Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 jamesharden

jamesharden

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 May 2015 - 07:02 AM

I have calc.exe and mspaint.exe keep running in my pc

how to remove these viruses ?

My mouse cursor keep loading every second 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 31 May 2015 - 09:46 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 June 2015 - 01:45 AM

Hi Jürgen !

Thanks for the reply !

Here the logs :

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015

Ran by Admin (administrator) on ADMIN-PC on 01-06-2015 14:35:17
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Run: [Windows Live] => C:\Users\Admin\AppData\Roaming\Windows Live\vofcmdsnnf.exe [221184 2015-05-17] ()
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Run: [Vjnknf] => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\themes\Vjnknf.exe [349696 2015-05-29] (Microsoft Corporation)
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Run: [Windows Live Installer] => C:\Users\Admin\AppData\Roaming\WindowsUpdate\Live.exe [221184 2015-05-17] (Корпорация Майкрософт)
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Run: [Windows Update Installer] => C:\Users\Admin\AppData\Roaming\WindowsUpdate\Updater.exe [349696 2015-05-29] (Microsoft Corporation)
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Policies\Explorer\Run: [Windows Live] => C:\Users\Admin\AppData\Roaming\Windows Live\vofcmdsnnf.exe [221184 2015-05-17] ()
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3404214420-3708113027-270737100-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2009-11-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-04] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-04] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-28] (Oracle Corporation)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2009-11-26] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6193D35C-EAE2-4704-9C24-B15292432D10}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72sQSHRBY7-DL7g06M3tYNkMjQYGmZzqEVOkmwtJ9A6Fu7cTQWKvW575TpZlacLJ0,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72t4rMfCAjuNoP0Y03-h_jkub7FGXr5biBWj3RP4-Tv3HH4E8CqdSfWjpGQSC4StE,
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72u5mKX-Cj9Af5izy0S9EdbYfumH7X9-eJXh9h4xhf1C6RTgLFHGM19swDg0Qi_-w,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3404214420-3708113027-270737100-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3404214420-3708113027-270737100-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default\searchplugins\Web Search.xml [2014-05-13]
FF Extension: Shopping Helper Smartbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default\Extensions\{b0308a7b-abd3-f683-cf92-48cba8e6fda4} [2014-05-19]
FF Extension: WinToFlash Suggestor - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2014-03-02]
FF HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-28]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-28]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (IDM Integration Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-20]
CHR Extension: (Save to Pocket) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5222608 2013-08-07] (INCA Internet Co., Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-16] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0106.sys [28768 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-04] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-28] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 ak7fgazj; C:\Windows\System32\Drivers\ak7fgazj.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 14:35 - 2015-06-01 14:35 - 00023023 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-06-01 14:35 - 2015-06-01 14:35 - 00000000 ____D () C:\FRST
2015-06-01 14:34 - 2015-06-01 14:34 - 02108928 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-05-31 18:57 - 2015-03-04 02:47 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-05-31 18:57 - 2015-02-05 08:24 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-05-31 18:48 - 2015-05-31 18:49 - 22328752 _____ (Razer Inc.) C:\Users\Admin\Downloads\Razer_Synapse_Framework_v1.18.19.25502.exe
2015-05-31 16:46 - 2015-05-31 18:03 - 00000000 ____D () C:\Users\Admin\Downloads\www.TamilRockers.com - India Pakistan [2015] Tamil 720p HDRip AC3 x264 1.4GB ESubs
2015-05-29 21:49 - 2015-05-29 21:49 - 00000000 ____D () C:\ProgramData\RzSurroundVAD_1.1.60.0
2015-05-29 15:16 - 2015-05-29 15:16 - 00007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-05-28 22:13 - 2015-05-29 14:31 - 00000000 ____D () C:\Users\Admin\Desktop\hack
2015-05-28 21:45 - 2015-05-28 21:46 - 00157163 _____ () C:\Users\Admin\Downloads\bypass.rar
2015-05-25 14:17 - 2015-05-25 16:11 - 00000000 ____D () C:\Users\Admin\Desktop\Sejarah ppr3
2015-05-23 15:37 - 2015-05-29 12:56 - 00349696 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\c731200
2015-05-21 15:21 - 2015-05-21 15:21 - 02347384 ___SH (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe 
2015-05-21 15:16 - 2015-05-21 15:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-21 14:51 - 2015-05-21 15:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Solvusoft
2015-05-21 14:51 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-05-17 18:04 - 2015-05-31 18:04 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978.job
