:\Windows\win.ini
2015-02-03 18:02 - 2013-02-20 15:20 - 00000000 ____D () C:\Users\Test\AppData\Roaming\uTorrent
2015-02-03 17:46 - 2013-07-28 14:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 17:46 - 2013-07-28 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:46 - 2013-07-28 14:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 16:18 - 2013-02-05 16:13 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000Core.job
2015-02-02 03:28 - 2013-05-03 09:38 - 00000000 ____D () C:\Users\Test\Desktop\Games
2015-02-02 02:58 - 2014-03-29 19:36 - 00000000 ____D () C:\Users\Demo\Desktop\WindForge.HI2U
2015-02-02 02:56 - 2014-02-20 15:18 - 00000000 ____D () C:\Users\Demo\Desktop\Utility
2015-02-02 02:56 - 2014-02-15 20:25 - 00000000 ___RD () C:\Users\Demo\Desktop\Games
2015-02-02 02:54 - 2014-11-23 16:49 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-02-01 21:21 - 2014-08-01 18:02 - 00000000 ____D () C:\AdwCleaner
2015-02-01 21:16 - 2014-06-16 20:01 - 00000000 ____D () C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2015-02-01 21:15 - 2013-07-27 13:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 21:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Cursors
2015-02-01 21:09 - 2014-10-29 19:23 - 00000000 ____D () C:\Users\Test\Desktop\apk
2015-02-01 21:09 - 2014-10-29 19:22 - 00000000 ____D () C:\Users\Test\Desktop\gta4
2015-02-01 21:09 - 2014-03-16 21:27 - 00000000 ____D () C:\Users\Test\Desktop\Banished_V1.00_32bit-64bit_Trainer_plus9
2015-02-01 13:20 - 2013-03-10 09:24 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2015-01-30 17:13 - 2013-07-04 17:55 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-16 16:20 - 2013-12-29 21:05 - 00000000 ____D () C:\Users\Test\AppData\Roaming\WinRAR
2015-01-16 16:20 - 2012-11-05 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-16 12:59 - 2014-10-29 19:27 - 00000000 ____D () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
2015-01-16 12:59 - 2014-10-17 12:38 - 00000000 ____D () C:\Windows\pss
2015-01-16 12:56 - 2012-11-11 13:51 - 00000000 ____D () C:\Users\Demo\AppData\Local\CRE
2015-01-16 12:32 - 2013-07-04 18:28 - 00000000 ____D () C:\Program Files (x86)\Cube World
2015-01-09 20:27 - 2013-02-22 19:14 - 00000000 ____D () C:\Users\Test\Documents\My Games
2015-01-07 20:31 - 2015-01-01 15:39 - 00330752 _____ () C:\Users\Test\Documents\Newsletter.pub
2015-01-05 21:45 - 2013-02-23 21:00 - 00000000 ___RD () C:\Users\Test\Desktop\Anime pics
 
