Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

regedit, notepad, and other program closes itself after 1 second, URGENT!


  • This topic is locked This topic is locked
8 replies to this topic

#1 A.J21

A.J21

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 24 March 2015 - 09:27 AM

guys im new in this forum, nice to meet you all, it started yesterday, can someone please help me? i really need to do something urgent but this things occured

thanks in advance :)

these are the logs from hijack

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:12:01 PM, on 3/24/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
FIREFOX: 30.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\SysWOW64\mspaint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Windows\SysWOW64\calc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Albert\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Windows Update Manager] C:\Users\Albert\AppData\Roaming\WindowsUpdate\MSupdate.exe
O4 - HKCU\..\Run: [Windows Update Installer] C:\Users\Albert\AppData\Roaming\WindowsUpdate\Updater.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68C93BD3-505E-4285-B1D5-B6255DE08E15}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AAE3837-75C2-4D99-8FB8-53AD35369FD7}: NameServer = 4.2.2.1,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{E09C62EA-EDE2-4540-B4A8-9AA5E3ABC9CD}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2015 64-bit (mi-raysat_3dsmax2015_64) - Unknown owner - D:\3dsmax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RadeonPro Support Service - Mr. John aka japamd - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
 
--
End of file - 10997 bytes
 
 
and again, thanks in advance


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:33 PM

Posted 24 March 2015 - 10:11 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:
Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by deeprybka, 24 March 2015 - 10:14 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 A.J21

