Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Keeps Redirecting Possible cause by stamplive


  • This topic is locked This topic is locked
21 replies to this topic

#1 pho3n1x

pho3n1x

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 April 2015 - 03:11 PM

As mentioned in the topic my chrome keep redirecting non stop the funny thing is it usually stops when i ignore it and open another tab

most of the time it will redirect to stamplive.com then to another advertisment

 

I tried running malware bytes anti malware says nth to be found

I also have spybot search and destroy running also says nth to be found

together with AdwCleaner

and also avast-browser-cleanup

 

 

 

Here is the farbar recovery tool log & addition in attachment:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Alex (administrator) on ALEX-PC on 22-04-2015 03:57:56
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available profiles: Alex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() D:\Games\Garena Plus\ggdllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-11-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-11-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: F - F:\LslLauncher.exe /AUTORUN
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {5eb1cf20-0593-11e4-be30-c0143dc53bb0} - G:\AutoRun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {5eb1cf2c-0593-11e4-be30-c0143dc53bb0} - G:\AutoRun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {8f2ef18d-32f9-11e2-9e01-b888e37f5396} - G:\LslLauncher.exe /AUTORUN
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {b055dc84-eb43-11e3-b435-c0143dc53bb0} - G:\autorun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-03-14] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2012-12-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(285).dll [2013-08-20] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(781).dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-477425146-1025208284-447013322-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-477425146-1025208284-447013322-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-06-09] (Oracle Corporation)
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-06-09] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07B053A5-AF56-42EB-93A1-2CC94654F479}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-06-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-04-11] (Nexon)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-12-19] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll No File
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-12-04] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-477425146-1025208284-447013322-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-477425146-1025208284-447013322-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-12-04] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-15]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-18]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-18]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-15]
CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink [2013-12-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
S2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [250880 2014-09-27] (My Digital Life Forums) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-12-04] (ShenZhen Xunlei Networking Technologies,LTD)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-12-05] () [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-14] (Disc Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42184 2013-02-13] (AnchorFree Inc.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-07] (Intel® Corporation) [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-12-05] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MP4ConverterAudio; C:\Windows\System32\drivers\MP4ConverterAudio.sys [34528 2013-07-26] (Windows ® Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-14] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-11] (Anchorfree Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 ahaij6se; C:\Windows\System32\Drivers\ahaij6se.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 03:57 - 2015-04-22 03:58 - 00021049 _____ () C:\Users\Alex\Downloads\FRST.txt
2015-04-22 03:57 - 2015-04-22 03:57 - 00000000 ____D () C:\FRST
2015-04-22 03:56 - 2015-04-22 03:57 - 02099712 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2015-04-22 03:29 - 2015-04-22 03:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2015-04-22 03:24 - 2015-04-22 03:25 - 00003472 _____ () C:\Users\Alex\Desktop\Rkill.txt
2015-04-22 03:23 - 2015-04-22 03:23 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.com
2015-04-22 03:16 - 2015-04-22 03:16 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alex\Downloads\SpyHunter-Installer (1).exe
2015-04-22 03:09 - 2015-04-22 03:09 - 00000399 _____ () C:\Users\Alex\Downloads\HotPartyChics_mbf_my0415.jad
2015-04-22 00:18 - 2015-04-22 00:18 - 00004235 _____ () C:\Users\Alex\Downloads\Ellinia DPM Chart (Recovered).xlsx
2015-04-12 00:14 - 2015-04-12 00:14 - 00000868 _____ () C:\Users\Alex\Desktop\Ellinia.exe - Shortcut.lnk
2015-04-11 23:55 - 2015-04-11 23:55 - 00000000 ____D () C:\Users\Alex\AppData\Local\Launcher
2015-04-11 23:37 - 2015-04-11 23:37 - 00000198 _____ () C:\Users\Public\Desktop\MapleStory.url
2015-04-11 23:37 - 2015-04-11 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2015-04-11 23:29 - 2015-04-11 23:29 - 00000000 ____D () C:\ProgramData\NexonUS
2015-04-11 02:26 - 2015-04-22 03:44 - 00000000 ____D () C:\AdwCleaner
2015-04-11 02:09 - 2015-04-22 03:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 02:09 - 2015-04-11 02:09 - 02953520 _____ (AVAST Software) C:\Users\Alex\Downloads\avast-browser-cleanup.exe
2015-04-11 02:09 - 2015-04-11 02:09 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 02:09 - 2015-04-11 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 02:09 - 2015-04-11 02:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 02:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 02:09 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 02:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 02:08 - 2015-04-11 02:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 02:07 - 2015-04-11 02:07 - 02217984 _____ () C:\Users\Alex\Downloads\adwcleaner_4.201.exe