==================== Files in the root of some directories =======
 
2014-04-11 18:43 - 2013-06-19 12:23 - 0000088 _____ () C:\Program Files (x86)\update-oblivion.bat
2014-04-11 18:43 - 2012-06-15 18:24 - 0003153 _____ () C:\Program Files (x86)\www.nosteam.ro.html
2013-02-16 15:56 - 2013-02-16 15:56 - 0001456 _____ () C:\Users\Demo\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-11-06 08:47 - 2013-02-21 19:32 - 0027136 _____ () C:\Users\Demo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-15 19:32 - 2013-02-08 20:25 - 0130034 _____ () C:\Users\Demo\AppData\Local\debuggee.mdmp
2012-12-03 18:41 - 2012-12-03 18:41 - 0007607 _____ () C:\Users\Demo\AppData\Local\Resmon.ResmonCfg
2012-11-06 07:50 - 2013-12-08 18:30 - 0004610 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 19:05
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Demo at 2015-02-04 19:48:31
Running from C:\Users\Demo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\uTorrent) (Version: 3.3.2.30544 - BitTorrent Inc.)
3D Analyze 3.34 (HKLM-x32\...\3D Analyze 3.34) (Version:  - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amnesia: A Machine for Pigs (HKLM-x32\...\Amnesia: A Machine for Pigs_is1) (Version:  - )
Amnesia: The Dark Descent version 1.0 (HKLM-x32\...\{BED5FA72-8D62-4214-A43E-F57A9BE7ADBB}_is1) (Version: 1.0 - Frictional Games)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.2.0 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Bus Driver 1.5 (HKLM-x32\...\Bus Driver) (Version: 1.5 - )
Call of Duty Modern Warfare 2 (HKLM-x32\...\{73D14915-FC99-4732-9CE9-4F43F0D09231}_is1) (Version:  - Activision)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Club Penguin Money Maker (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\a87d8e93174496f4) (Version: 1.2.0.0 - ClubPenguinCP)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CustoPackTools (HKLM\...\CustoPackTools) (Version:  - neOceane)
Cute Knight Deluxe version 1.0 (HKLM-x32\...\Cute Knight Deluxe_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Date Warp (HKLM-x32\...\{DF9FF7A7-CD54-44F2-A5C0-099131E258FD}) (Version: 1.0.0 - LeeGT-Games)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) <==== ATTENTION!
Desura: White Night (HKLM-x32\...\Desura_72709501354000) (Version: Full - Tanshaydar)
Endless War 3 (HKLM-x32\...\Endless War 3_is1) (Version:  - Vitaly Zaborov)
Endless War 4 (HKLM-x32\...\Endless War 4_is1) (Version:  - Vitalevych)
EPSON L120 Series Printer Uninstall (HKLM\...\EPSON L120 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry 3 Blood Dragon (HKLM-x32\...\Far Cry 3 Blood Dragon_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Garena - ELSWORD (HKLM-x32\...\ELSWORD) (Version:  - Garena Online Pte Ltd.)
GIF Viewer version 4.0.02 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 4.0.02 - Stefan Wobbe)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Grand Theft Auto 3 (HKLM-x32\...\Grand Theft Auto 3   Version 1.1) (Version:    Version 1.1 - )
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Gunpoint (HKLM-x32\...\Gunpoint_is1) (Version:  - )
HyperCam 3 (HKLM-x32\...\HyperCam 3) (Version: 3.4.1206.04 - Solveig Multimedia)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
iubes - iubes are intelligent cubes and we hate them all. (HKLM-x32\...\iubes) (Version: "1.0.0" - "Codrer")
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kalydo Player 5.09.05 (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\KalydoPlayer) (Version: 5.09.05 - Eximion B.V.)
KGB Archiver 1.2.1.24 (HKLM-x32\...\KGB Archiver_is1) (Version:  - Tomasz Pawlak)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Kumiko Manor 2.15 (HKLM-x32\...\Kumiko Manor 2.15) (Version:  - )
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
Magical Diary 1.09 (HKLM-x32\...\Magical Diary - Horse Hall_is1) (Version:  - Hanako Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Moonphase 3.3 (HKLM-x32\...\Moonphase 3.3) (Version:  - )
Mount and Blade Warband version 1.1.60 (HKLM-x32\...\Mount and Blade Warband_is1) (Version: 1.1.60 - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