2015-05-17 18:04 - 2015-05-31 18:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-17 18:04 - 2015-05-22 02:00 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435.job
2015-05-17 18:04 - 2015-05-17 18:04 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435
2015-05-17 18:04 - 2015-05-17 18:04 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978
2015-05-17 18:04 - 2015-05-17 18:04 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-16 16:58 - 2015-05-16 17:09 - 00000000 ____D () C:\Program Files\D3D Overrider
2015-05-16 16:55 - 2015-05-16 16:55 - 02856129 _____ () C:\Users\Admin\Downloads\D3D Overrider v2.4.zip
2015-05-15 20:31 - 2015-05-01 13:55 - 00000000 ____D () C:\Users\Admin\Documents\WWE2K15
2015-05-15 19:06 - 2015-05-15 19:06 - 00000837 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-05-15 19:06 - 2015-05-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-05-11 14:30 - 2015-05-30 14:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WindowsUpdate
2015-05-11 14:30 - 2015-05-17 17:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Windows Live
2015-05-09 18:22 - 2015-05-09 18:22 - 03659546 _____ () C:\Users\Admin\Downloads\PERAK sej spm 2011.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 14:34 - 2013-08-28 18:58 - 00058008 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-01 14:31 - 2014-12-06 16:19 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-06-01 14:30 - 2015-02-24 13:17 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Admin
2015-06-01 14:30 - 2013-09-22 18:08 - 00239589 _____ () C:\Windows\setupact.log
2015-06-01 14:30 - 2013-08-28 19:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 14:30 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 14:30 - 2009-07-14 12:45 - 00292480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-06-01 14:29 - 2013-09-23 16:14 - 00690114 _____ () C:\Windows\PFRO.log
2015-06-01 00:30 - 2013-08-28 19:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 00:21 - 2013-08-28 20:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 21:51 - 2009-07-14 13:13 - 00780868 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 19:59 - 2013-09-01 19:17 - 00000000 ____D () C:\Users\Admin\Documents\Bandicam
2015-05-31 18:57 - 2013-08-30 09:43 - 00000000 ____D () C:\ProgramData\Razer
2015-05-31 18:57 - 2013-08-30 09:43 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-31 18:56 - 2014-10-09 15:10 - 00178036 _____ () C:\Windows\DPINST.LOG
2015-05-31 18:50 - 2013-08-30 09:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Razer
2015-05-31 18:49 - 2013-08-30 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-05-31 18:44 - 2009-07-14 12:45 - 00020912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 18:44 - 2009-07-14 12:45 - 00020912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 18:31 - 2013-09-20 16:09 - 00000000 ____D () C:\Users\Admin\Documents\Ubisoft
2015-05-31 18:31 - 2013-09-19 21:35 - 00000000 ____D () C:\ProgramData\Orbit
2015-05-31 18:31 - 2013-09-19 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-31 18:31 - 2013-09-19 13:37 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-05-31 18:02 - 2015-01-31 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-05-31 18:01 - 2013-08-28 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-05-29 15:11 - 2013-08-28 18:12 - 01466360 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 00:14 - 2014-08-02 18:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GarenaPlus
2015-05-29 00:14 - 2014-08-02 18:21 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-05-28 22:10 - 2014-08-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-05-26 15:33 - 2013-08-28 19:20 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 16:43 - 2013-09-12 18:18 - 00000000 ____D () C:\ProgramData\Origin
2015-05-22 16:42 - 2013-12-01 12:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-05-21 17:53 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2015-05-21 17:48 - 2014-09-30 12:42 - 00000000 ____D () C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC
2015-05-21 17:48 - 2014-05-22 17:47 - 00000000 ____D () C:\Program Files (x86)\DreadOut
2015-05-21 17:48 - 2014-05-05 23:15 - 00000000 ____D () C:\Users\Admin\Desktop\ADMIN
2015-05-21 15:25 - 2014-05-21 22:36 - 00000000 ____D () C:\Users\Admin\Downloads\Games
2015-05-21 14:44 - 2013-08-28 19:11 - 00003376 _____ () C:\Windows\System32\Tasks\svchost
2015-05-19 16:45 - 2013-12-01 11:54 - 00000000 ____D () C:\Users\Admin\Documents\FIFA 14
2015-05-17 17:52 - 2013-11-23 15:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Sony Corporation
2015-05-17 17:52 - 2013-09-19 14:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Battlefield 3
2015-05-17 17:52 - 2013-08-28 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Intel Corporation
2015-05-17 17:52 - 2013-08-28 18:29 - 00000000 ____D () C:\Dolby PCEE4
2015-05-17 14:12 - 2014-07-10 13:16 - 00000000 ____D () C:\Windows\pss
2015-05-17 01:25 - 2013-08-28 19:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 01:25 - 2013-08-28 19:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:06 - 2013-08-28 18:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache
2015-05-15 19:06 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-09 19:02 - 2013-08-28 19:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-03 13:18 - 2013-09-19 21:35 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2015-05-02 17:52 - 2013-08-28 18:50 - 00000000 ____D () C:\Users\Admin\Downloads\Video
 