2015-04-10 06:14 - 2015-04-10 06:14 - 00307512 _____ () C:\Windows\Minidump\041015-27440-01.dmp
2015-04-10 06:14 - 2015-04-10 06:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 14:17 - 2015-04-09 14:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-09 14:17 - 2015-04-09 14:17 - 00000000 _____ () C:\autoexec.bat
2015-04-09 14:16 - 2015-04-09 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-09 14:15 - 2015-04-09 14:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Alex\Downloads\SpyHunter-installer.exe
2015-04-06 21:55 - 2015-04-06 21:55 - 02556712 _____ () C:\Users\Alex\Downloads\MapleStory_Downloader.exe
2015-04-03 01:35 - 2015-04-03 01:35 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-03 01:35 - 2015-04-03 01:35 - 00000000 ____D () C:\Windows\system32\NV
2015-04-03 01:33 - 2015-03-14 03:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-03 01:33 - 2015-03-14 03:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00032456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-03 01:32 - 2015-03-14 03:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-03 01:32 - 2015-03-14 03:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-03 01:32 - 2015-03-14 03:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-31 12:09 - 2015-03-31 12:09 - 01081000 _____ (Unity Technologies ApS) C:\Users\Alex\Downloads\UnityWebPlayer.exe
2015-03-29 01:20 - 2015-03-29 01:20 - 00033219 _____ () C:\Users\Alex\Downloads\[kickass.to]pulling.strings.2013.limited.dvdrip.x264.taste.torrent
2015-03-29 00:53 - 2015-03-29 00:53 - 00008947 _____ () C:\Users\Alex\Downloads\[kickass.to]smokin.aces.2006.720p.brrip.x264.yify.torrent
2015-03-29 00:52 - 2015-03-29 00:52 - 00007801 _____ () C:\Users\Alex\Downloads\[kickass.to]song.one.2014.720p.brrip.x264.yify.torrent
2015-03-29 00:51 - 2015-03-29 00:51 - 00015535 _____ () C:\Users\Alex\Downloads\[kickass.to]about.alex.2014.1080p.brrip.x264.yify.torrent
2015-03-29 00:48 - 2015-03-29 00:48 - 00017713 _____ () C:\Users\Alex\Downloads\[kickass.to]smokin.aces.2.assassins.ball.2010.1080p.brrip.x264.yify.torrent
2015-03-29 00:45 - 2015-03-29 00:45 - 00008900 _____ () C:\Users\Alex\Downloads\[kickass.to]top.five.2014.720p.brrip.x264.yify.torrent
2015-03-29 00:37 - 2015-03-29 00:37 - 00011054 _____ () C:\Users\Alex\Downloads\[kickass.to]interstellar.2014.720p.brrip.x264.yify.torrent
2015-03-26 15:10 - 2015-03-26 15:10 - 00011062 _____ () C:\Users\Alex\Downloads\[kickass.to]the.sims.1.the.complete.collection.full.games4theworld.torrent
2015-03-26 03:20 - 2015-03-26 03:20 - 00001610 _____ () C:\Users\Alex\Desktop\WDMYCLOUDEX4 - Shortcut.lnk
2015-03-26 03:16 - 2015-04-22 00:03 - 00006263 _____ () C:\Windows\setupact.log
2015-03-26 03:16 - 2015-03-26 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-26 02:40 - 2015-03-26 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-03-26 01:33 - 2015-03-26 02:40 - 00001113 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-03-26 01:33 - 2015-03-26 02:37 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\com.wd.WDMyCloud
2015-03-26 01:33 - 2015-03-26 01:33 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-26 01:32 - 2015-04-05 23:33 - 00000208 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Dashboard.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000206 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Learning Center.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000157 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Public Share.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\ProgramData\Western Digital
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-03-26 01:18 - 2015-03-26 01:32 - 00000000 ____D () C:\Users\Alex\AppData\Local\Western Digital
2015-03-26 01:14 - 2015-03-26 01:17 - 71601400 _____ () C:\Users\Alex\Downloads\mcp4_windows_setup.exe
2015-03-26 00:01 - 2015-03-29 00:20 - 00000046 _____ () C:\Users\Alex\AppData\Roaming\CoreAVC.ini
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 03:08 - 2012-11-18 01:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 03:08 - 2012-11-18 01:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 00:08 - 2009-07-14 12:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 00:08 - 2009-07-14 12:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 00:06 - 2012-11-17 17:53 - 01068625 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 00:03 - 2015-02-15 03:10 - 00000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2015-04-22 00:02 - 2014-12-08 12:10 - 00003412 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Alex
2015-04-22 00:02 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 11:26 - 2010-11-21 11:47 - 00390604 _____ () C:\Windows\PFRO.log
2015-04-13 18:30 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 02:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-04-09 23:55 - 2013-01-29 22:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-03 01:38 - 2013-12-04 02:09 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-03 01:38 - 2012-11-18 03:42 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2015-04-03 01:35 - 2012-11-17 03:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-03 01:33 - 2012-11-17 03:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-02 23:37 - 2014-01-06 01:27 - 00001337 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 11:44 - 2014-06-04 22:38 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 11:44 - 2014-01-06 01:27 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 11:43 - 2014-06-04 22:38 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 11:43 - 2014-01-06 01:27 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 02:33 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-15 03:10 - 2015-04-22 00:03 - 0000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2015-03-26 00:01 - 2015-03-29 00:20 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\CoreAVC.ini
2012-11-24 16:28 - 2013-10-24 13:14 - 0045270 _____ () C:\Users\Alex\AppData\Roaming\room_v3.dat
2014-10-27 00:25 - 2014-10-27 00:25 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 00:40
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 April 2015 - 01:45 AM

hi could anyone help me this redirecting is getting really annoying



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 23 April 2015 - 07:38 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 4