My Tribe 1.00 (HKLM-x32\...\My Tribe 1.00) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{909724d9-fa61-4437-949e-011111552b09}) (Version:  - Nero AG)
New Vegas Configator version 1.6 (HKLM-x32\...\New Vegas Configator_is1) (Version: 1.6 - Rudolf Enberg)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Outlast (HKLM-x32\...\Outlast_is1) (Version: 1.0.11771.0 - Red Barrels)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.51 - NCH Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.18 - NCH Software)
Project: Snowblind 1.0 (HKLM-x32\...\Project: Snowblind) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.1 r2151 - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
RealWorld Cursor Editor (HKLM-x32\...\{9A585C55-39AB-4B76-B4B3-033F11BCDA8F}) (Version: 12.1.0 - RealWorld Graphics)
requiemkongregate (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\Kalydo App requiemkongregate) (Version: 0.00.01.160 - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
Sentinel System Driver (HKLM-x32\...\Rainbow Sentinel Driver) (Version:  - )
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 5.3 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.3.111 - Skype Technologies S.A.)
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 1.11.01.256 - Huawei Technologies Co.,Ltd)
Superfighters Deluxe Pre-Alpha (HKLM-x32\...\Superfighters Deluxe_is1) (Version:  - Mytho-Logic Interactive)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{B73F8343-4F23-4B37-B055-8443BEDAB72C}) (Version: 2.0.0.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tattoo (HKLM-x32\...\Tattoo) (Version: 1.11.00.158 - Huawei Technologies Co.,Ltd)
The Sims 4 Digital Deluxe Edition version 1.0 (HKLM-x32\...\{E45A3D1B-8014-4079-8087-DD696B1042CF}_is1) (Version: 1.0 - Maxis Soleed - EA Games)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Watch_Dogs_is1) (Version: 1.0.0.0 - Ubisoft)
Windows Driver Package - Atheros (L1C) Net  (08/03/2011 2.0.4.4) (HKLM\...\B3EF37B6451DDBAC1122FEE039281F1CFDD6A7AF) (Version: 08/03/2011 2.0.4.4 - Atheros)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
WorldPainter 1.7.1 (HKLM-x32\...\4144-4862-0472-7103) (Version: 1.7.1 - pepsoft.org)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Demo\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Demo\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Demo\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Demo\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{F7D4B6AD-AB5F-4fe8-9469-3A4697E41129}\InprocServer32 -> C:\Users\Demo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalydoplayer64.dll (Eximion B.V.)
CustomCLSID: HKU\S-1-5-21-1672708364-4241952335-2601737160-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Demo\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
07-12-2014 16:00:48 Installed DirectX
19-12-2014 16:51:57 Installed Vampire - The Masquerade Bloodlines
19-12-2014 16:58:24 Installed Vampire - The Masquerade Bloodlines
19-12-2014 17:07:22 Installed Vampire - The Masquerade Bloodlines
23-12-2014 16:15:30 Installed DirectX
16-01-2015 10:00:24 avast! antivirus system restore point
01-02-2015 13:16:26 Removed Bonjour
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-05 22:28 - 2011-01-27 15:00 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00F2A107-B742-40EB-AD4E-764793CA82DD} - System32\Tasks\{16C303E8-A9AC-4610-8B0A-A9587B03B0BD} => C:\Users\Test\Desktop\Grand Theft Auto IV\GTAIV.exe
Task: {0B34852C-52CA-4234-9070-0246BAF330DA} - System32\Tasks\{31F15E92-26B3-4176-A484-8A9AF6F949AC} => pcalua.exe -a "C:\Users\Test\Desktop\gta_mod_installer_v5.0_beta\GTA Mod Installer.exe" -d C:\Users\Test\Desktop\gta_mod_installer_v5.0_beta
Task: {0B993179-2B55-4F5F-9C6B-F817164F95F4} - System32\Tasks\{CFD054CA-265C-4880-8544-979222DDB1B1} => F:\COMPILATION OF MATH BOOKS\renzo\Working Model 2D + Keygen + Crack by eng.Arrow\wm2dkg.exe
Task: {0CC71FEC-FF43-46E8-8EA5-FDACEADBA774} - System32\Tasks\{104E8346-052E-4CCF-8AAC-911FC7C9E67C} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {11DCB1DB-6D1B-424E-8D79-8A67F9CD1792} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: {12906570-5853-4976-8E37-C13227FDAD9E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000UA => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-05] (Facebook Inc.)