==================== Files in the root of some directories =======
 
2015-05-23 15:37 - 2015-05-29 12:56 - 0349696 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\c731200
2014-07-20 18:25 - 2014-08-24 22:01 - 0003926 _____ () C:\Users\Admin\AppData\Roaming\LTspiceIV.ini
2015-02-24 13:39 - 2015-02-24 13:39 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2015-05-29 15:16 - 2015-05-29 15:16 - 0007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-10-08 21:55 - 2013-10-08 21:55 - 0421355 _____ () C:\ProgramData\1381239732.bdinstall.bin
2013-10-08 22:30 - 2013-10-08 22:30 - 1011996 _____ () C:\ProgramData\1381240628.bdinstall.bin
2013-10-08 23:29 - 2013-10-08 23:29 - 0254186 _____ () C:\ProgramData\1381245964.bdinstall.bin
2013-10-08 23:43 - 2013-10-08 23:43 - 0059755 _____ () C:\ProgramData\1381246929.bdinstall.bin
2013-10-09 07:58 - 2013-10-09 07:58 - 0355315 _____ () C:\ProgramData\1381276142.bdinstall.bin
2013-10-09 08:33 - 2013-10-09 08:33 - 0863691 _____ () C:\ProgramData\1381276797.bdinstall.bin
2013-10-09 11:11 - 2013-10-09 11:11 - 0251151 _____ () C:\ProgramData\1381288185.bdinstall.bin
2013-10-09 11:33 - 2013-10-09 11:33 - 0367460 _____ () C:\ProgramData\1381289024.bdinstall.bin
2013-10-09 12:45 - 2013-10-09 12:45 - 1208037 _____ () C:\ProgramData\1381289703.bdinstall.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0008453 _____ () C:\ProgramData\1383898086.1512.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0020242 _____ () C:\ProgramData\1383898086.1740.bin
2013-11-08 16:08 - 2013-11-08 16:09 - 0005878 _____ () C:\ProgramData\1383898086.1832.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0003005 _____ () C:\ProgramData\1383898086.1924.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0009933 _____ () C:\ProgramData\1383898086.1960.bin
2013-11-08 16:08 - 2013-11-08 16:09 - 0110611 _____ () C:\ProgramData\1383898086.2004.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0000991 _____ () C:\ProgramData\1383898086.2028.bin
2013-11-08 16:08 - 2013-11-08 16:09 - 0008992 _____ () C:\ProgramData\1383898086.2040.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0000738 _____ () C:\ProgramData\1383898086.292.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0000738 _____ () C:\ProgramData\1383898086.648.bin
2013-11-08 16:09 - 2013-11-08 16:09 - 0003429 _____ () C:\ProgramData\1383898086.884.bin
2013-11-08 16:15 - 2013-11-08 16:15 - 0015828 _____ () C:\ProgramData\1383898513.1396.bin
2013-11-08 16:27 - 2013-11-08 16:27 - 0075368 _____ () C:\ProgramData\1383898513.1456.bin
2013-11-08 16:15 - 2013-11-08 16:27 - 0003005 _____ () C:\ProgramData\1383898513.3144.bin
2013-11-08 16:15 - 2013-11-08 16:15 - 0003430 _____ () C:\ProgramData\1383898513.3260.bin
2013-11-08 16:15 - 2013-11-08 16:15 - 0000739 _____ () C:\ProgramData\1383898513.3540.bin
2013-11-08 16:15 - 2013-11-08 16:27 - 0082689 _____ () C:\ProgramData\1383898513.3640.bin
2013-11-08 16:15 - 2013-11-08 16:21 - 0001090 _____ () C:\ProgramData\1383898513.4168.bin
2013-11-08 16:15 - 2013-11-08 16:21 - 0008024 _____ () C:\ProgramData\1383898513.4392.bin
2013-11-08 16:15 - 2013-11-08 16:27 - 0111717 _____ () C:\ProgramData\1383898513.5068.bin
2013-11-08 16:15 - 2013-11-08 16:27 - 0000991 _____ () C:\ProgramData\1383898513.5076.bin
2013-11-08 16:15 - 2013-11-08 16:15 - 0009814 _____ () C:\ProgramData\1383898513.5092.bin
2013-11-08 16:52 - 2013-11-08 16:52 - 0322994 _____ () C:\ProgramData\1383899795.bdinstall.bin
2013-11-08 18:23 - 2013-11-08 18:23 - 1172763 _____ () C:\ProgramData\1383900827.bdinstall.bin
2013-11-08 21:22 - 2013-11-08 21:22 - 0090927 _____ () C:\ProgramData\1383916926.bdinstall.bin
2013-12-24 15:53 - 2013-12-24 15:53 - 0239418 _____ () C:\ProgramData\1387871554.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\b888d06b5435ff80031938c63a3055dc.dll
C:\Users\Admin\AppData\Local\Temp\d54838cb34aeb4235def26b3eefe6cea.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-25 14:55
 