Reinstall Google Chrome. Download

Step 5

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 April 2015 - 08:17 AM

Thx for assisting me I will get the scans done and post the log as soon as I get home

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 23 April 2015 - 12:23 PM

Ok...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 April 2015 - 12:36 PM

Step 1 Adwcleaner

 

# AdwCleaner v4.201 - Logfile created 24/04/2015 at 00:49:03
# Updated 08/04/2015 by Xplode
# Database : 2015-04-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eiimolhnbbbdagljikeckdkldgemmmlj
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16455
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
 
*************************
 
AdwCleaner[R0].txt - [4075 bytes] - [11/04/2015 02:26:43]
AdwCleaner[R1].txt - [1285 bytes] - [22/04/2015 03:44:08]
AdwCleaner[R2].txt - [1313 bytes] - [24/04/2015 00:47:56]
AdwCleaner[S0].txt - [4161 bytes] - [11/04/2015 02:28:35]
AdwCleaner[S1].txt - [1244 bytes] - [24/04/2015 00:49:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1303  bytes] ##########
 
Step 2 Malware Bytes
 
Nothing was detected here
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/24/2015
Scan Time: 12:55:49 AM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.23.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352004
Time Elapsed: 10 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Step 3 and 4 done
 
Step 5
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Alex (administrator) on ALEX-PC on 24-04-2015 01:31:40
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available profiles: Alex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() D:\Games\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(My Digital Life Forums) C:\Windows\KMSServerService\KMS Server Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-11-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-11-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: F - F:\LslLauncher.exe /AUTORUN
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {5eb1cf20-0593-11e4-be30-c0143dc53bb0} - G:\AutoRun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {5eb1cf2c-0593-11e4-be30-c0143dc53bb0} - G:\AutoRun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {8f2ef18d-32f9-11e2-9e01-b888e37f5396} - G:\LslLauncher.exe /AUTORUN
HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\MountPoints2: {b055dc84-eb43-11e3-b435-c0143dc53bb0} - G:\autorun.exe
HKU\S-1-5-21-477425146-1025208284-447013322-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-03-14] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2012-12-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(285).dll [2013-08-20] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(781).dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-477425146-1025208284-447013322-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-477425146-1025208284-447013322-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-06-09] (Oracle Corporation)
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-06-09] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07B053A5-AF56-42EB-93A1-2CC94654F479}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-06-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-04-11] (Nexon)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-12-19] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll No File
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-12-04] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-477425146-1025208284-447013322-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-477425146-1025208284-447013322-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-12-04] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=UXxdm118YYmy&ptb=BA7ACDA0-6971-4BD8-8EA5-1FDAC0CE6C82&si=CPSWms3zirICFVFw6wod1CEARQ
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-24]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-24]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-24]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]
CHR Extension: (Bookmark Manager) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Appspector) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [250880 2014-09-27] (My Digital Life Forums) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-12-04] (ShenZhen Xunlei Networking Technologies,LTD)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-12-05] () [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-14] (Disc Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42184 2013-02-13] (AnchorFree Inc.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-07] (Intel® Corporation) [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-12-05] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MP4ConverterAudio; C:\Windows\System32\drivers\MP4ConverterAudio.sys [34528 2013-07-26] (Windows ® Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-14] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-11] (Anchorfree Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 ards7qxv; C:\Windows\System32\Drivers\ards7qxv.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 01:24 - 2015-04-24 01:24 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-24 01:24 - 2015-04-24 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-24 01:07 - 2015-04-24 01:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alex\Downloads\revosetup.exe
2015-04-24 01:07 - 2015-04-24 01:07 - 00001224 _____ () C:\Users\Alex\Desktop\Revo Uninstaller.lnk
2015-04-24 01:07 - 2015-04-24 01:07 - 00001092 _____ () C:\Users\Alex\Desktop\Malwarebytes.txt
2015-04-24 01:07 - 2015-04-24 01:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-24 00:51 - 2015-04-24 00:51 - 00001383 _____ () C:\Users\Alex\Desktop\AdwCleaner[S1].txt
2015-04-24 00:44 - 2015-04-24 00:50 - 00003412 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Alex
2015-04-23 14:45 - 2015-04-23 14:45 - 00000374 _____ () C:\Users\Alex\Downloads\FunnyVid_adm_my0213.jad
2015-04-22 03:58 - 2015-04-22 03:59 - 00035260 _____ () C:\Users\Alex\Downloads\Addition.txt
2015-04-22 03:57 - 2015-04-24 01:31 - 00021470 _____ () C:\Users\Alex\Downloads\FRST.txt
2015-04-22 03:57 - 2015-04-24 01:31 - 00000000 ____D () C:\FRST
2015-04-22 03:56 - 2015-04-22 03:57 - 02099712 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2015-04-22 03:29 - 2015-04-22 03:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2015-04-22 03:24 - 2015-04-22 03:25 - 00003472 _____ () C:\Users\Alex\Desktop\Rkill.txt
2015-04-22 03:23 - 2015-04-22 03:23 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.com
2015-04-22 03:16 - 2015-04-22 03:16 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alex\Downloads\SpyHunter-Installer (1).exe
2015-04-22 03:09 - 2015-04-22 03:09 - 00000399 _____ () C:\Users\Alex\Downloads\HotPartyChics_mbf_my0415.jad
2015-04-22 00:18 - 2015-04-22 00:18 - 00004235 _____ () C:\Users\Alex\Downloads\Ellinia DPM Chart (Recovered).xlsx
2015-04-12 00:14 - 2015-04-12 00:14 - 00000868 _____ () C:\Users\Alex\Desktop\Ellinia.exe - Shortcut.lnk
2015-04-11 23:55 - 2015-04-11 23:55 - 00000000 ____D () C:\Users\Alex\AppData\Local\Launcher
2015-04-11 23:37 - 2015-04-11 23:37 - 00000198 _____ () C:\Users\Public\Desktop\MapleStory.url