Task: {1B89C5E9-C657-4A23-AF06-3CCA28E173A5} - System32\Tasks\{F386526F-CFE8-4105-BF19-57E6494F0546} => C:\Users\Demo\Desktop\ProjectZomboid\ProjectZomboid32.exe [2014-03-01] ()
Task: {1B8D843B-9A04-4B7B-86D4-980F05EFC179} - System32\Tasks\{2B8A359C-B55D-4825-866E-57FF074B6A13} => F:\mcraftgen1.4.exe
Task: {28614AFD-B1D0-412C-AC2A-B193F89BE975} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000Core => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-05] (Facebook Inc.)
Task: {29A851C4-27C8-4CED-B175-116C50D91FC2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2A2FF7B2-77A7-4A63-8D0B-BCFC20E2FFD3} - System32\Tasks\AdobeAAMUpdater-1.0-Demo-PC-Test => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {2F0FD279-1BDF-499B-AB28-D7F1CBA17B96} - System32\Tasks\{B8018DA3-AF05-4286-8B8F-4F4E0871CBBF} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {41F7D318-4D13-48CF-A22A-593A8DBA98A6} - System32\Tasks\EPSON L120 Series Invitation {C122C28C-01A6-4C60-A202-4425F068EDDD} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4299F990-8992-428B-ABD9-033F1FA0FB3B} - System32\Tasks\{8305C521-BE04-45BC-9F6A-4BF1B9606842} => C:\Users\Test\Desktop\Grand Theft Auto IV\GTAIV.exe
Task: {44B7D7F1-F656-4244-BD4B-DBCCFB954943} - System32\Tasks\{4402005D-F203-4012-9A41-3226686B2A50} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {45D2F891-5747-4768-B5E5-F3CDE3C60D5B} - System32\Tasks\{AD95543B-8AE2-4836-A484-82DFE791F65E} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {4AE7F2CF-A486-41B0-9ABD-7E8A2E131520} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4BD0B56C-67F4-4E99-BFC7-DDCBCB92AE58} - System32\Tasks\{6B83CCC7-2A76-426B-B0F3-CAF747BE3791} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {506F80AB-CA40-4B3A-89FE-863F5AEA084A} - System32\Tasks\{60A7785D-C84A-45B2-8613-C791B80CE7FA} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {5B4D0DE1-C9A8-409D-A887-32BE10247781} - System32\Tasks\{DE4C4885-3173-4EDD-8945-33B5583A1055} => pcalua.exe -a "C:\Users\Demo\Downloads\MoCreatures Mod Installer.exe" -d C:\Users\Demo\Downloads
Task: {6075A814-74EC-4018-B050-8E36EB1F26C4} - System32\Tasks\AutoPico Daily Restart => D:\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {6298EDA2-3F53-4DFE-8D99-FF79302FC656} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {659048E3-A1A8-45FF-B71D-3B8916F0E1A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {663FA5FB-C89B-40A5-BD3B-8174179298E1} - System32\Tasks\gg_uac_daemon_Demo => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-10-10] ()
Task: {685D37A9-1C01-4EA0-93E1-AB7496B87F8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6A7B2D0B-8C5D-4581-8D4A-74C742746E5A} - System32\Tasks\{9A05B179-2675-4FC2-868F-2F0FC6A151AA} => C:\Program Files (x86)\Counter Strike 1.6 Reloaded\cstrike.exe [2009-07-18] (0)
Task: {6C778249-1296-4270-9966-1AD51DEB20A6} - System32\Tasks\{2EF13D10-4863-4DF3-B86E-2BE24B07A182} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {78CC0BC6-3054-4DD0-8A5A-D4B9B58323DF} - System32\Tasks\{6A32FE6F-6DB9-451E-88EE-02134D3DE13B} => pcalua.exe -a C:\Users\Demo\Desktop\Utility\chklnks.exe -d C:\Users\Demo\Desktop\Utility
Task: {7DD47DE6-22AA-438B-8292-06E1694C3D85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {86265163-9305-4490-8E0E-FA1A1A7690AF} - System32\Tasks\EPSON L120 Series Update {C122C28C-01A6-4C60-A202-4425F068EDDD} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8D46F138-CDE6-4FE0-9363-3DC51C31BADF} - System32\Tasks\{E71FDDA2-DCF2-4779-9001-652E7573922A} => F:\COMPILATION OF MATH BOOKS\renzo\Working Model 2D + Keygen + Crack by eng.Arrow\wm2dkg.exe
Task: {8F15AAEA-A4F8-408D-807F-9A46988F039B} - System32\Tasks\{0416F451-F890-4D9D-AADF-E04422D8ABF9} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {99C586B8-1772-4C66-866C-4A4CFB8B3DF3} - System32\Tasks\{59FB5717-A11F-444F-BC35-30293DC36A11} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {9C34F842-EB4A-437A-815C-55B296C12F90} - System32\Tasks\{1B40940F-61E4-4C67-9C21-00BBA6C0A4FD} => pcalua.exe -a C:\Users\Test\Desktop\Sims3_1.6.6.002001_from_1.0.631.00001.exe -d C:\Users\Test\Desktop