==================== End of log ============================
 
 
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Admin at 2015-06-01 14:36:19
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-3404214420-3708113027-270737100-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3404214420-3708113027-270737100-500 - Administrator - Disabled)
Guest (S-1-5-21-3404214420-3708113027-270737100-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3404214420-3708113027-270737100-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Outlast" (HKLM-x32\...\{F5489388-87F5-42D3-B8C7-598F32FB2260}_is1) (Version: 1.0.12046.0 (Update 8) - )
"Pro Evolution Soccer 2014" (HKLM-x32\...\{5F2F346D-43FA-47A4-97E4-1019BCE7AF45}_is1) (Version: 1.12.0.0 - )
µTorrent (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3 (HKLM-x32\...\Battlefield 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, DANTE2050)
Bioshock Infinite (HKLM-x32\...\Bioshock Infinite_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.6.0 - Conexant)
Counter-Strike Global Offensive [No-Steam] (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.33.0.0 - Valve Software)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.3.0.0359 - Disc Soft Ltd)
DMC Devi May Cry © Capcom version 1 (HKLM-x32\...\DMC Devi May Cry © Capcom_is1) (Version: 1 - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DreadOut (HKLM-x32\...\DreadOut_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.221 - Garena Online Pte Ltd.)
Garena - FIFA ONLINE 3(English) (HKLM-x32\...\FO3) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Gone Home (HKLM-x32\...\GoneHome) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grid 2 version 5.1 (HKLM-x32\...\{432CF492-2A3C-4F96-821A-E102B6F18F07}_is1) (Version: 5.1 - Black_Box)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MKVToolNix 7.6.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.6.0 - Moritz Bunkus)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\MyFreeCodec) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.7 - Razer USA Ltd)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM-x32\...\{B2A302E7-8FA4-4585-AB7F-12C4DEBC0D32}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Thief (HKLM-x32\...\Thief_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Unity Web Player (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
21-05-2015 15:11:41 WinThruster Thu, May 21, 15  15:11
28-05-2015 17:05:59 Scheduled Checkpoint
31-05-2015 18:45:35 Removed Razer Synapse 2.0.
31-05-2015 18:49:23 Installed Razer Synapse.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF709F0-5AF7-4569-869E-686DBDAE2747} - System32\Tasks\{535E9E2F-06D3-4EC9-A4DB-6ABFA3778B82} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {1F443C1D-1469-4663-B01E-3595D5761F01} - System32\Tasks\{F64C086F-2FF4-4BE8-930F-4DF72937B104} => pcalua.exe -a "C:\Computer\Games\Amnesia - The Dark Descent\Amnesia.exe" -d "C:\Computer\Games\Amnesia - The Dark Descent"
Task: {6903C043-3B46-47FC-8C5D-89104A09FAA3} - No Task path could be read. Access Denied. 
Task: {6FFD6411-CDBA-4495-896A-03691A420965} - System32\Tasks\{909A43C5-3C6F-4237-A7E8-D0FE8CDFA95B} => pcalua.exe -a C:\Users\Admin\Desktop\SuddenAttackSEA_v43.00.exe -d C:\Users\Admin\Desktop
Task: {73E6226F-B6B8-4509-95F8-0AEE7A0BCED2} - System32\Tasks\{683E3FD5-9B01-42BA-954D-B72E0931372A} => pcalua.exe -a C:\Users\Admin\Downloads\Programs\bitdefender_tsecurity.exe -d C:\Users\Admin\Downloads\Programs
Task: {75A16BC1-3619-4AE6-9F0B-E6F73891985D} - System32\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {75CF2CC8-CFAA-4993-993B-199CC7DB2018} - System32\Tasks\{AB8942D7-37CA-4A4F-9060-F4311545163D} => pcalua.exe -a C:\Users\Admin\Downloads\SUPERAntiSpyware.exe -d C:\Users\Admin\Downloads
Task: {777CA51F-3E80-420D-B079-9879A2D28710} - System32\Tasks\{916A96C7-7348-4179-B3B8-DBACDBA053EE} => pcalua.exe -a "C:\Computer\Games\Dead Island Riptide\DeadIslandGame_x86_rwdi.exe" -d "C:\Computer\Games\Dead Island Riptide"
Task: {894DCFEC-1A3A-4E55-9C55-AA6116F374E2} - System32\Tasks\{ED1FE6B1-3492-4B07-A8AA-E8865026457E} => pcalua.exe -a "C:\Computer\Games\Football Manager 2014 PC game ^^nosTEAM^^\Football Manager 2014\fm.exe" -d "C:\Computer\Games\Football Manager 2014 PC game ^^nosTEAM^^\Football Manager 2014"
Task: {917C926D-51AA-4C67-A069-3983CDC62FED} - System32\Tasks\{BE37C2E8-14C5-4125-A07A-253D82AB6586} => pcalua.exe -a C:\Users\Admin\Downloads\Programs\devcpp-4.9.9.2_setup.exe -d C:\Users\Admin\AppData\Roaming\IDM
Task: {95D55A7B-53BB-447B-964C-B8E22A00691D} - System32\Tasks\svchost => c:\windows\resources\svchost.exe
Task: {98F6F731-7495-4BD4-8732-4098A336D07D} - System32\Tasks\{F1BBC9C1-600D-4F97-BB21-8E0A9FF328FE} => pcalua.exe -a "C:\Computer\Games\Tomb Raider\TombRaider.exe" -d "C:\Computer\Games\Tomb Raider"