A.J21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 24 March 2015 - 10:49 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Albert (administrator) on ALBERT-PC on 24-03-2015 22:35:12
Running from C:\Users\Albert\Downloads
Loaded Profiles: Albert (Available profiles: Albert & andreas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [e7b93b397c3976f2e9ec654820857a9d] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Run: [Windows Update Manager] => C:\Users\Albert\AppData\Roaming\WindowsUpdate\MSupdate.exe [128000 2015-03-24] (Ghisler Software GmbH)
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Run: [Windows Update Installer] => C:\Users\Albert\AppData\Roaming\WindowsUpdate\Updater.exe [220672 2015-03-24] (Ghisler Software GmbH)
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\MountPoints2: {6a03a4b4-1dc6-11e3-9ee6-1c6f65f94260} - F:\AutoRun.exe
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\MountPoints2: {a7295f98-ae84-11e4-8ae3-1c6f65f94260} - F:\StartUse.exe
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\MountPoints2: {efe11caa-29f4-11e4-b2af-1c6f65f94260} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000 -> {00768758-05B9-4e05-B0AA-4F940DF8DA5B} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000 -> {8E56BB53-5CA6-11E3-A8FC-1C6F65F94260} URL = http://searchinfinitas.com/?affilt=4&q={searchTerms}&id={750324A8-9642-4EF6-9941-C7E28FC6F550}
SearchScopes: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000 -> {AFA4D525-2F28-4fc1-8ED9-5FA397FD6394} URL = http://id.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-10-01] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-07] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-07] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-10-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-07] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-07] (Oracle Corporation)
Toolbar: HKLM - Kango - {F051F6BF-82D9-49A7-9E6C-BA63CDB487D2} - C:\Program Files (x86)\Notificatoin\1.0.0\KangoBHO64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 61.247.0.130 61.247.0.133 202.73.99.4
Tcpip\..\Interfaces\{68C93BD3-505E-4285-B1D5-B6255DE08E15}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7AAE3837-75C2-4D99-8FB8-53AD35369FD7}: [NameServer] 4.2.2.1,4.2.2.6
Tcpip\..\Interfaces\{E09C62EA-EDE2-4540-B4A8-9AA5E3ABC9CD}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF Homepage: hxxp://searchinfinitas.com/?affilt=4&id={750324A8-9642-4EF6-9941-C7E28FC6F550}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-09-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Users\andreas\Desktop\GarenaLoLID\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-19] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3582687174-1041168994-1246322318-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Albert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3582687174-1041168994-1246322318-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Notificatoin - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default\Extensions\{941E9C01-F8E0-493E-B814-E693BC99A1A1} [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Albert\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Albert\AppData\Roaming\IDM\idmmzcc5 [2013-06-08]
FF HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Albert\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default\extensions\WebSiteRecommendation@weliketheweb.com [Not Found]
FF Extension: No Name - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default\extensions\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}.xpi [Not Found]
FF Extension: No Name - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB3Q%5EYYYYYY%5EYY%5EID&gct=hp&o=APN11004cr&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EID&tpid=SGT-V7&apn_dbr=cr_30.0.1599.66&trgb=CR&apn_uid=581DD33D-490A-4F69-A63F-AE1A093E4D93&itbv=12.5.1.1356&doi=2013-10-04&psv=
CHR StartupUrls: Default -> "hxxp://searchinfinitas.com/?affilt=4&id={750324A8-9642-4EF6-9941-C7E28FC6F550}"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-01]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-01]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-01]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-01]
CHR Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-24]
CHR Extension: (IDM Integration) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2013-06-08]
CHR Extension: (Adventure Time - Finn, Jake and BMO) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmcldedofhabl [2013-08-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Skype Click to Call) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-02]
CHR Extension: (Google Wallet) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-01]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Notificatoin) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2015-02-05]
CHR Extension: (IDM Integration) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2015-02-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Skype Click to Call) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-05]
CHR Extension: (Totoro Rainy Day) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 mi-raysat_3dsmax2015_64; D:\3dsmax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
S4 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5224136 2013-11-04] (INCA Internet Co., Ltd.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
S4 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
S4 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S4 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S4 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
S4 AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
R2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 USB_Ethernet_Adaptor; C:\Windows\System32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-05-04] (Corechip Semiconductor, Inc. Co Ltd.)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2011-03-01] (CyberLink Corp.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 dump_wmimmc; \??\h:\cj netmarble\elsword indonesia\data\GameGuard\dump_wmimmc.sys [X]
S3 GGSAFERDriver; \??\F:\Garena Plus\Garena Plus\Room\safedrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-24 22:35 - 2015-03-24 22:38 - 00029700 _____ () C:\Users\Albert\Downloads\FRST.txt
2015-03-24 22:35 - 2015-03-24 22:36 - 00000000 ____D () C:\FRST
2015-03-24 22:34 - 2015-03-24 22:34 - 02095616 _____ (Farbar) C:\Users\Albert\Downloads\FRST64.exe
2015-03-24 21:48 - 2015-03-24 21:48 - 00000000 ____D () C:\Users\Albert\.swt
2015-03-24 21:47 - 2015-03-24 21:47 - 00000282 _____ () C:\Windows\Tasks\LaunchSignup.job
2015-03-24 21:44 - 2015-03-24 22:38 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Azureus
2015-03-24 21:44 - 2015-03-24 21:44 - 00001764 _____ () C:\Users\Public\Desktop\Vuze.lnk
2015-03-24 21:44 - 2015-03-24 21:44 - 00001764 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-03-24 21:44 - 2015-03-24 21:44 - 00000000 ____D () C:\Program Files\Vuze
2015-03-24 21:33 - 2015-03-24 21:33 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Albert\Downloads\VuzeBittorrentClientInstaller.exe
2015-03-24 21:15 - 2015-03-24 21:12 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-24 21:12 - 2015-03-24 21:12 - 00010999 _____ () C:\Users\Albert\Desktop\hijackthis.log
2015-03-24 21:12 - 2015-03-24 21:12 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Avira
2015-03-24 21:11 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-24 21:11 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-24 21:11 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-24 21:08 - 2015-03-24 21:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Albert\Downloads\HijackThis.exe
2015-03-24 20:52 - 2015-03-24 20:59 - 00000000 ____D () C:\AdwCleaner
2015-03-24 20:50 - 2015-03-24 20:51 - 02168320 _____ () C:\Users\Albert\Downloads\AdwCleaner.exe
2015-03-24 20:43 - 2015-03-24 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-24 20:43 - 2015-03-24 21:11 - 00000000 ____D () C:\ProgramData\Avira
2015-03-24 20:43 - 2015-03-24 21:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-24 20:43 - 2015-03-24 20:43 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-24 20:41 - 2015-03-24 20:41 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Albert\Downloads\avira_en_av_551169b1e536f__wsm.exe
2015-03-24 19:29 - 2015-03-24 19:36 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-24 19:29 - 2015-03-24 19:29 - 00000000 ____D () C:\Users\Albert\AppData\Local\MFAData
2015-03-24 19:29 - 2015-03-24 19:29 - 00000000 ____D () C:\Users\Albert\AppData\Local\Avg2015
2015-03-24 19:28 - 2015-03-24 19:29 - 04816784 _____ (AVG Technologies) C:\Users\Albert\Downloads\avg_free_stb_all_5856p1_177.exe
2015-03-24 19:15 - 2015-03-24 19:15 - 00000840 _____ () C:\Users\Albert\Desktop\BitTorrent.lnk
2015-03-24 19:15 - 2015-03-24 19:15 - 00000820 _____ () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-24 19:14 - 2015-03-24 19:27 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\BitTorrent
2015-03-24 19:14 - 2015-03-24 19:14 - 01744472 _____ (BitTorrent Inc.) C:\Users\Albert\Downloads\BitTorrent (1).exe