Task: {9C37BF16-496A-4B4B-A950-ECCD1776024E} - System32\Tasks\{5428BCC5-900E-4BB8-A013-DF86D38D1A80} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {A12595BE-083C-4421-AD2A-FAE6F9140D5E} - System32\Tasks\{E2ABE9A9-34F8-4099-AF53-F3EB44478E17} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {A9B8EE9F-C3D6-4B99-896A-745A530827CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: {ACDD10E5-C9B8-4852-9F98-73199D45F954} - System32\Tasks\{1E8C7944-CE51-4C50-825A-9F38F7DF9077} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {AD710C0B-E79E-4982-A881-C4247DFCE00B} - System32\Tasks\{928A3D93-8E9C-4098-9E53-0A659CFC4409} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {B245C78F-C9C6-4503-BD65-2094E22217A7} - System32\Tasks\{DC816CA8-FDD8-4B8E-8B5C-7FFB82BC5EBF} => pcalua.exe -a C:\Users\Test\AppData\Local\Roblox\Versions\version-3285a67a39c94ff8\RobloxPlayerLauncher.exe -c -uninstall
Task: {B2D99D49-72BB-46FB-AA50-E7A69BAE1A8B} - System32\Tasks\{BE5D1344-701A-4A4F-B206-209E18E7861C} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {BA39A113-5337-483B-9B9E-0B159ED15272} - System32\Tasks\{AB3DE5FB-290A-47D8-B791-DC963A1E73FE} => pcalua.exe -a "C:\Users\Demo\Downloads\Adobe Photoshop CS5 Extended Setup © The Computer Guy Tony.exe"
Task: {BD16A769-CA7F-4D3C-B2A4-9AF8B7E247BC} - System32\Tasks\{A6B53684-C3F9-4A34-BF61-C1AC7523EBB8} => C:\Users\Test\Desktop\7 Days To Die - Alpha 64bit\7DaysToDie-Alpha Pre-cracked 64bit\7DaysToDie-Alpha Pre-cracked 64bit\7DaysToDie.exe
Task: {C397E6CC-7962-4327-9984-B4EA6B298BB0} - System32\Tasks\{2E351F06-A5DD-4994-9F38-72D95D7FEC6D} => F:\mcraftgen1.4.exe
Task: {D2E02737-3320-43A2-9780-ED50AC2A3A1A} - System32\Tasks\{EE26C3A1-3AAB-42EC-B8DC-E292286B91D5} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {D6F5A6BE-FF58-4459-9B8F-B933CDF44E97} - System32\Tasks\{C9BB4385-2625-469F-932E-534E6D4DFD6E} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {D8CB2D6F-E2F4-4794-BADC-E60E1553CEB3} - System32\Tasks\{3066E4F5-3153-42E7-83A6-9950C62882A2} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {DC1FA3CC-E9CB-4BCA-9FC9-C3BD23FE90BC} - System32\Tasks\{7D544B49-FDED-44AC-8515-CC433F7A68A1} => C:\Program Files (x86)\Counter Strike 1.6 Reloaded\cstrike.exe [2009-07-18] (0)
Task: {E0FC650E-62FE-4AD5-9665-43827DF00DD6} - System32\Tasks\{90201878-05DD-4ADC-A9F3-4164C37D3234} => C:\Users\Test\Desktop\Grand Theft Auto IV\GTAIV.exe
Task: {E4D8D789-661F-42BB-99BD-8960E111D47B} - System32\Tasks\gg_uac_daemon_Test => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-10-10] ()
Task: {EE552CF8-6A7E-44CA-82CC-84A137E4E026} - System32\Tasks\{FE9AB847-E168-414B-AAC0-3334719476AB} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {EF5DD2C1-E72C-419D-8A78-BDD88C7CEB17} - System32\Tasks\{6E2DE492-FC22-47FF-B888-7C98C2014114} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {F463C171-BD01-4064-B70E-24768D82A904} - System32\Tasks\{5D3147A0-ABCF-4739-A321-D6B94466ABEF} => F:\mcraftgen1.4.exe
Task: {F49F05C3-46BB-4813-8057-D944BB46C8F0} - System32\Tasks\{58717047-2347-418A-B869-6D5A6FE8E268} => C:\Users\Test\Desktop\gta\setup.EXE
Task: {F657E20D-9987-47CD-ADA2-665F050D5531} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Test logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
Task: {F7AE0538-488C-4A65-AC9D-CDD9057CAF5E} - System32\Tasks\{615EA018-89ED-447F-A283-E804C5CF1C0B} => C:\Users\Test\Desktop\ADOM\ADOM.EXE
Task: {FB1D1FA7-CCFA-4CEB-AEE5-7222142AAD4A} - System32\Tasks\{94595FED-9A90-4932-80E6-6BD57314D15E} => pcalua.exe -a C:\BigFishGamesCache\GameManager\GameDB\F7382T1L1\setup_gF7382T1L1_d1938008923_l1_s1.exe -d C:\BigFishGamesCache\GameManager\GameDB\F7382T1L1