Task: {A3161AFB-1C09-42D4-80EB-EBC16A56BE9F} - System32\Tasks\{088EE017-1BE6-4E70-A853-A85F28E0D365} => pcalua.exe -a C:\Computer\Games\PlayFPS\SuddenAttackSEA\launcher.exe.exe -d C:\Computer\Games\PlayFPS\SuddenAttackSEA
Task: {A394397C-3381-4B77-B8EB-A1EC5B8B6695} - System32\Tasks\{8F1FE83E-DD47-4247-9D89-E442C224B9EB} => pcalua.exe -a "F:\IDM V.15 - All Activator.exe" -d F:\
Task: {B407B452-DE8C-44E0-962F-C65DFA5DC343} - System32\Tasks\{7F98132A-6788-4BED-8E17-71D6AE2BB7E9} => pcalua.exe -a "C:\Computer\Games\Need for Speed Most Wanted\NFS13.exe" -d "C:\Computer\Games\Need for Speed Most Wanted"
Task: {BC9D6C32-8CF2-4B8E-B3E2-24D149D023DB} - System32\Tasks\gg_uac_daemon_Admin => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {CC8D3FE3-9192-4959-BA46-A983DC7409CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)
Task: {E06E478C-E037-4426-A056-0E38DDD20540} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {E6BBA330-774F-4583-89E3-C201C787B29E} - System32\Tasks\{92DD7DBC-C7F4-40F3-96E8-5D82D6866A45} => pcalua.exe -a "C:\Computer\Games\FarCry 3\bin\Far Cry 3.exe" -d "C:\Computer\Games\FarCry 3\bin"
Task: {E77409EA-9C72-4561-B0A1-450C54CD9AEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E8DFB250-E735-4085-8034-DA8CD1216395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)
Task: {E90A38AA-336E-4316-A272-D73B86628D10} - System32\Tasks\{AABC8C13-466D-4B26-9A11-FD13236F42EE} => pcalua.exe -a H:\BitDefender\BD2013.TR.Setup-BBs.exe -d H:\BitDefender
Task: {E9EA6BFA-4927-4C04-A45C-120C1BAEA779} - System32\Tasks\{610DB50C-84A3-4D39-B786-2D9B183B1822} => pcalua.exe -a "C:\Computer\Games\SuddenAttackSEA\launcher (2).exe" -d C:\Computer\Games\SuddenAttackSEA
Task: {EA85E55C-158D-4387-8A26-5E8BEC2BC604} - System32\Tasks\{B89C11A2-1FF4-49EA-9791-2AD7F461A7C2} => pcalua.exe -a C:\Computer\Games\Bully\Bully.exe -d C:\Computer\Games\Bully
Task: {EAC28732-3764-45E3-9DAC-FC98E22E5684} - System32\Tasks\{B1EF0B41-519C-4744-8960-0004DE3706BC} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {EF1CE842-CE70-4D65-9BE2-51676728F0CB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-30] (Microsoft Corporation)
Task: {F1BDEFCF-0C7C-4A72-A67F-FE60331EE85B} - System32\Tasks\{16CAED7A-FD55-46DE-880F-39EE446A47F0} => pcalua.exe -a C:\Users\Admin\Desktop\bitdefender_ts_2013_32b.exe -d C:\Users\Admin\Desktop
Task: {FD9AA149-B37E-4D8F-A3E1-5409A202FB5F} - System32\Tasks\{2020C05A-2BDD-4C7F-A7EF-0A4EB7FA7580} => pcalua.exe -a "C:\Computer\Games\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe" -d "C:\Computer\Games\Euro Truck Simulator 2\bin\win_x86"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-10 16:34 - 2014-09-14 07:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-10 16:40 - 2014-09-14 05:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-28 18:51 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-08-30 09:43 - 2012-08-01 15:44 - 00139024 ____N () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll
2014-11-11 11:52 - 2015-01-20 20:20 - 00055896 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-05-16 16:07 - 2014-05-16 16:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 08:24 - 2015-02-05 08:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-11 11:52 - 2015-04-20 19:07 - 00865728 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-10-10 16:34 - 2014-09-14 07:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-30 19:24 - 2013-08-30 19:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\366e6aec83b27f8d600a297163bfe9d0\IsdiInterop.ni.dll
2013-08-28 18:28 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-26 15:33 - 2015-05-23 04:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 15:33 - 2015-05-23 04:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Djnknn => C:\Users\Admin\AppData\Roaming\Djnknn.scr
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Keyboard Inf. => C:\Users\Admin\AppData\Roaming\Media Center Programs\ndsm.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{255C396F-AA01-4028-9CD5-A9037022CBF7}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D800DE01-2F19-45A4-9883-26E790679B3E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E65E268C-C525-49CF-8A2B-1C1BF4051E95}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ACB552AF-1169-46DE-9FF2-08C6D2A14D3B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0E9015D1-3879-4FCB-8367-3FEB1491C76D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8AACD3A4-2806-4313-B76B-BDE6DF82972B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{7F5389F5-213A-4C8E-B294-03AF775ACDDE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{9DC27299-ACA3-48F6-B7AA-09C9B07B39AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14381F15-ABD5-4AF5-9961-BFF0A921492B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17AB1058-55C7-413D-BCA1-31C77308B608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{06839C0D-19C5-47F0-9846-9F040E125166}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B211D493-1C1A-4A44-BF43-230C0CBCF166}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{79A3CBF5-AABA-43AA-8183-B2A2A4C0F4DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{505193B5-A5B7-4318-8AFD-36F16CE7D25D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{29A76DCB-EF34-42EE-8254-606BF26D69DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F015FD6C-B702-4AAC-8237-5C335E749CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9768F5DE-A6F7-40E6-80F4-0C0BBBFBA31B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3FF70534-8546-4E37-A214-0E8C985DCCC5}C:\computer\games\fifa 13\game\fifa13.exe ] => (Allow) C:\computer\games\fifa 13\game\fifa13.exe 