2015-03-24 19:05 - 2015-03-24 19:05 - 00000841 _____ () C:\Users\andreas\Desktop\BitTorrent.lnk
2015-03-24 19:05 - 2015-03-24 19:05 - 00000821 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-24 19:04 - 2015-03-24 19:04 - 01744472 _____ (BitTorrent Inc.) C:\Users\Albert\Downloads\BitTorrent.exe
2015-03-24 18:27 - 2015-03-24 18:34 - 66544331 _____ () C:\Users\andreas\Downloads\5321 - Rune Factory 3 - A Fantasy Harvest Moon (U).rar
2015-03-24 18:27 - 2015-03-24 18:33 - 58495878 _____ () C:\Users\andreas\Downloads\2979 - Rune Factory 2 - A Fantasy Harvest Moon (U)(XenoPhobia).7z
2015-03-24 14:00 - 2015-03-24 14:00 - 00025321 _____ () C:\Users\Albert\Downloads\TheButterflyEffect2004-2009Trilogy1080pBrRip5.1x264aacTuGAZx - ThePirateBay.TO.torrent
2015-03-24 13:59 - 2015-03-24 14:00 - 01738064 _____ (BitTorrent Inc.) C:\Users\Albert\Downloads\uTorrent.exe
2015-03-24 13:57 - 2015-03-24 13:57 - 01744472 _____ (BitTorrent Inc.) C:\BitTorrent.exe
2015-03-24 13:54 - 2015-03-24 13:54 - 00041870 _____ () C:\Users\Albert\Downloads\Life_Is_Strange_Episode_1-FLT-[rarbg.com].torrent
2015-03-23 23:17 - 2015-03-23 23:35 - 00000374 _____ () C:\Users\andreas\AppData\Roaming\burnaware.ini
2015-03-23 23:16 - 2015-03-23 23:16 - 03557365 _____ () C:\Users\andreas\Downloads\Attachments_2015323 (2).zip
2015-03-23 23:14 - 2015-03-23 23:16 - 00000376 _____ () C:\Users\Albert\AppData\Roaming\burnaware.ini
2015-03-23 23:12 - 2015-03-23 23:12 - 00373936 _____ () C:\Users\andreas\Downloads\download-burnaware-free.exe
2015-03-23 22:52 - 2015-03-23 23:00 - 85828344 _____ (Nero AG) C:\Users\andreas\Downloads\Nero_BurningROM2015-16.0.02000_trial.exe
2015-03-23 19:22 - 2015-03-23 19:22 - 05830528 _____ () C:\Users\andreas\Desktop\3-23-15.rar
2015-03-23 19:20 - 2015-03-23 19:21 - 00000000 ____D () C:\Users\andreas\Desktop\3-23-15
2015-03-23 19:11 - 2015-03-23 19:11 - 00698325 _____ () C:\Users\andreas\Downloads\Attachments_2015323 (1).zip
2015-03-23 19:10 - 2015-03-23 19:20 - 00000000 ____D () C:\Users\andreas\Desktop\OLD 3DS DALEM AJA CARBON
2015-03-23 19:10 - 2015-03-23 19:10 - 01212581 _____ () C:\Users\andreas\Downloads\Attachments_2015323.zip
2015-03-23 18:53 - 2015-03-23 18:53 - 00000000 ____D () C:\Users\andreas\Desktop\hasil jadi
2015-03-23 08:08 - 2015-03-23 08:08 - 04659962 _____ () C:\Users\andreas\Desktop\hyhjkjhj.PSD
2015-03-23 07:43 - 2015-03-23 07:43 - 00000000 ____D () C:\Users\andreas\Desktop\MH4g
2015-03-20 18:50 - 2015-03-24 21:02 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\WindowsUpdate
2015-03-20 18:39 - 2015-03-20 18:40 - 14668660 _____ () C:\Users\andreas\Downloads\1984 - Bomberman Land Touch! 2 (U)(SQUiRE).7z
2015-03-20 13:35 - 2015-03-20 13:35 - 06374848 _____ () C:\Users\andreas\Desktop\20-3-15.rar
2015-03-20 13:17 - 2015-03-20 13:35 - 00000000 ____D () C:\Users\andreas\Desktop\PSVITA FAT DOFF
2015-03-20 13:17 - 2015-03-20 13:26 - 00000000 ____D () C:\Users\andreas\Desktop\NEW 3DSXL, 2 DOFF
2015-03-20 13:16 - 2015-03-20 13:24 - 00000000 ____D () C:\Users\andreas\Desktop\NEW 3DSXL, 1 DOFF
2015-03-20 00:05 - 2015-03-19 10:05 - 00877126 _____ () C:\Users\andreas\Desktop\skin.rar
2015-03-20 00:04 - 2015-03-20 00:05 - 02011932 _____ () C:\Users\andreas\Downloads\Attachments_2015320.zip
2015-03-19 21:19 - 2015-03-24 17:48 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Windows Live
2015-03-19 21:18 - 2015-03-24 19:03 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\WindowsUpdate
2015-03-18 22:28 - 2015-03-18 22:28 - 00034432 _____ () C:\Users\andreas\Downloads\monster_hunter_font__type_1_and_2_by_xmitsarugix-d6aq7mf.rar
2015-03-18 22:18 - 2015-03-18 22:19 - 03977744 _____ () C:\Users\andreas\Downloads\16-03-15 (1).rar
2015-03-18 22:14 - 2015-03-18 22:16 - 06157342 _____ () C:\Users\andreas\Downloads\12-3-15 (1).rar
2015-03-18 21:47 - 2015-03-18 21:47 - 00485511 _____ () C:\Users\andreas\Desktop\maroon.PSD
2015-03-18 20:33 - 2015-03-18 21:46 - 00000000 ____D () C:\Users\andreas\Desktop\ngoceh
2015-03-18 20:11 - 2015-03-18 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-18 20:11 - 2015-03-18 20:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-18 20:11 - 2015-03-18 20:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-18 20:10 - 2015-03-18 20:11 - 13087456 _____ (Microsoft Corporation) C:\Users\andreas\Downloads\Silverlight_x64.exe
2015-03-18 10:10 - 2015-03-18 10:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2015-03-18 10:10 - 2014-08-20 02:12 - 01493784 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2015-03-17 22:56 - 2015-03-17 22:57 - 00000000 ____D () C:\Users\andreas\Desktop\Athena's ASS MH4U 1.01b
2015-03-17 22:55 - 2015-03-17 22:56 - 13234854 _____ () C:\Users\andreas\Downloads\Athenas ASS MH4U 1.01b.rar
2015-03-17 19:33 - 2015-03-17 19:35 - 00000000 ____D () C:\Users\andreas\Desktop\order tanggal
2015-03-17 11:25 - 2015-03-22 12:12 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-17 11:25 - 2015-03-17 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 11:23 - 2015-03-17 11:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0606a243744dc.job
2015-03-17 11:23 - 2015-03-17 11:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 11:19 - 2015-03-17 11:19 - 00880208 _____ (Google Inc.) C:\Users\Albert\Downloads\ChromeSetup(1).exe
2015-03-17 07:37 - 2015-03-24 21:02 - 00220672 _____ (Ghisler Software GmbH) C:\Users\Albert\AppData\Roaming\c731200
2015-03-17 07:37 - 2015-03-24 21:02 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Update
2015-03-17 07:36 - 2015-03-24 19:03 - 00294912 _____ () C:\Users\andreas\AppData\Roaming\c731200
2015-03-17 07:36 - 2015-03-24 19:03 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Update
2015-03-17 07:32 - 2015-03-17 07:33 - 06157342 _____ () C:\Users\andreas\Downloads\12-3-15.rar
2015-03-17 07:32 - 2015-03-17 07:32 - 01455098 _____ () C:\Users\andreas\Downloads\3-13-15.rar
2015-03-16 21:46 - 2015-03-16 21:47 - 03977744 _____ () C:\Users\andreas\Downloads\16-03-15.rar
2015-03-16 08:55 - 2015-03-16 08:55 - 00000950 _____ () C:\Users\Albert\Desktop\Play Cities Skylines.lnk
2015-03-16 08:55 - 2015-03-16 08:55 - 00000889 _____ () C:\Users\Albert\Desktop\visit www.nosteam.ro.lnk
2015-03-16 08:55 - 2015-03-16 08:55 - 00000000 ____D () C:\Users\Albert\Documents\Colossal Order
2015-03-16 08:55 - 2015-03-16 08:55 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Colossal Order
2015-03-16 08:55 - 2015-03-16 08:55 - 00000000 ____D () C:\Users\Albert\AppData\Local\Colossal Order
2015-03-16 08:55 - 2015-03-16 08:55 - 00000000 ____D () C:\ProgramData\.mono
2015-03-16 01:10 - 2015-03-16 01:10 - 00014950 _____ () C:\Users\Albert\Downloads\CitiesSkylinesPCfullgamenosTEAM - ThePirateBay.TO.torrent
2015-03-14 12:05 - 2015-03-14 12:05 - 00004386 _____ () C:\Users\Albert\Downloads\InternetDownloadManager6.23Build6FullTeamREiSJUHAX69X - ThePirateBay.TO (1).torrent
2015-03-14 12:03 - 2015-03-14 12:03 - 00004386 _____ () C:\Users\Albert\Downloads\InternetDownloadManager6.23Build6FullTeamREiSJUHAX69X - ThePirateBay.TO.torrent
2015-03-14 11:58 - 2015-03-14 11:58 - 00004575 _____ () C:\Users\Albert\Downloads\InternetDownloadManager6.23Build6FinalRetailSerialcrack - ThePirateBay.TO.torrent
2015-03-13 12:03 - 2015-03-13 12:03 - 02522275 _____ () C:\Users\andreas\Downloads\6-3-15.rar
2015-03-12 07:25 - 2015-03-12 07:25 - 02977247 _____ () C:\Users\andreas\Downloads\new3dsxl-skin-ricky.zip
2015-03-09 17:52 - 2015-03-09 17:52 - 00140302 _____ () C:\Users\Albert\Downloads\Tekkonkinkreet2006iNTERNAL1080pBluRayx264-WaLMaRT - ThePirateBay.TO.torrent
2015-03-09 17:51 - 2015-03-09 17:51 - 00063103 _____ () C:\Users\Albert\Downloads\Tekkonkinkreet2006iNTERNALBDRipx264WaLMaRT - ThePirateBay.TO.torrent
2015-03-09 07:03 - 2015-03-09 07:03 - 00873684 _____ () C:\Users\andreas\Downloads\FIXED-pakai-yang-ini.rar
2015-03-09 07:00 - 2015-03-09 07:00 - 00000000 ____D () C:\Users\andreas\Desktop\D
2015-03-08 12:25 - 2015-03-08 12:25 - 01137674 _____ () C:\Users\andreas\Downloads\Skin-New-3DS-XL.rar
2015-03-07 23:16 - 2015-03-07 23:38 - 00000000 ____D () C:\Users\andreas\Desktop\mad father
2015-03-07 23:09 - 2015-03-07 23:13 - 49404385 _____ () C:\Users\andreas\Downloads\MadFather200.zip
2015-03-07 19:45 - 2015-03-07 19:43 - 02391635 _____ () C:\Users\andreas\Desktop\TAMAN ANGGREKKKKK.pptx
2015-03-07 19:43 - 2015-03-07 19:43 - 02391635 _____ () C:\Users\andreas\Downloads\TAMAN ANGGREKKKKK.pptx
2015-03-07 19:17 - 2015-03-07 19:17 - 03360576 _____ () C:\Users\andreas\Downloads\ddddddddd.pptx
2015-03-07 18:36 - 2015-03-12 07:28 - 00000000 ____D () C:\Users\andreas\Desktop\TA
2015-03-07 17:41 - 2015-03-07 17:41 - 10674781 _____ () C:\Users\andreas\Downloads\Taman Anggrek Residences.pptx
2015-03-07 17:26 - 2015-03-07 17:26 - 00163748 _____ () C:\Users\andreas\Downloads\New-folder.rar
2015-03-07 10:06 - 2015-03-07 10:06 - 04187273 _____ () C:\Users\andreas\Downloads\Tsubaki.zip
2015-03-07 09:33 - 2015-03-07 10:43 - 00000000 ____D () C:\Users\andreas\Desktop\zul
2015-03-07 09:23 - 2015-03-07 09:23 - 02783325 _____ () C:\Users\andreas\Downloads\octavianus kai.PSD
2015-03-06 23:51 - 2015-03-06 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-03-06 01:29 - 2015-03-06 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadeonPro
2015-03-06 01:27 - 2015-03-06 01:28 - 03624936 _____ (John Mautari ) C:\Users\Albert\Downloads\RadeonPro_Preview_R.exe
2015-03-05 13:53 - 2015-03-05 14:00 - 00000000 ____D () C:\Users\Albert\Documents\FIFA 15
2015-03-05 13:53 - 2015-03-05 13:53 - 00000739 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-03-05 13:53 - 2015-03-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-03-05 11:38 - 2015-03-05 11:38 - 00003562 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Albert
2015-03-04 21:59 - 2015-03-04 22:00 - 04464320 _____ (Visicom Media Inc.) C:\Users\andreas\Downloads\dlsecureTb_1.0.4.1.exe
2015-03-04 20:33 - 2015-03-04 20:33 - 00000000 ____D () C:\Users\andreas\Documents\Autodesk Application Manager
2015-03-04 20:33 - 2015-03-04 20:33 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Autodesk
2015-03-02 17:28 - 2015-03-02 17:28 - 00000000 ____D () C:\Users\Albert\Documents\Direct Connect
2015-03-02 17:25 - 2015-03-02 17:25 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2015-03-02 17:16 - 2015-03-02 17:16 - 00001587 _____ () C:\Users\Public\Desktop\3ds Max 2015.lnk
2015-03-02 16:58 - 2015-03-02 16:58 - 00000000 ____D () C:\Users\Albert\Documents\Autodesk Application Manager
2015-02-28 18:01 - 2015-02-28 18:01 - 00000000 ____D () C:\Users\Albert\AppData\Local\Steam
2015-02-26 10:40 - 2015-02-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-26 04:17 - 2015-02-26 10:40 - 00000000 ____D () C:\Users\Albert\AppData\Local\Origin
2015-02-26 04:13 - 2015-03-11 07:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-26 04:13 - 2015-02-26 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-26 04:08 - 2015-02-26 04:09 - 17102664 _____ (Electronic Arts, Inc.) C:\Users\Albert\Downloads\OriginThinSetup.exe
2015-02-26 04:06 - 2015-02-26 10:34 - 00000000 ____D () C:\ProgramData\{8f264fda-07b8-953e-8f26-64fda07b3f68}
2015-02-26 04:06 - 2015-02-26 04:07 - 07585048 _____ (Electronic Arts, Inc.) C:\Users\Albert\Downloads\Unconfirmed 485041.crdownload
2015-02-26 04:06 - 2015-02-26 04:06 - 01071104 _____ () C:\Users\Albert\Downloads\Fifa_15___Only_v2.rar.exe
2015-02-26 03:50 - 2015-02-26 03:50 - 00003459 _____ () C:\Users\Albert\Downloads\[kickass.to]fifa.15.crack.only.v2.by.3dm.torrent
2015-02-26 03:19 - 2015-03-05 13:51 - 00000845 _____ () C:\Users\Public\Desktop\FIFA 15 Ultimate Team Edition.lnk
2015-02-26 03:19 - 2015-03-05 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Ultimate Team Edition
2015-02-25 18:33 - 2015-02-25 18:33 - 00041179 _____ () C:\Users\Albert\Downloads\FIFA15UltimateTeamEditionUpdate4CRACK3DMv22014PCRePackR.G.Steamgames - ThePirateBay.TO.torrent
2015-02-25 18:19 - 2015-02-25 18:19 - 00069770 _____ () C:\Users\Albert\Downloads\3DMGAME-FIFA.15.PC.Ultimate.Team.Edition.with.Up.4.Multi15.Cracked-3DM (1).torrent
2015-02-25 17:50 - 2015-02-25 17:50 - 00069770 _____ () C:\Users\Albert\Downloads\3DMGAME-FIFA.15.PC.Ultimate.Team.Edition.with.Up.4.Multi15.Cracked-3DM.torrent
2015-02-23 18:46 - 2015-02-23 18:46 - 04815364 _____ () C:\Users\andreas\Downloads\2-23-15.rar
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-24 22:16 - 2013-08-03 18:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-24 21:48 - 2013-06-01 15:47 - 00000000 ____D () C:\Users\Albert
2015-03-24 21:08 - 2013-06-01 15:47 - 00000000 ____D () C:\Users\Albert\AppData\Local\VirtualStore
2015-03-24 21:08 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 21:08 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 21:01 - 2013-06-01 16:26 - 00215100 _____ () C:\Windows\setupact.log
2015-03-24 20:43 - 2013-06-02 01:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 20:43 - 2013-06-01 15:48 - 01565563 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 19:25 - 2013-06-01 18:43 - 00226506 _____ () C:\Windows\PFRO.log
2015-03-24 18:56 - 2013-06-01 16:05 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\DMCache
2015-03-24 18:52 - 2014-04-12 15:29 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\uTorrent
2015-03-24 04:41 - 2009-07-14 12:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 19:11 - 2013-07-03 20:08 - 00000132 _____ () C:\Users\andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-23 16:20 - 2013-06-05 18:35 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\vlc
2015-03-23 00:31 - 2015-02-14 23:30 - 00000000 ____D () C:\Users\Albert\Documents\TA
2015-03-20 18:37 - 2013-06-01 16:34 - 05070816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-20 16:43 - 2013-06-01 16:29 - 00144032 _____ () C:\Users\Albert\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-20 13:32 - 2013-06-02 09:53 - 00144032 _____ () C:\Users\andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-20 11:40 - 2014-07-20 20:50 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-03-20 11:40 - 2014-07-20 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-03-20 00:48 - 2013-06-02 02:11 - 00000000 ____D () C:\Users\andreas
2015-03-18 10:10 - 2015-02-04 19:24 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-03-18 10:10 - 2015-02-04 19:24 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-03-18 10:10 - 2013-06-19 19:59 - 00000000 ____D () C:\Program Files\Tablet
2015-03-17 19:38 - 2013-06-02 02:11 - 00002399 _____ () C:\Users\andreas\Desktop\Pengguna pertama - Chrome.lnk
2015-03-17 11:25 - 2013-06-01 17:26 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-17 11:18 - 2013-06-01 16:05 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\IDM
2015-03-17 07:23 - 2013-06-12 11:49 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\GarenaPlus
2015-03-17 07:23 - 2013-06-12 11:48 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-03-16 02:07 - 2013-06-01 22:26 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Skype
2015-03-11 07:49 - 2013-08-03 19:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-07 18:27 - 2013-06-08 09:22 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\MiniLyrics
2015-03-06 23:42 - 2014-02-03 11:19 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-03-06 23:41 - 2013-06-05 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-03-06 01:39 - 2014-05-17 22:18 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\RadeonPro
2015-03-06 01:29 - 2014-05-17 22:18 - 00000000 ____D () C:\Program Files (x86)\RadeonPro
2015-03-05 18:17 - 2013-12-16 11:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 18:00 - 2013-06-14 14:42 - 00000298 ____H () C:\Windows\Tasks\Acrobat Update.job
2015-03-05 13:53 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-05 11:39 - 2015-01-27 19:55 - 00002982 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-05 11:39 - 2013-06-01 16:23 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2015-03-05 11:39 - 2013-06-01 16:23 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job
2015-03-05 11:37 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 22:03 - 2013-06-01 16:17 - 00000000 ____D () C:\Users\Albert\AppData\Local\Mozilla
2015-03-04 20:33 - 2014-02-07 14:50 - 00000000 ____D () C:\Users\andreas\AppData\Local\Autodesk
2015-03-02 18:15 - 2013-06-05 23:49 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Autodesk
2015-03-02 17:29 - 2013-06-05 23:49 - 00000000 ____D () C:\ProgramData\Autodesk
2015-03-02 17:29 - 2013-06-01 16:48 - 00000000 ____D () C:\Users\Albert\Documents\3dsMax
2015-03-02 17:25 - 2014-07-07 20:55 - 00000000 ____D () C:\Users\Albert\AppData\Local\backburner
2015-03-02 17:00 - 2009-07-14 09:34 - 00017802 _____ () C:\Windows\system32\Drivers\etc\services
2015-03-02 16:58 - 2013-06-06 00:01 - 00000000 ____D () C:\Users\Albert\AppData\Local\Autodesk
2015-03-02 16:46 - 2013-06-29 18:20 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-02 16:44 - 2014-02-03 05:40 - 00000000 ____D () C:\Program Files\autodesk
2015-02-26 03:26 - 2013-08-03 19:48 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Origin
2015-02-23 11:26 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-07-01 13:26 - 2014-07-01 13:26 - 0000132 _____ () C:\Users\Albert\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-10-31 09:51 - 2013-10-31 10:01 - 0000132 _____ () C:\Users\Albert\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-07-09 00:02 - 2014-07-02 15:08 - 0000132 _____ () C:\Users\Albert\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-23 23:14 - 2015-03-23 23:16 - 0000376 _____ () C:\Users\Albert\AppData\Roaming\burnaware.ini
2015-03-17 07:37 - 2015-03-24 21:02 - 0220672 _____ (Ghisler Software GmbH) C:\Users\Albert\AppData\Roaming\c731200
2013-11-17 00:22 - 2013-11-17 00:22 - 0000077 _____ () C:\Users\Albert\AppData\Roaming\Camdata.ini
2013-11-17 00:22 - 2013-11-17 00:22 - 0000408 _____ () C:\Users\Albert\AppData\Roaming\CamLayout.ini
2013-11-17 00:22 - 2013-11-17 00:22 - 0000408 _____ () C:\Users\Albert\AppData\Roaming\CamShapes.ini
2013-11-17 00:20 - 2013-11-17 00:22 - 0004557 _____ () C:\Users\Albert\AppData\Roaming\CamStudio.cfg
2013-11-17 00:16 - 2013-11-17 00:16 - 0000096 _____ () C:\Users\Albert\AppData\Roaming\version2.xml
2013-07-04 16:10 - 2015-01-05 23:27 - 0000087 _____ () C:\Users\Albert\AppData\Local\TempDiskpartScript.txt
2015-02-05 08:51 - 2015-02-05 08:51 - 0000020 _____ () C:\ProgramData\bc.ini
 