Task: {FFC21DAB-6D15-49A9-A454-9E2B85C95953} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-02] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {C122C28C-01A6-4C60-A202-4425F068EDDD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Update {C122C28C-01A6-4C60-A202-4425F068EDDD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000Core.job => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1672708364-4241952335-2601737160-1000UA.job => C:\Users\Demo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfffe4a210fae3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-10 19:15 - 2013-10-10 19:15 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-09-16 13:52 - 2014-09-16 13:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-08 23:40 - 2013-12-06 18:03 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-05 06:07 - 2012-01-05 17:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-27 15:56 - 2012-04-21 15:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe
2013-10-10 19:15 - 2014-02-26 16:06 - 09899312 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2012-11-05 06:14 - 2012-01-17 10:56 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-11-05 06:14 - 2012-01-17 10:56 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-10-02 23:35 - 2014-10-02 23:35 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-04 19:09 - 2015-02-04 19:09 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020400\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-01-27 15:56 - 2012-07-15 12:27 - 02216480 ____N () C:\Windows\wweb32.dll
2013-01-27 15:56 - 2012-07-15 12:25 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2013-10-10 19:15 - 2014-03-04 16:29 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2013-10-10 19:15 - 2013-10-10 19:15 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2013-10-10 19:15 - 2014-02-21 16:41 - 00958256 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2013-10-10 19:15 - 2014-01-20 16:50 - 00891184 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2014-10-02 23:35 - 2014-10-02 23:35 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-05 06:08 - 2012-02-07 17:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-16 13:53 - 2014-09-16 13:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-10 19:15 - 2013-10-10 19:15 - 00598320 _____ () C:\Program Files (x86)\Garena Plus\UpdateEx.exe
2013-10-10 19:15 - 2013-10-10 19:15 - 00037168 _____ () C:\Program Files (x86)\Garena Plus\Zip7Module.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QZoom.lnk => C:\Windows\pss\QZoom.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SpeedBitVideoAccelerator => "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1672708364-4241952335-2601737160-500 - Administrator - Disabled)
Demo (S-1-5-21-1672708364-4241952335-2601737160-1000 - Administrator - Enabled) => C:\Users\Demo
Guest (S-1-5-21-1672708364-4241952335-2601737160-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1672708364-4241952335-2601737160-1004 - Limited - Enabled)
Test (S-1-5-21-1672708364-4241952335-2601737160-1002 - Administrator - Enabled) => C:\Users\Test
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/04/2015 07:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe97ec0565
Faulting process id: 0xa68
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (02/04/2015 07:41:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 07:31:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/04/2015 07:09:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94e70565
Faulting process id: 0xce0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (02/04/2015 07:09:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 07:01:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/04/2015 04:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94c70565
Faulting process id: 0x32c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (02/04/2015 04:44:48 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 09:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe99b30565
Faulting process id: 0x8e4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (02/04/2015 09:30:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (02/04/2015 07:43:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (02/04/2015 07:43:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2015 07:41:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/04/2015 07:41:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: 
%%2
 