2015-04-11 23:37 - 2015-04-11 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2015-04-11 23:29 - 2015-04-11 23:29 - 00000000 ____D () C:\ProgramData\NexonUS
2015-04-11 02:26 - 2015-04-24 00:49 - 00000000 ____D () C:\AdwCleaner
2015-04-11 02:09 - 2015-04-24 00:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 02:09 - 2015-04-11 02:09 - 02953520 _____ (AVAST Software) C:\Users\Alex\Downloads\avast-browser-cleanup.exe
2015-04-11 02:09 - 2015-04-11 02:09 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 02:09 - 2015-04-11 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 02:09 - 2015-04-11 02:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 02:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 02:09 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 02:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 02:08 - 2015-04-11 02:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 02:07 - 2015-04-11 02:07 - 02217984 _____ () C:\Users\Alex\Downloads\adwcleaner_4.201.exe
2015-04-10 06:14 - 2015-04-10 06:14 - 00307512 _____ () C:\Windows\Minidump\041015-27440-01.dmp
2015-04-10 06:14 - 2015-04-10 06:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 14:17 - 2015-04-09 14:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-09 14:17 - 2015-04-09 14:17 - 00000000 _____ () C:\autoexec.bat
2015-04-09 14:16 - 2015-04-09 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-09 14:15 - 2015-04-09 14:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Alex\Downloads\SpyHunter-installer.exe
2015-04-06 21:55 - 2015-04-06 21:55 - 02556712 _____ () C:\Users\Alex\Downloads\MapleStory_Downloader.exe
2015-04-03 01:35 - 2015-04-03 01:35 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-03 01:35 - 2015-04-03 01:35 - 00000000 ____D () C:\Windows\system32\NV
2015-04-03 01:33 - 2015-03-14 03:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-03 01:33 - 2015-03-14 03:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-03 01:33 - 2015-03-14 03:41 - 00032456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-03 01:32 - 2015-03-14 03:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-03 01:32 - 2015-03-14 03:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-03 01:32 - 2015-03-14 03:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-31 12:09 - 2015-03-31 12:09 - 01081000 _____ (Unity Technologies ApS) C:\Users\Alex\Downloads\UnityWebPlayer.exe
2015-03-29 01:20 - 2015-03-29 01:20 - 00033219 _____ () C:\Users\Alex\Downloads\[kickass.to]pulling.strings.2013.limited.dvdrip.x264.taste.torrent
2015-03-29 00:53 - 2015-03-29 00:53 - 00008947 _____ () C:\Users\Alex\Downloads\[kickass.to]smokin.aces.2006.720p.brrip.x264.yify.torrent
2015-03-29 00:52 - 2015-03-29 00:52 - 00007801 _____ () C:\Users\Alex\Downloads\[kickass.to]song.one.2014.720p.brrip.x264.yify.torrent
2015-03-29 00:51 - 2015-03-29 00:51 - 00015535 _____ () C:\Users\Alex\Downloads\[kickass.to]about.alex.2014.1080p.brrip.x264.yify.torrent
2015-03-29 00:48 - 2015-03-29 00:48 - 00017713 _____ () C:\Users\Alex\Downloads\[kickass.to]smokin.aces.2.assassins.ball.2010.1080p.brrip.x264.yify.torrent
2015-03-29 00:45 - 2015-03-29 00:45 - 00008900 _____ () C:\Users\Alex\Downloads\[kickass.to]top.five.2014.720p.brrip.x264.yify.torrent
2015-03-29 00:37 - 2015-03-29 00:37 - 00011054 _____ () C:\Users\Alex\Downloads\[kickass.to]interstellar.2014.720p.brrip.x264.yify.torrent
2015-03-26 15:10 - 2015-03-26 15:10 - 00011062 _____ () C:\Users\Alex\Downloads\[kickass.to]the.sims.1.the.complete.collection.full.games4theworld.torrent
2015-03-26 03:20 - 2015-03-26 03:20 - 00001610 _____ () C:\Users\Alex\Desktop\WDMYCLOUDEX4 - Shortcut.lnk
2015-03-26 03:16 - 2015-04-24 00:50 - 00006935 _____ () C:\Windows\setupact.log
2015-03-26 03:16 - 2015-03-26 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-26 02:40 - 2015-03-26 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-03-26 01:33 - 2015-03-26 02:40 - 00001113 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-03-26 01:33 - 2015-03-26 02:37 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\com.wd.WDMyCloud
2015-03-26 01:33 - 2015-03-26 01:33 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-26 01:32 - 2015-04-05 23:33 - 00000208 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Dashboard.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000206 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Learning Center.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000157 _____ () C:\Users\Alex\Desktop\WD My Cloud EX4 Public Share.url
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\ProgramData\Western Digital
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-03-26 01:32 - 2015-03-26 01:32 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-03-26 01:18 - 2015-03-26 01:32 - 00000000 ____D () C:\Users\Alex\AppData\Local\Western Digital
2015-03-26 01:14 - 2015-03-26 01:17 - 71601400 _____ () C:\Users\Alex\Downloads\mcp4_windows_setup.exe
2015-03-26 00:01 - 2015-03-29 00:20 - 00000046 _____ () C:\Users\Alex\AppData\Roaming\CoreAVC.ini
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 01:24 - 2012-11-18 01:26 - 00000000 ____D () C:\Users\Alex\AppData\Local\Google
2015-04-24 01:08 - 2012-11-18 01:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 00:56 - 2009-07-14 12:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 00:56 - 2009-07-14 12:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 00:53 - 2012-11-17 17:53 - 01083407 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 00:50 - 2012-11-18 01:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 00:50 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 00:45 - 2015-02-15 03:10 - 00000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2015-04-23 13:15 - 2010-11-21 11:47 - 00391732 _____ () C:\Windows\PFRO.log
2015-04-13 18:30 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 02:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-04-09 23:55 - 2013-01-29 22:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-03 01:38 - 2013-12-04 02:09 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-03 01:38 - 2012-11-18 03:42 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2015-04-03 01:35 - 2012-11-17 03:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-03 01:33 - 2012-11-17 03:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-02 23:37 - 2014-01-06 01:27 - 00001337 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 11:44 - 2014-06-04 22:38 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 11:44 - 2014-01-06 01:27 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 11:43 - 2014-06-04 22:38 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 11:43 - 2014-01-06 01:27 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 02:33 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-15 03:10 - 2015-04-24 00:45 - 0000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2015-03-26 00:01 - 2015-03-29 00:20 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\CoreAVC.ini
2012-11-24 16:28 - 2013-10-24 13:14 - 0045270 _____ () C:\Users\Alex\AppData\Roaming\room_v3.dat
2014-10-27 00:25 - 2014-10-27 00:25 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 00:40
 