Some content of TEMP:
====================
C:\Users\Albert\AppData\Local\Temp\avgnt.exe
C:\Users\Albert\AppData\Local\Temp\BackupSetup.exe
C:\Users\Albert\AppData\Local\Temp\bt5v2.exe
C:\Users\Albert\AppData\Local\Temp\ehgk0.exe
C:\Users\Albert\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Albert\AppData\Local\Temp\i4jdel0.exe
C:\Users\Albert\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Albert\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Albert\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Albert\AppData\Local\Temp\sfamcc00004.dll
C:\Users\Albert\AppData\Local\Temp\sqlite3.dll
C:\Users\andreas\AppData\Local\Temp\csce3.exe
C:\Users\andreas\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\andreas\AppData\Local\Temp\ehkyu.exe
C:\Users\andreas\AppData\Local\Temp\kuuw3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-25 15:13
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Addition.txt
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Albert at 2015-03-24 22:41:36
Running from C:\Users\Albert\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anvi Smart Defender 1.9 (HKLM-x32\...\Anvi Smart Defender) (Version: 1.9 - Anvisoft)
Any Video Converter 5.5.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aura YouTube Downloader 1.0.8 (HKLM-x32\...\Aura YouTube Downloader_is1) (Version:  - aura4you.com)
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
BeadForge (HKLM-x32\...\BeadForge) (Version:  - )
BitTorrent (HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\BitTorrent) (Version: 7.9.2.39589 - BitTorrent Inc.)
BOLT! 4G E5372s (HKLM-x32\...\BOLT! 4G E5372s) (Version: 1.12.05.1151 - Huawei Technologies Co.,Ltd)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Composite 2011 (64-bit) (HKLM\...\{DBF6B4E9-CD43-476A-895D-4D688D41CE63}) (Version: 6.0.0 - Autodesk)
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2701.51 - CyberLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DREADOUT Demo (HKLM-x32\...\{AC1BFC52-016B-4F2A-8604-C9F1A0181F4C}_is1) (Version: 1.0.107 - DIGITAL HAPPINESS)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
eyeon Fusion x64 6.4 (HKLM\...\{452EC489-6C91-455F-8A0B-287AEF2CE7AE}) (Version: 6.40.1118 - eyeon Software Inc.)
FaceGen Modeller 3.4 (HKLM-x32\...\{82B0940F-A8ED-4F74-935A-CF6AF8530769}) (Version: 3.4.0 - Singular Inversions Inc.)
FF7Music (HKLM\...\FF7Music) (Version:  - )
FIFA 14 SUPER ULTRA ÃÐÀÔÈÊÀ 1.3 (HKLM-x32\...\FIFA 14 SUPER ULTRA ÃÐÀÔÈÊÀ 1.3) (Version: 1.3 - PesCups.Ru)
FIFA 15 Ultimate Team Edition (HKLM-x32\...\FIFA 15 Ultimate Team Edition_is1) (Version: 1.4.0.0 - Релиз от R.G. Steamgames)
FIFA14 version 1.0 (HKLM-x32\...\{775CD00A-CFDD-4445-9BD4-84984C7585EE}_is1) (Version: 1.0 - )
FIFA14_Update1 version 1.0 (HKLM-x32\...\{8315F983-5173-484B-9BD4-28039F0FC272}_is1) (Version: 1.0 - )
Final Fantasy VII - UltraHD Fan Made Remake Final (Final Release September 22,2012) 1.00 (HKLM-x32\...\Final Fantasy VII - UltraHD Fan Made Remake Final (Final Release September 22,2012) 1.00) (Version:  - )
Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Free YouTube Downloader 4.0.284 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
FumeFX 3.5.1 R2013 64-bit (HKLM-x32\...\{4C70E8D3-78D4-493E-A4CF-1BE881E2DA99}) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guard (HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Guard) (Version: 0.0.1.5 - ) <==== ATTENTION
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
LINE (HKLM-x32\...\LINE) (Version: 4.0.0.278 - LINE Corporation)
Magic Bullet Colorista Free 64-bit (HKLM-x32\...\InstallShield_{C8ECF005-4E5F-455B-BACD-5C9BF4C0DE91}) (Version: 1.0.0 - Red Giant Software)
Magic Bullet Colorista Free 64-bit (Version: 1.0.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{E7676EF4-3896-4B7E-B030-1356EEC477CE}) (Version: 11.4.4 - Red Giant)
Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.5.28 - Crintsoft) <==== ATTENTION
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
OpenMG Secure Module 5.0.00 (x32 Version: 5.0.00.11280 - Sony Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 beta r2357 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
The Wolf Among Us (HKLM-x32\...\VGhlV29sZkFtb25nVXM=_is1) (Version: 1 - )
The Wolf Among Us Episode 4 (HKLM-x32\...\The Wolf Among Us Episode 4_is1) (Version:  - )
Topaz Vivacity (HKLM-x32\...\{C13A8E73-7E98-4295-BA94-6931701CD1F9}) (Version: 1.3.1 - Topaz Labs LLC)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}) (Version: 7.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Tropico 5 (HKLM-x32\...\Tropico 5_is1) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
V-Ray 2.40.04  max2014 x64 2.40.04 (HKLM-x32\...\V-Ray 2.40.04  max2014 x64 2.40.04) (Version:  - )
V-Ray for 3dsmax 2011 for x64 (HKLM\...\V-Ray for 3dsmax 2011 for x64) (Version: 1.50.SP5 - Chaos Software Ltd)
V-Ray for 3dsmax 2013 for x64 (HKLM\...\V-Ray for 3dsmax 2013 for x64) (Version: 2.30.01 - Chaos Software Ltd)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup) - WIBU-SYSTEMS AG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> D:\3dsmax\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2014\addflow4.ocx No File
CustomCLSID: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> D:\3dsmax\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> D:\3dsmax\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
 