Error: (02/04/2015 07:41:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Sentinel service depends on the Parallel port driver service which failed to start because of the following error: 
%%1058
 
Error: (02/04/2015 07:11:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (02/04/2015 07:10:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2015 07:09:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/04/2015 07:09:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: 
%%2
 
Error: (02/04/2015 07:08:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Sentinel service depends on the Parallel port driver service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (02/04/2015 07:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.00000000000000000000007fe97ec0565a6801d0406f8d8e4c7dD:\KMSpico\Service_KMS.exeunknownf55c2bc1-ac62-11e4-8f08-1078d2571942
 
Error: (02/04/2015 07:41:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 07:31:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Test\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/04/2015 07:09:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.00000000000000000000007fe94e70565ce001d0406b080f0020D:\KMSpico\Service_KMS.exeunknown538d20e5-ac5e-11e4-8bbf-1078d2571942
 
Error: (02/04/2015 07:09:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 07:01:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/04/2015 04:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.00000000000000000000007fe94c7056532c01d04056c5478ee8D:\KMSpico\Service_KMS.exeunknown185ec837-ac4a-11e4-9e3b-1078d2571942
 
Error: (02/04/2015 04:44:48 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/04/2015 09:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.00000000000000000000007fe99b305658e401d0401a0c401fb4D:\KMSpico\Service_KMS.exeunknown6f006df2-ac0d-11e4-bdb6-1078d2571942
 
Error: (02/04/2015 09:30:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-09 23:24:13.812
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ew_jucdcecm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-09 23:24:13.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ew_jucdcecm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 26%
Total physical RAM: 7126.72 MB
Available physical RAM: 5225.25 MB
Total Pagefile: 19412.86 MB
Available Pagefile: 17544.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:439.45 GB) (Free:63.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:492.05 GB) (Free:314.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2052474D)
Partition 1: (Active) - (Size=439.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
I will be informing you when I still encounter the google search problems.


#7 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 05 February 2015 - 12:36 AM

Hello yeltsyn,
 
Thank you for the provided logs! The lines that I was targeting are gone so we have some progress. The Google search problem can be related to both malware or can be explained with certain state of the Internet provider/Google services. We will check that later in the post.
 
********************
 
While going through the logs, I noticed that you have been using software related to Windows Activation. Since using these kind of tools is illegal, I will advise you to stop using them (uninstall the current tool) or at least - not using them during the cleanup process. I will also advise you not installing any software or downloading any additional executables/software installations during our work here. This way, we can provide clean base to be working on.
 
********************
 
This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   677bytes   3 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 
********************
 
In your next post I will be waiting for the Fixlog from FRST and information about the current state of the machine and the state of Google's captcha issue.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#8 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 05 February 2015 - 07:00 AM

My sister uses this computer mainly, and she installed it to activate this computer's license. We can't afford to buy a legitimate copy, unfortunately. I uninstalled it now.

 

Here are the contents of the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Demo at 2015-02-05 19:55:01 Run:2
Running from C:\Users\Demo\Desktop
Loaded Profiles: Demo (Available profiles: Demo & Test & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartgooglesearch.blogspot.com/
CHR Extension: (Skyline Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfikbdbjhcikedkehojkcdpbaaahjjjk [2013-01-31]
CHR Extension: (Island Runner) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakknllcnbolbdkpnoichbhabdjeajm [2013-01-31]
CHR Extension: (3D Parking) - C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgjnhabcgahcfdembgboapbefikbmld [2012-12-13]
File: C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys
*****************
 
HKU\S-1-5-21-1672708364-4241952335-2601737160-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfikbdbjhcikedkehojkcdpbaaahjjjk => Moved successfully.
C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakknllcnbolbdkpnoichbhabdjeajm => Moved successfully.
C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgjnhabcgahcfdembgboapbefikbmld => Moved successfully.
 
========================= File: C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys ========================
 
"C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys" not found.
====== End Of File: ======
 
 
==== End of Fixlog 19:55:02 ====
 
The captcha issue does not occur everytime I search. However, the captcha still occurs on websites secured by CloudFlare. What exactly is wrong with the computer, if I may ask?