FirewallRules: [UDP Query User{B42B933F-9A7B-4549-BCFD-5B8EC677A7E7}C:\computer\games\fifa 13\game\fifa13.exe ] => (Allow) C:\computer\games\fifa 13\game\fifa13.exe 
FirewallRules: [{B6101DE3-C149-4184-A13B-A2608A7D5645}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{C45CFE6C-4A84-4CC9-BE7F-14C3633FF3AA}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{6110F808-3E84-4FE5-95FF-BF8E760B4B51}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{89690CBD-BF67-424D-9A2C-2946CAEF1D13}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{B4D45097-186E-47D8-AE22-C6EE4EDF6712}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe 
FirewallRules: [{545643F5-7104-4874-B851-678F8A0F686B}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe 
FirewallRules: [{6D4B253E-30E0-4B1B-A084-DB4539C1A3C3}] => (Allow) G:\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{547237DA-D290-468F-84B2-4107807139C1}] => (Allow) G:\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{B261D710-A18D-4CDB-8BD3-150F799F4056}] => (Allow) C:\Users\Admin\Desktop\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{495092B1-CA83-4F67-8BB7-71718BF2BA59}] => (Allow) C:\Users\Admin\Desktop\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{F85C4E01-8ADC-4EB3-8444-1CB754D27ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{298588B3-7E6C-4912-9B3D-75B69773D73F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{3F184828-CE6B-4576-A3C5-756DE8253261}C:\computer\games\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\computer\games\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{7A409D16-0560-43DD-95D5-BC10F89C7B54}C:\computer\games\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\computer\games\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [TCP Query User{32496A99-07D8-4ADD-85A8-8D0B261EAEF3}C:\computer\games\farcry 3\bin\farcry3.exe ] => (Allow) C:\computer\games\farcry 3\bin\farcry3.exe 
FirewallRules: [UDP Query User{DF0BA026-D47A-4CBE-938A-AA8F5BC860EE}C:\computer\games\farcry 3\bin\farcry3.exe ] => (Allow) C:\computer\games\farcry 3\bin\farcry3.exe 
FirewallRules: [TCP Query User{1421A0E0-BB58-478C-8771-7687A066DA9F}C:\computer\games\need for speed most wanted\nfs13.exe ] => (Allow) C:\computer\games\need for speed most wanted\nfs13.exe 
FirewallRules: [UDP Query User{4E3630BE-E82E-471C-84BD-CFB69808B2EB}C:\computer\games\need for speed most wanted\nfs13.exe ] => (Allow) C:\computer\games\need for speed most wanted\nfs13.exe 
FirewallRules: [TCP Query User{8EC60E0B-393E-40AD-B4C9-8C8EF44C43C9}C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe] => (Block) C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe
FirewallRules: [UDP Query User{A8BDD5DE-FC47-49D1-9606-1C5CFC03271C}C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe] => (Block) C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe
FirewallRules: [{60CB332A-4354-4A4B-862D-2B69926A5476}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C0800C37-E954-4948-967A-F8E44F72364F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FAC6E5D1-DD93-41CF-88D5-DE56DACFD5E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6238503F-A571-4E1B-B050-FEFEC037770F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4B82BD4D-919B-472D-B7A8-376D75E0EF56}C:\computer\games\resident evil 6\bh6.exe ] => (Block) C:\computer\games\resident evil 6\bh6.exe 
FirewallRules: [UDP Query User{C01CDC4E-E6DC-4607-98E6-8324CEFD71D3}C:\computer\games\resident evil 6\bh6.exe ] => (Block) C:\computer\games\resident evil 6\bh6.exe 
FirewallRules: [TCP Query User{84DD115D-FAF9-4E8A-9F04-80E25102F7B4}C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe ] => (Block) C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe 
FirewallRules: [UDP Query User{024AB133-079B-401A-931E-6B23190D4029}C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe ] => (Block) C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe 