==================== Restore Points  =========================
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {021A8104-ABAA-4D22-94A7-AC3D66BD3946} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {03D8EA6B-B477-44A3-BE1C-6A09634B3BA9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {10C3937D-E5B1-407F-9FD6-F81B18134E4D} - System32\Tasks\{84202E43-213D-4E11-BD25-577DAFF56763} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {156F2D9D-94AF-408D-B928-659BFFC6F4B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {192B73C5-547F-4750-8D1C-464ACB700D97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {2CD9C04B-93CB-4499-819C-98517C9DCA2C} - System32\Tasks\{DDA3A8B7-D9C8-48BE-8AE9-EC1B463D3DA3} => pcalua.exe -a "C:\Users\Albert\Downloads\Compressed\VRay 1.5 SP5 3ds max 2011 x64 PROPER\VRay 1.5 SP5 3ds max 2011 x64 PROPER\vray_adv_150SP5_max2011_x64.exe" -d "C:\Users\Albert\Downloads\Compressed\VRay 1.5 SP5 3ds max 2011 x64 PROPER\VRay 1.5 SP5 3ds max 2011 x64 PROPER"
Task: {50FBD92F-F5BD-4E5D-AE17-4DC3CD72E30E} - System32\Tasks\AdobeAAMUpdater-1.0-ALBERT-PC-andreas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {65B6158D-CC41-40FE-8591-6DDC4F82FF35} - System32\Tasks\gg_uac_daemon_Albert => C:\Users\andreas\Desktop\GarenaLoLID\GameData\ggdllhost.exe [2015-01-20] ()
Task: {810BE6F1-00B3-4CAF-BB4D-446A8F2B1198} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {9ACE702A-4931-4594-89AC-37B466D29B00} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-06-01] ()
Task: {9C53500F-7247-4379-8A79-D16CD9CEF77D} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {A7A67CFD-3996-47D1-9683-2A37E14B103F} - System32\Tasks\AdobeAAMUpdater-1.0-ALBERT-PC-Albert => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B95FD9C9-6A8E-4E79-B994-ADD6C5B4EC0C} - System32\Tasks\Acrobat Update => C:\Users\Albert\AppData\Local\Temp\svchost.exe <==== ATTENTION
Task: {CA24ABE4-8211-4290-908F-FA1F7AAD7C4E} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2013-01-02] ()
Task: {D95D9D17-749F-4229-881F-8682D2C993B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd)
Task: {DD0ACD45-D00C-4F8A-8C1B-5AB55B96D228} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Acrobat Update.job => C:\Users\Albert\AppData\Local\Temp\svchost.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0606a243744dc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LaunchSignup.job => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-05 08:42 - 2014-08-20 02:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-03-24 21:44 - 2014-04-15 10:26 - 00097592 _____ () C:\Program Files\Vuze\aereg64.dll
2015-03-24 21:44 - 2014-06-24 15:12 - 00217600 _____ () C:\Users\Albert\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x64.dll
2015-03-24 21:44 - 2014-06-24 15:12 - 00015840 _____ () C:\Users\Albert\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess64.dll
2014-03-14 16:43 - 2015-03-12 11:05 - 00289672 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
2015-03-02 16:57 - 2014-12-05 09:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-03-02 16:57 - 2014-12-05 09:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-22 12:12 - 2015-03-14 17:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 12:12 - 2015-03-14 17:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 12:12 - 2015-03-14 17:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-22 12:12 - 2015-03-14 17:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2015-03-19 14:53 - 2015-03-19 14:53 - 03129368 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2015-03-09 16:26 - 2015-03-09 16:26 - 00123928 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2013-07-01 08:20 - 2014-11-12 01:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-28 18:00 - 2014-12-02 07:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-28 18:00 - 2014-12-02 07:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-28 18:00 - 2014-12-02 07:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-06-15 16:25 - 2015-02-19 06:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-28 18:00 - 2014-12-02 04:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-28 18:00 - 2014-12-02 04:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-28 18:00 - 2014-12-02 04:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-28 18:00 - 2014-12-02 04:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-28 18:00 - 2014-12-02 04:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 14:46 - 2015-02-19 06:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 14:32 - 2015-01-28 08:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-28 18:00 - 2015-01-28 08:30 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-03-29 09:55 - 2015-03-12 11:05 - 00224136 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\launcher.dll
2014-03-14 16:43 - 2015-03-12 11:05 - 00414088 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\tier0.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 00344968 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\vstdlib.dll
2014-03-29 08:57 - 2015-03-12 11:04 - 00402312 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\filesystem_stdio.dll
2014-04-03 18:49 - 2015-03-21 14:37 - 05968776 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\engine.dll
2014-03-29 08:57 - 2015-03-20 19:06 - 01031560 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\networksystem.dll
2014-03-29 09:56 - 2015-03-12 11:05 - 00905096 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\inputsystem.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 01179016 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\materialsystem.dll
2014-03-29 08:57 - 2015-03-12 11:04 - 00496008 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\datacache.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 00638344 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\studiorender.dll
2014-03-29 09:56 - 2015-03-12 11:05 - 00179592 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\soundemittersystem.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 01184136 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vphysics.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 00928648 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vscript.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 01442184 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vguimatsurface.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 00475528 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vgui2.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 05618568 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\scaleformui_4.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 00978312 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\shaderapidx9.dll
2014-03-29 09:56 - 2015-03-12 11:05 - 00158600 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\localize.dll
2014-03-29 09:56 - 2015-03-12 11:05 - 00244616 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\stdshader_dbg.dll
2014-03-29 08:57 - 2015-03-12 11:05 - 01142152 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\stdshader_dx9.dll
2014-04-04 10:04 - 2015-03-21 14:37 - 21861768 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\bin\client.dll
2014-04-04 10:04 - 2015-03-21 14:37 - 19162504 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\bin\server.dll
2014-03-29 09:55 - 2015-03-12 11:05 - 00197000 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\scenefilecache.dll
2014-03-29 09:55 - 2015-03-12 11:05 - 00106888 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vaudio_miles.dll
2013-08-03 19:40 - 2013-06-05 14:25 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssmp3.asi
2013-08-03 19:40 - 2013-06-05 14:25 - 00153088 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssvoice.asi
2013-08-03 19:40 - 2013-06-05 14:25 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssds3d.flt
2013-08-03 19:40 - 2013-06-05 14:25 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\msseax.flt
2014-03-29 09:55 - 2015-03-12 11:05 - 00181640 _____ () c:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vaudio_celt.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Albert\Local Settings:CWPBBXS9Wv8iCFoQmCMheu
AlternateDataStreams: C:\Users\Albert\Local Settings:iBWcmGBCFucUws8satpJdhDmPVKL
AlternateDataStreams: C:\Users\Albert\Local Settings:T99nCtu3ak4o8A49AFKdUl
AlternateDataStreams: C:\Users\Albert\AppData\Local:CWPBBXS9Wv8iCFoQmCMheu
AlternateDataStreams: C:\Users\Albert\AppData\Local:iBWcmGBCFucUws8satpJdhDmPVKL
AlternateDataStreams: C:\Users\Albert\AppData\Local:T99nCtu3ak4o8A49AFKdUl
AlternateDataStreams: C:\Users\Albert\AppData\Local\Application Data:CWPBBXS9Wv8iCFoQmCMheu
AlternateDataStreams: C:\Users\Albert\AppData\Local\Application Data:iBWcmGBCFucUws8satpJdhDmPVKL
AlternateDataStreams: C:\Users\Albert\AppData\Local\Application Data:T99nCtu3ak4o8A49AFKdUl
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:89EAFAFC
AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3582687174-1041168994-1246322318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.2.2.1 - 4.2.2.6
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AfterFLICS v3 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: asdsrv => 2
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: mi-raysat_3dsmax2014_64 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: PSI_SVC_2_x64 => 2
MSCONFIG\Services: QHActiveDefense => 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SonicStage Back-End Service => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: SSScsiSV => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WTabletServiceCon => 2
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3582687174-1041168994-1246322318-500 - Administrator - Disabled)
Albert (S-1-5-21-3582687174-1041168994-1246322318-1000 - Administrator - Enabled) => C:\Users\Albert
andreas (S-1-5-21-3582687174-1041168994-1246322318-1001 - Limited - Enabled) => C:\Users\andreas
Guest (S-1-5-21-3582687174-1041168994-1246322318-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2015 11:39:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 10:03:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dlsecureTb_1.0.4.1.exe version 1.0.4.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3ac
 