#9 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 05 February 2015 - 07:43 AM

I think the computer is infected with a botnet.  Out of curiosity, I checked my IP on IP blacklists and it was blacklisted due to bad activity like being a mail server, dictionary attacker, and comment spammer.  It was also seen with 30 user agents.  How bad is that?



#10 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 06 February 2015 - 01:12 AM

Hello yeltsyn,

 


My sister uses this computer mainly, and she installed it to activate this computer's license. We can't afford to buy a legitimate copy, unfortunately. I uninstalled it now.

 

I completely understand your position and I'm thankful that you removed it from the system at least to the end of the cleaning process.

 


The captcha issue does not occur everytime I search. However, the captcha still occurs on websites secured by CloudFlare. What exactly is wrong with the computer, if I may ask?

 

Actually, I think that there is possibility that the problem is not related to your system at all. The computer had some adware present but nothing that can have any disruptive characteristics. The Cloudflare secure system is, generally said, based on system of IP addresses ratings. If certain address is potentially dangerous, captcha code is being added to ensure that the site is not being accessed/reached by bot system or other malicious software. The problem here is that this system gives a good amount of false-positives and often causes users to be annoyed.

 


I think the computer is infected with a botnet.  Out of curiosity, I checked my IP on IP blacklists and it was blacklisted due to bad activity like being a mail server, dictionary attacker, and comment spammer.  It was also seen with 30 user agents.  How bad is that?

 

It is not necessary bad until we find malicious activity from your system. How do you connect to the Internet? Is the IP address assigned to the system static or dynamic? Is the system behind a router?

 

*********************

 

Please, run new scans with both ESET Online Scanner and Malwarebytes' Anti-Malware and post the results in your next post.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#11 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 06 February 2015 - 06:57 AM

Oh, all right. I did not even know that adware are present on our computer. We always use adblock because some users of the computer are easily fooled by advertisements posing as buttons.

 

Do you think that the malware that have been causing us problems may have been removed from the first ESET scan that I did on the machine? Or am I just paranoid about our computer being infected?

 

The system is behind a router, and its IP is a dynamic address.

 

I will post the logs as soon as I can. This is a busy week for me, and there might be a delay on my reply.



#12 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 07 February 2015 - 09:36 AM

The contents of MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/7/2015
Scan Time: 9:47:06 PM
Logfile: MBlog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.07.05
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Test
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 492548
Time Elapsed: 26 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
The ESET Online Scanner did not produce a log.  What should I do next?


#13 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 08 February 2015 - 08:48 AM

Hello yeltsyn,

 

Oh, all right. I did not even know that adware are present on our computer. We always use adblock because some users of the computer are easily fooled by advertisements posing as buttons.

 

While using AdBlock is excellent practice to be followed, adware may come to the system using very different methods. Most of the times it is distributed either through adware-related internet sites or bundled in legitimate installers.

 

Do you think that the malware that have been causing us problems may have been removed from the first ESET scan that I did on the machine? Or am I just paranoid about our computer being infected?

 

The detections were related either to the adware that we were discussing above or patches/cracks used for certain software/games installed. A lot of times that kind of software contains malicious code but often modifications that are made there force antivirus software/scanners to throw false-positive detections. Also, no, you are not paranoid. It is completely understandable being concerned for your system's security.

 

I will post the logs as soon as I can. This is a busy week for me, and there might be a delay on my reply.

 

There is no problem at all. Take your time, I will be waiting for the additional information.

 

The ESET Online Scanner did not produce a log.  What should I do next?

 

Were there any entries detected from ESET Online scanner during the scanning process or the scan appeared to be clean?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#14 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 08 February 2015 - 09:55 AM

Yeah, I've seen that some of the detections were from the games that was installed by my sister.  Nothing was detected by the online scanner. Does that mean my computer is clean?



#15 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 10 February 2015 - 01:13 AM

Hello yeltsyn,

 

Does that mean my computer is clean?

 

We are going to check that right now. Until now, those results indicate that there is no malware on the system but I need to run one more scan to check what is the actual state of the machine.

 

Please, delete your version of FRST and download the it's latest version. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan of the system and post the results in your next comment.

 

You are doing great job so far and maybe we are almost at the end!


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users