==================== End Of Log ============================
 
ADD TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Alex at 2015-04-24 01:32:08
Running from C:\Users\Alex\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Need for Speed Rivals" (HKLM-x32\...\{E0E5B250-5C80-45ED-9AAB-829655B3E39D}_is1) (Version: 1.4.0.0 - )
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Anno 1404 - Dawn of Discovery version 1.3 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.3 - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arch Luna Online - Luna Plus version 2.0 (HKLM-x32\...\{FC846C92-E119-4B51-9716-2911B233A1AB}_is1) (Version: 2.0 - Arch Luna)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 2520 series Basic Device Software (HKLM\...\{1781B10B-A30B-4D72-BCC1-0666963E1092}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2520 series Product Improvement Study (HKLM\...\{FB373596-D698-46AE-8F35-71B8500B5307}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Kingo Android ROOT version 1.2.2.1915 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.2.1915 - Kingosoft Technology Ltd.)
K-Lite Mega Codec Pack 9.5.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
ѸÀ×7 (HKLM-x32\...\thunder_is1) (Version:  - ѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
plist Editor Pro 2.1.0 (HKLM-x32\...\plist Editor Pro) (Version: 2.1.0 - VOWSoft, Ltd.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 beta r1720 - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-477425146-1025208284-447013322-1000\...\Warcraft III) (Version:  - )
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-04-2015 00:00:02 Scheduled Checkpoint
24-04-2015 01:10:00 Revo Uninstaller's restore point - Google Chrome
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-02-15 01:57 - 00450830 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0B1F1F30-0562-4324-8749-B52066074AA0} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {25BC90A1-FF73-4611-9755-81CCC96F78A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {617C9F87-5E08-4E6C-9D42-703462E579C0} - System32\Tasks\gg_uac_daemon_Alex => D:\Games\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {73B1A6E9-C90E-4E68-B043-9FE077E7E60D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {827C8B15-C1F9-47B4-B268-DD1997C70A42} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8C18C5CC-1C47-4922-BC46-FD5E98581558} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.)
Task: {97B769B8-5D4C-42B8-BC4B-F57C1EA35464} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C630EDC5-B573-481E-978D-00AABB98251B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.)
Task: {D3CEDCEF-45F3-4287-96DB-ABFD08483595} - System32\Tasks\HPCustParticipation HP Deskjet 2520 series => C:\Program Files\HP\HP Deskjet 2520 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-11-17 03:04 - 2015-03-14 03:41 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-17 03:05 - 2015-03-14 00:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-01 03:45 - 2013-07-10 19:54 - 00049456 _____ () D:\Games\Garena Plus\ggdllhost.exe
2008-12-20 03:20 - 2012-11-17 03:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 13:06 - 2012-11-17 03:25 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 03:20 - 2012-11-17 03:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-11-17 03:01 - 2012-02-18 00:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-16 23:42 - 2012-12-16 23:42 - 00041144 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2012-12-16 23:42 - 2012-12-16 23:42 - 00761528 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2012-12-16 23:41 - 2012-12-16 23:41 - 00020480 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2012-12-16 23:41 - 2012-12-16 23:41 - 00013824 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2012-12-16 23:41 - 2012-12-16 23:41 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2012-12-16 23:41 - 2012-12-16 23:41 - 00019968 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2012-12-16 23:41 - 2012-12-16 23:41 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2012-10-31 19:22 - 2013-08-23 17:10 - 00553776 _____ () D:\Games\Garena Plus\ggspawn.dll
2012-11-17 03:04 - 2015-03-14 03:41 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-02 23:37 - 2015-03-28 11:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-12-04 02:09 - 2013-12-04 02:07 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2013-12-04 02:09 - 2013-12-04 02:07 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2012-11-17 02:56 - 2012-11-17 02:56 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f9927372e716ec71e175fe7e5d3f14a3\IsdiInterop.ni.dll
2012-11-17 02:56 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-11-17 02:58 - 2012-02-22 04:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-24 01:24 - 2015-04-14 05:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-24 01:24 - 2015-04-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-477425146-1025208284-447013322-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NO2014.mHD.E01.mp4.lnk => C:\Windows\pss\NO2014.mHD.E01.mp4.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarenaPlus => "D:\Games\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Games\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XMP => "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-477425146-1025208284-447013322-500 - Administrator - Disabled)
Alex (S-1-5-21-477425146-1025208284-447013322-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-477425146-1025208284-447013322-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-477425146-1025208284-447013322-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: WD My Cloud 4-Bay Network Storage
Description: WD My Cloud 4-Bay Network Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2015 00:51:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 00:50:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/24/2015 00:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TriggerKMS.exe, version: 9.1.0.0, time stamp: 0x5103d618
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp: 0x503285c2
Exception code: 0xe0434352
Fault offset: 0x000000000000caed
Faulting process id: 0x40c
Faulting application start time: 0xTriggerKMS.exe0
Faulting application path: TriggerKMS.exe1
Faulting module path: TriggerKMS.exe2
Report Id: TriggerKMS.exe3
 