Start Time: 01d0568c4c1c03a0
 
Termination Time: 9
 
Application Path: C:\Users\andreas\Downloads\dlsecureTb_1.0.4.1.exe
 
Report Id:
 
Error: (03/04/2015 08:33:34 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (03/04/2015 08:33:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 08:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.3.3.2, time stamp: 0x52afa533
Faulting module name: Pen_Tablet.exe, version: 5.3.3.2, time stamp: 0x52afa533
Exception code: 0xc0000005
Fault offset: 0x000000000019b9f3
Faulting process id: 0x1094
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3
 
Error: (03/04/2015 09:01:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 06:37:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2015 09:07:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 06:51:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 10:40:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/20/2015 06:48:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/20/2015 06:48:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Hold Page service failed to start due to the following error: 
%%2
 
Error: (03/20/2015 06:48:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (03/20/2015 06:38:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/20/2015 06:37:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/20/2015 06:37:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/20/2015 06:37:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Hold Page service failed to start due to the following error: 
%%2
 
Error: (03/20/2015 06:36:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/20/2015 06:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (03/20/2015 11:22:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2015 11:39:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 10:03:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dlsecureTb_1.0.4.1.exe1.0.4.13ac01d0568c4c1c03a09C:\Users\andreas\Downloads\dlsecureTb_1.0.4.1.exe
 
Error: (03/04/2015 08:33:34 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (03/04/2015 08:33:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 08:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Pen_Tablet.exe5.3.3.252afa533Pen_Tablet.exe5.3.3.252afa533c0000005000000000019b9f3109401d0567fbf7157dfC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exe01e99632-c273-11e4-85cb-1c6f65f94260
 
Error: (03/04/2015 09:01:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 06:37:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2015 09:07:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 06:51:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 10:40:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-17 21:07:05.717
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 21:07:05.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 20:57:03.569
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 20:57:03.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-09 23:21:19.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-09 23:21:19.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 73%
Total physical RAM: 6142.49 MB
Available physical RAM: 1637.51 MB
Total Pagefile: 12283.18 MB
Available Pagefile: 6782.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:146.48 GB) (Free:20.79 GB) NTFS
Drive d: (Data) (Fixed) (Total:319.27 GB) (Free:46.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1F06347B)
Partition 1: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=319.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
thank you deeprybka, to be honest, your english is really good


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:33 PM

Posted 24 March 2015 - 11:47 AM

Hi,

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Guard
    MiniLyrics
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 A.J21

A.J21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 24 March 2015 - 12:32 PM