FirewallRules: [{C796221B-17FB-4F1B-A447-C7CFD500AD82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0ECC9571-2B5B-4F3C-8663-ACFA755FC854}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33C286E6-F1B2-42A4-8387-D113335872D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0D5344E9-3807-4D7E-90C0-D890479A5E05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A08407F-6AE1-46C5-9DDD-00C8B18E56FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F4228D2-FB98-4917-AD7D-64F1BDB40017}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1684E388-B317-47B5-98E5-42CBD667AB08}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [UDP Query User{082D44A8-F937-4967-8D50-2B20C070D83E}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [{7BD031C2-06EB-42CE-8053-33DE38275037}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{607AF456-16C9-4B79-BC07-21CC4CDCF835}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F5C2C1B4-F620-4CA8-BA84-9E9540966B7A}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{D1ACEE25-3B57-4E79-AAA8-2E0AD6263C92}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{3C5B58DF-E568-4429-B1AA-55C779A71DAF}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{FC2483FE-BD2C-4468-9382-1DA8A5558770}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{71568B6F-219E-4106-B45F-186D39F56D20}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56457D32-968C-4CFC-BA36-DFB68DC5CDEE}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83BB3A1E-5081-415F-84F9-02A7A258CD77}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCAAA9F5-A611-4948-920B-AA7928CEDC90}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A653947B-2878-4DB3-98F2-C2904D71F3E7}] => (Allow) C:\Program Files (x86)\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{E733854B-9680-4B34-B53D-DA155295FE94}] => (Allow) C:\Program Files (x86)\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{03976781-81A7-46FE-B253-C9755662931D}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{7579087F-F36C-4E52-AD58-9C861D75B202}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{4771E927-1E05-4D48-9199-17D37F40B6F0}] => (Allow) C:\Users\Admin\Downloads\Programs\fo3Installer.exe
FirewallRules: [{DA474041-CF13-4F85-B648-CF7B6FFBEDF8}] => (Allow) C:\Users\Admin\Downloads\Programs\fo3Installer.exe
FirewallRules: [{63951C5F-A488-4899-ACD9-389F1C31D261}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{48CC4199-B940-4BE8-A9E5-6377DADBAFEB}] => (Allow) C:\Program Files (x86)\GarenaFO3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{5732097D-7347-4796-B1CB-1EA257EFC7AC}] => (Allow) C:\Program Files (x86)\GarenaFO3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{EE5E9BB3-E961-4EA7-BA52-365EBC6F3053}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F837618-EC13-4349-9948-5D25EAE6FC38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{015347F4-8EF1-4A9F-B204-961899C1AB02}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{2B0FB6D3-31DA-4D35-BC35-B4BD19374B6C}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{DAEA1918-0BEF-4B1D-9CE7-7A1A7C5850DC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{8EDB04AA-4C27-419D-BAF3-6A19ADA4063D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{9449CE90-ABE7-45AF-88C9-72B874BA74A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{45332C27-6FB1-4306-9301-7C14E2EA5BAB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{538F6473-A79C-4D05-B816-103D38B4C3D5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{704FD8C4-A803-4C7A-8BCF-015C88315602}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D7A581AE-2769-4A0B-8687-45E779DDDF8D}] => (Allow) C:\Users\Admin\Downloads\Programs\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{16EBE7FF-84C1-4FB7-8868-83A818EB6E4F}] => (Allow) C:\Users\Admin\Downloads\Programs\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{B3ECC359-66BA-4068-83F7-EFEE95AE1943}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{1FF87F83-AAAB-4D31-BCED-7C37E4D7B85C}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe
FirewallRules: [{97BABD84-FA88-4E17-AAB1-49B2DAF11648}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe
FirewallRules: [{01744166-05DB-42AC-AFD7-DA930FA853CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02FDAC39-D545-413E-8455-8244439A1AF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07ED26B1-ADCB-40FC-ADF4-8FCF820FE807}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B2D3FD7-1F3C-4068-B2DC-9FA8452DEC70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25C2C099-3F26-45CE-A361-250A258D1FC4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{171C9B07-BFCA-481D-B7DF-DAF4E0C1E413}] => (Allow) C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC\fifasetup\fifaconfig.exe
FirewallRules: [{7937DB76-6038-4BED-B9CC-39A6883D7386}] => (Allow) C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC\fifasetup\fifaconfig.exe
FirewallRules: [{D7C754DF-BB23-4F6D-B155-77160A2C708A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2015 07:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuddenAttack.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9c78
 