Error: (04/24/2015 00:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Exception code: 0xc0000005
Fault offset: 0x00000000004e920f
Faulting process id: 0xe3c
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
 
Error: (04/24/2015 00:44:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TriggerKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Management.ManagementScope.Initialize()
   at TriggerKMS.Principal.Connect()
   at TriggerKMS.Principal.Main()
 
Error: (04/24/2015 00:44:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 00:44:50 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/23/2015 02:56:08 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]
 
Error: (04/23/2015 01:16:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 01:16:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (04/24/2015 00:50:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/24/2015 00:50:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error: 
%%577
 
Error: (04/24/2015 00:50:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error: 
%%577
 
Error: (04/24/2015 00:49:26 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/24/2015 00:49:26 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/24/2015 00:49:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/24/2015 00:49:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/24/2015 00:49:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/24/2015 00:49:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/24/2015 00:49:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2015 00:51:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 00:50:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/24/2015 00:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TriggerKMS.exe9.1.0.05103d618KERNELBASE.dll6.1.7601.17932503285c2e0434352000000000000caed40c01d07de4a9fa88bcC:\Program Files\KMSnano\TriggerKMS.exeC:\Windows\system32\KERNELBASE.dll18de862f-e9d8-11e4-9d85-c0143dc53bb0
 
Error: (04/24/2015 00:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fe3c01d07de4c48a555bC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe18de5f1f-e9d8-11e4-9d85-c0143dc53bb0
 
Error: (04/24/2015 00:44:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TriggerKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Management.ManagementScope.Initialize()
   at TriggerKMS.Principal.Connect()
   at TriggerKMS.Principal.Main()
 
Error: (04/24/2015 00:44:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 00:44:50 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/23/2015 02:56:08 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]
 
Error: (04/23/2015 01:16:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 01:16:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-24 00:50:49.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:50:49.821
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:50:48.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:50:48.576
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:44:06.030
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:44:06.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:43:56.881
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 00:43:56.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-23 13:16:20.881
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-23 13:16:20.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 3998.36 MB
Available physical RAM: 1717.29 MB
Total Pagefile: 7994.9 MB
Available Pagefile: 5396.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:73.96 GB) (Free:10.42 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:61.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1.1 GB) - (Type=12)
 
==================== End Of Log ============================


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 23 April 2015 - 05:30 PM

Let's do a final check up:

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif



lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 26 April 2015 - 09:46 AM

Hi sorry for the late reply i need to work for 12 hours during weekends

 

Now browsing seems better less redirecting but sometimes pop up ads

 

hitman scanner is done

eset scanner is running for almost an hour now

 

will post the logs once its done


Edited by pho3n1x, 26 April 2015 - 09:49 AM.