ComboFix 15-03-23.01 - Albert 03/25/2015   0:15.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6142.1305 [GMT 7:00]
Running from: c:\users\Albert\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Albert\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Albert\AppData\Roaming\c731200
c:\users\Albert\AppData\Roaming\Update
c:\users\Albert\AppData\Roaming\Update\Explorer.exe
c:\users\Albert\AppData\Roaming\Update\Update.exe
c:\users\Albert\AppData\Roaming\Windowsupdate
c:\users\Albert\AppData\Roaming\Windowsupdate\MSupdate.exe
c:\users\Albert\AppData\Roaming\Windowsupdate\Updater.exe
c:\users\andreas\AppData\Roaming\c731200
c:\users\andreas\AppData\Roaming\Microsoft\Windows\Themes\Xhmimf.exe
c:\users\andreas\AppData\Roaming\Update
c:\users\andreas\AppData\Roaming\Update\Explorer.exe
c:\users\andreas\AppData\Roaming\Update\Update.exe
c:\users\andreas\AppData\Roaming\Windowsupdate
c:\users\andreas\AppData\Roaming\Windowsupdate\MSupdate.exe
c:\users\andreas\AppData\Roaming\Windowsupdate\Updater.exe
c:\windows\SysWow64\X86
c:\windows\XSxS
D:\autorun.inf
D:\install.exe
D:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-24 to 2015-03-24  )))))))))))))))))))))))))))))))
.
.
2015-03-24 16:58 . 2015-03-24 16:58 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-03-24 15:35 . 2015-03-24 15:44 -------- d-----w- C:\FRST
2015-03-24 14:48 . 2015-03-24 14:48 -------- d-----w- c:\users\Albert\.swt
2015-03-24 14:44 . 2015-03-24 17:23 -------- d-----w- c:\users\Albert\AppData\Roaming\Azureus
2015-03-24 14:44 . 2015-03-24 14:44 -------- d-----w- c:\program files\Vuze
2015-03-24 14:15 . 2015-03-24 14:12 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-24 14:12 . 2015-03-24 14:12 -------- d-----w- c:\users\Albert\AppData\Roaming\Avira
2015-03-24 14:11 . 2015-03-17 06:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-03-24 14:11 . 2015-03-17 06:01 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-24 14:11 . 2015-03-17 06:01 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-03-24 13:52 . 2015-03-24 13:59 -------- d-----w- C:\AdwCleaner
2015-03-24 13:43 . 2015-03-24 14:11 -------- d-----w- c:\program files (x86)\Avira
2015-03-24 13:43 . 2015-03-24 14:11 -------- d-----w- c:\programdata\Avira
2015-03-24 12:29 . 2015-03-24 12:36 -------- d-----w- c:\programdata\MFAData
2015-03-24 12:29 . 2015-03-24 12:29 -------- d-----w- c:\users\Albert\AppData\Local\MFAData
2015-03-24 12:29 . 2015-03-24 12:29 -------- d-----w- c:\users\Albert\AppData\Local\Avg2015
2015-03-24 12:14 . 2015-03-24 12:27 -------- d-----w- c:\users\Albert\AppData\Roaming\BitTorrent
2015-03-24 06:57 . 2015-03-24 06:57 1744472 ----a-w- C:\BitTorrent.exe
2015-03-19 14:19 . 2015-03-24 10:48 -------- d-----w- c:\users\andreas\AppData\Roaming\Windows Live
2015-03-18 13:11 . 2015-03-18 13:11 -------- d-----w- c:\program files\Microsoft Silverlight
2015-03-18 13:11 . 2015-03-18 13:11 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-03-18 03:10 . 2014-08-19 19:12 1493784 ----a-w- c:\windows\SysWow64\Wintab32.dll
2015-03-16 01:55 . 2015-03-16 01:55 -------- d-----w- c:\programdata\.mono
2015-03-16 01:55 . 2015-03-16 01:55 -------- d-----w- c:\users\Albert\AppData\Roaming\Colossal Order
2015-03-16 01:55 . 2015-03-16 01:55 -------- d-----w- c:\users\Albert\AppData\Local\Colossal Order
2015-03-06 16:51 . 2015-03-06 16:52 -------- d-----w- c:\programdata\FLEXnet
2015-03-05 06:53 . 2015-03-05 06:53 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2015-03-04 13:33 . 2015-03-04 13:33 -------- d-----w- c:\users\andreas\AppData\Roaming\Autodesk
2015-03-02 10:25 . 2015-03-02 10:25 -------- d-----w- c:\program files (x86)\Autodesk
2015-02-28 11:01 . 2015-02-28 11:01 -------- d-----w- c:\users\Albert\AppData\Local\Steam
2015-02-26 03:40 . 2015-02-26 03:40 -------- d-----w- c:\program files (x86)\Origin Games
2015-02-25 21:17 . 2015-02-26 03:40 -------- d-----w- c:\users\Albert\AppData\Local\Origin
2015-02-25 21:13 . 2015-03-11 00:55 -------- d-----w- c:\program files (x86)\Origin
2015-02-25 21:06 . 2015-02-26 03:34 -------- d-----w- c:\programdata\{8f264fda-07b8-953e-8f26-64fda07b3f68}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-24 17:26 . 2013-06-01 09:23 151552 ----a-w- c:\windows\KMSEmulator.exe
2015-01-12 10:35 . 2015-02-05 01:52 23752 ----a-w- c:\windows\SysWow64\drivers\efimon.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-17 704512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;h:\cj netmarble\elsword indonesia\data\GameGuard\dump_wmimmc.sys;h:\cj netmarble\elsword indonesia\data\GameGuard\dump_wmimmc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Garena Plus\Room\safedrv.sys;f:\garena plus\Garena Plus\Room\safedrv.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;d:\3dsmax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe;d:\3dsmax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys;c:\windows\SYSNATIVE\DRIVERS\USB_Ethernet_Adaptor.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R4 AfterFLICS v3;AfterFLICS v3;c:\program files (x86)\AFLICS\AfterFLICS.exe;c:\program files (x86)\AFLICS\AfterFLICS.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/06/01 16:33];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-22 05:12 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 07:18]
.
2015-03-24 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-06-01 09:23]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17 04:23]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0606a243744dc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17 04:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 61.247.0.130 61.247.0.133 202.73.99.4
TCP: Interfaces\{68C93BD3-505E-4285-B1D5-B6255DE08E15}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7AAE3837-75C2-4D99-8FB8-53AD35369FD7}: NameServer = 4.2.2.1,4.2.2.6
TCP: Interfaces\{7AAE3837-75C2-4D99-8FB8-53AD35369FD7}\24F4C4451235570756274374D213631403: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7AAE3837-75C2-4D99-8FB8-53AD35369FD7}\24F4C4451235570756274374D234342383: NameServer = 4.2.2.1,4.2.2.6
TCP: Interfaces\{E09C62EA-EDE2-4540-B4A8-9AA5E3ABC9CD}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\lkh5ed2s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://searchinfinitas.com/?affilt=4&id={750324A8-9642-4EF6-9941-C7E28FC6F550}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Windows Update Installer - c:\users\Albert\AppData\Roaming\WindowsUpdate\Updater.exe
Toolbar-{F051F6BF-82D9-49A7-9E6C-BA63CDB487D2} - c:\program files (x86)\Notificatoin\1.0.0\KangoBHO64.dll
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - c:\program files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll
HKLM-Run-e7b93b397c3976f2e9ec654820857a9d - (no file)
AddRemove-FIFA 14 SUPER ULTRA ÃÐÀÔÈÊÀ 1.3 - d:\games\fifa14\FIFA14\Game\Uninstall.exe
AddRemove-Final Fantasy VII - UltraHD Fan Made Remake Final (Final Release September 22,2012) 1.00 - c:\program files\Final Fantasy VII\Uninstall.exe
AddRemove-Free Video Converter_is1 - c:\program files (x86)\Free Video Converter\unins000.exe
AddRemove-{775CD00A-CFDD-4445-9BD4-84984C7585EE}_is1 - d:\games\fifa14\FIFA14\unins000.exe
AddRemove-{8315F983-5173-484B-9BD4-28039F0FC272}_is1 - d:\games\fifa14\FIFA14\unins001.exe
AddRemove-{AC1BFC52-016B-4F2A-8604-C9F1A0181F4C}_is1 - c:\program files (x86)\DIGITAL HAPPINESS\DreadOut Demo\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\Wow6432Node\CLSID\{479fdf4e-f4bb-4c13-8a12-0a6e90258bf8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b4
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,53,4e,1a,5b,76,50,55,59,0e,a9,16,7c,0f,5c,a0,ff,09,9a,e4,2e,ed,9f,\
.
[HKEY_USERS\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d7,00,02,f6,73,8b,7c,8c,81,73,ed,e6,55,43,e9,38,2e,9a,32,88,a7,
   fb,c4,f0,19,f2,50,c6,45,81,50,76,2a,63,11,e5,57,4d,82,84,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b1,56,23,0e,bc,3f,4e,b5,11,04,16,bf,52,34,1f,06,12,d4,01,b0,47,
   34,d5,5c,8b,8d,d2,6c,c9,0a,74,c5,4e,04,01,59,4d,6c,47,93,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3582687174-1041168994-1246322318-1000_Classes\Wow6432Node\CLSID\{c80e2600-4b74-4282-a4b8-e59044ff3911}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\users\andreas\Desktop\GarenaLoLID\GameData\ggdllhost.exe
c:\program files\Tablet\Pen\WacomHost.exe
.
**************************************************************************
.
Completion time: 2015-03-25  00:30:57 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-24 17:30
.
Pre-Run: 21,663,817,728 bytes free
Post-Run: 24,533,086,208 bytes free
.
- - End Of File - - A66A5B58E6D68EAC28D5A2285DD9FB6F
A36C5E4F47E84449FF07ED3517B43A31


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:33 PM

Posted 24 March 2015 - 12:50 PM

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 A.J21

A.J21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 25 March 2015 - 02:15 PM

okay deeprybka, i fixed the closed program already

 

and i think i got another problem, maybe you can help me out?

currently im playing a game, fifa 15, and everytime i play it, my cpu usage raise to almost 100%, even if i dont open any other program

 

i know my Pc is not so high end, but playing 1 game for 100% CPU usage is really weird, is it caussed by malware or something?

 

thanks in advance :)



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:33 PM

Posted 25 March 2015 - 02:33 PM

okay deeprybka, i fixed the closed program already


What do you mean? Absence of symptoms does not always mean the computer is clean.
 

and i think i got another problem, maybe you can help me out?
currently im playing a game, fifa 15, and everytime i play it, my cpu usage raise to almost 100%, even if i dont open any other program
 
i know my Pc is not so high end, but playing 1 game for 100% CPU usage is really weird, is it caussed by malware or something?

 
No support!

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

C:\Users\Albert\Downloads\[kickass.to]fifa.15.crack.only.v2.by.3dm.torrent

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:33 PM

Posted 29 March 2015 - 07:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users