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 26 April 2015 - 09:57 AM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 26 April 2015 - 11:50 AM

Hitman pro log

 

HitmanPro 3.7.9.240
www.hitmanpro.com
 
   Computer name . . . . : ALEX-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Alex-PC\Alex
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-04-26 21:47:45
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 5
   Traces  . . . . . . . : 67
 
   Objects scanned . . . : 1,742,632
   Files scanned . . . . : 79,373
   Remnants scanned  . . : 361,858 files / 1,301,401 keys
 
Malware _____________________________________________________________________
 
   C:\Program Files\LucidMS\ijl15.dll
      Size . . . . . . . : 352,353 bytes
      Age  . . . . . . . : 615.9 days (2013-08-19 00:53:54)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 46485A25D8CE7DF62C807C5E2C0BACF841D52C8C14726C5BA822704DDEBDA81E
      Product  . . . . . : Intel® JPEG Library
      Publisher  . . . . : Intel Corporation
      Description  . . . : Intel® JPEG Library - Retail Version
      Version  . . . . . : 1,51,12,44
      Copyright  . . . . : Copyright © Intel Corporation 1998 - 2001
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Trojan.Generic.7847762
    > Kaspersky  . . . . : Trojan.Win32.Patched.lm
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files\LucidMS\ijl15.dll.p
      Size . . . . . . . : 352,353 bytes
      Age  . . . . . . . : 556.9 days (2013-10-16 23:45:55)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 46485A25D8CE7DF62C807C5E2C0BACF841D52C8C14726C5BA822704DDEBDA81E
      Product  . . . . . : Intel® JPEG Library
      Publisher  . . . . : Intel Corporation
      Description  . . . : Intel® JPEG Library - Retail Version
      Version  . . . . . : 1,51,12,44
      Copyright  . . . . : Copyright © Intel Corporation 1998 - 2001
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Trojan.Generic.7847762
    > Kaspersky  . . . . : Trojan.Win32.Patched.lm
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files\LucidMS\LucidMS.exe
      Size . . . . . . . : 1,163,776 bytes
      Age  . . . . . . . : 576.4 days (2013-09-27 12:58:17)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : D444E807002847C022C11585580D724E58B8C69923F95F62E75684F78A68CEBD
      Needs elevation  . : Yes
      Product  . . . . . : LucidMS Client
      Publisher  . . . . : LucidMS
      Description  . . . : LucidMS
      Version  . . . . . : 1.1.7.0
      LanguageID . . . . : 0
    > G Data . . . . . . : Trojan.GenericKD.1300348
    > Bitdefender  . . . : Trojan.GenericKD.1300348
      Fuzzy  . . . . . . : 108.0
      References
         HKU\S-1-5-21-477425146-1025208284-447013322-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\LucidMS\LucidMS.exe
 
   C:\ProgramData\{e02f986c-f51a-2ee6-e02f-f986cf5161b3}\NO2014.mHD.E01.mp4.exe
      Size . . . . . . . : 1,142,272 bytes
      Age  . . . . . . . : 82.0 days (2015-02-03 22:32:55)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 9D94FDB3800625BFD3434305A63E6E2547E5E41C3839724E6728CDA1FC2284DE
    > Bitdefender  . . . : Gen:Variant.Adware.Multiplug.11
      Fuzzy  . . . . . . : 110.0
 
   C:\Users\Alex\Downloads\NO2014.mHD.E01.mp4.exe
      Size . . . . . . . : 1,142,272 bytes
      Age  . . . . . . . : 82.0 days (2015-02-03 22:32:34)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 9D94FDB3800625BFD3434305A63E6E2547E5E41C3839724E6728CDA1FC2284DE
    > Bitdefender  . . . : Gen:Variant.Adware.Multiplug.11
      Fuzzy  . . . . . . : 110.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Alex\Downloads\FRST64.exe
      Size . . . . . . . : 2,099,712 bytes
      Age  . . . . . . . : 4.7 days (2015-04-22 03:56:57)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7E78DC8EBC5FDD3AFB5AE900C97DD6B12F4E9F3DA0A8129136B1CF6A4B2F4258
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-477425146-1025208284-447013322-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Alex\Downloads\FRST64.exe
 
   C:\Windows\KMSServerService\KMS Server Service.exe 
      Size . . . . . . . : 250,880 bytes
      Age  . . . . . . . : 210.9 days (2014-09-27 23:33:02)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 1D9CFB5DCF781168D482DD7890A55BDC8FEA3F91C16B47560D1FA35DAF72C4CE
      Product  . . . . . : KMS Server Emulator Service
      Publisher  . . . . : My Digital Life Forums
      Description  . . . : KMS Server Emulator Service
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : My Digital Life Forums
      Service  . . . . . : KMSServerService
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 26.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Program starts automatically without user intervention.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\KMSServerService\
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{4CA94303-9DBE-40E2-ACDD-AE966657FD91}\ (Unisales)
   HKLM\SOFTWARE\Classes\Interface\{66A9AAEF-9AD3-4336-A8C2-BDF384CCB553}\ (Unisales)
   HKLM\SOFTWARE\Classes\Interface\{F0F6B50E-100C-4839-A519-D812A5A57EA1}\ (Unisales)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4CA94303-9DBE-40E2-ACDD-AE966657FD91}\ (Unisales)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66A9AAEF-9AD3-4336-A8C2-BDF384CCB553}\ (Unisales)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F0F6B50E-100C-4839-A519-D812A5A57EA1}\ (Unisales)
   HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals)
   HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals)
   HKU\S-1-5-21-477425146-1025208284-447013322-1000_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
   HKU\S-1-5-21-477425146-1025208284-447013322-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
 
Cookies _____________________________________________________________________
 
   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\0M06P079.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\3NSEQY70.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\3P6HLRCO.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\4O6ZJPMI.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\5DFX7QWP.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\5JFWD7OC.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\5PXT0B75.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\5YIB870B.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\6M8DXOGX.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\6MXJRCVS.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\84UOMZWI.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\8W5I2ETC.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\8YD2YNO9.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\9LCIFTL4.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\9WPRCQJV.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\AUBDGBNM.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\BQH99KGW.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\C2VJN2VB.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\CGL0H6UP.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\CZ7FKTUV.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\G284EB9R.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\HTH2C187.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\I8ZOZ7RY.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\K5HCIRWC.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\ME180KPI.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\MHQXHGBI.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\NB9M8B54.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\NV9T1MXI.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\NW4KTJ46.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\O1ZTG35K.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\OS3DQSXP.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\PW4SWJGH.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\S2C941XH.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\S7ZR4EYX.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\T5ZAZ9FX.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\TA7PFTMX.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\TABGH3VW.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\UE8KUTX3.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\VSWB9Z4I.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\VZOGW3XJ.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\Y2AK5XU1.txt
   C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\Z4KTK2QR.txt
 
 
 
ESET log
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f5c1ebeb5645245be56e0f1170d5475
# engine=23570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-26 04:13:42
# local_time=2015-04-27 12:13:42 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 127468549 181694672 0 0
# scanned=204621
# found=11
# cleaned=0
# scan_time=8006
sh=6C8CEC1FFA566492C56B7D962AC2B18FDFE6CF15 ft=1 fh=43baf2b8bc72a264 vn="a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application" ac=I fn="C:\Program Files\KMSnano\KMSELDI.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=7283AAFF3D312F95C9390EABE9D44FC3EFF3A575 ft=1 fh=756b12cce95213d1 vn="a variant of Win32/Adware.MultiPlug.EP application" ac=I fn="C:\ProgramData\{e02f986c-f51a-2ee6-e02f-f986cf5161b3}\NO2014.mHD.E01.mp4.exe"
sh=AB8FCC34F0986C78E857A53BF24208D7650DA801 ft=1 fh=eb06a779552585c7 vn="MSIL/GameTool.J potentially unsafe application" ac=I fn="C:\Users\Alex\Desktop\Alchemy.exe"
sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Alex\Downloads\CheatEngine64.exe"
sh=7283AAFF3D312F95C9390EABE9D44FC3EFF3A575 ft=1 fh=756b12cce95213d1 vn="a variant of Win32/Adware.MultiPlug.EP application" ac=I fn="C:\Users\Alex\Downloads\NO2014.mHD.E01.mp4.exe"
sh=F7F7CF9D7DB324F299595B3F590609ED9C6962E3 ft=1 fh=91de100b7821c328 vn="a variant of Win32/Amonetize.BK potentially unwanted application" ac=I fn="C:\Users\Alex\Downloads\Yiruma Healing Piano (2013)__3039_i1160818330_il802454.exe"
sh=7283AAFF3D312F95C9390EABE9D44FC3EFF3A575 ft=1 fh=756b12cce95213d1 vn="a variant of Win32/Adware.MultiPlug.EP application" ac=I fn="C:\Users\All Users\{e02f986c-f51a-2ee6-e02f-f986cf5161b3}\NO2014.mHD.E01.mp4.exe"
sh=5B9482384A2C1451D7DF7DB99FAB49EED54AE38E ft=1 fh=edff9d844871608a vn="Win32/HackTool.Crack.CR potentially unsafe application" ac=I fn="D:\Games\Anno2070\solidcore32.dll"
sh=FD08F51D41580019BDE7A6C60FB3805F13C7AC05 ft=1 fh=0b315567c69c698c vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\MapleStory\Redirector.dll"
sh=0928A7F8A57F9C1BE1EB67DB4486B6A27F48F3E8 ft=1 fh=c2f1e4fb09daf650 vn="a variant of MSIL/GameTool.J potentially unsafe application" ac=I fn="D:\MapleStorySEA\HaruSEA.exe"
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 26 April 2015 - 12:24 PM

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security riskI do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 26 April 2015 - 02:08 PM

i believe your right because it seems to be only happening to certain websites that i am visiting now unlike previously really appreciate your help

and i will try to remove those pirated stuff

 

i believe your from germany right? great country been there once

 

danke!  :clapping:



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 26 April 2015 - 02:10 PM

i believe your from germany


Why? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 pho3n1x

pho3n1x
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 26 April 2015 - 04:59 PM

Because your location says germany?



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:38 AM

Posted 26 April 2015 - 05:12 PM

Because your location says germany?

 

:lol: Yes, indeed.

 

OK, how is the computer running?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users