Start Time: 01d09b95064b0b96
 
Termination Time: 26
 
Application Path: C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe
 
Report Id: 51def70e-0788-11e5-9588-00ac6835924e
 
Error: (05/31/2015 07:23:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuddenAttack.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 95a0
 
Start Time: 01d09b943849a763
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe
 
Report Id: 86b352bb-0787-11e5-9588-00ac6835924e
 
Error: (05/31/2015 06:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Faulting module name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Exception code: 0xc0000005
Fault offset: 0x004208e7
Faulting process id: 0x10b68
Faulting application start time: 0xAI.exe0
Faulting application path: AI.exe1
Faulting module path: AI.exe2
Report Id: AI.exe3
 
Error: (05/31/2015 05:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Faulting module name: nvwgf2um.dll, version: 9.18.13.4411, time stamp: 0x5414a277
Exception code: 0xc0000005
Fault offset: 0x0055105b
Faulting process id: 0xf27c
Faulting application start time: 0xAI.exe0
Faulting application path: AI.exe1
Faulting module path: AI.exe2
Report Id: AI.exe3
 
Error: (05/31/2015 02:09:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (05/31/2015 01:14:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gkfasglxe.exe, version: 6.0.6000.16384, time stamp: 0x55695bbc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875bb
Faulting process id: 0x268f0
Faulting application start time: 0xgkfasglxe.exe0
Faulting application path: gkfasglxe.exe1
Faulting module path: gkfasglxe.exe2
Report Id: gkfasglxe.exe3
 
Error: (05/31/2015 01:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gvrcyrbgh.exe, version: 6.0.6000.16384, time stamp: 0x55695bab
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875bb
Faulting process id: 0x24de4
Faulting application start time: 0xgvrcyrbgh.exe0
Faulting application path: gvrcyrbgh.exe1
Faulting module path: gvrcyrbgh.exe2
Report Id: gvrcyrbgh.exe3
 
Error: (05/31/2015 01:09:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hxkxquqak.exe, version: 6.0.6000.16384, time stamp: 0x55695bab
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875bb
Faulting process id: 0x22604
Faulting application start time: 0xhxkxquqak.exe0
Faulting application path: hxkxquqak.exe1
Faulting module path: hxkxquqak.exe2
Report Id: hxkxquqak.exe3
 
Error: (05/30/2015 02:35:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 3.3.2.1.7.4.6.7.3.A.C.1.5.5.8.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Admin-PC-2.local.
 
Error: (05/30/2015 02:35:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.6:5353   16 3.3.2.1.7.4.6.7.3.A.C.1.5.5.8.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Admin-PC.local.
 
 
System errors:
=============
Error: (06/01/2015 02:30:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/31/2015 06:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/31/2015 06:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/31/2015 00:30:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 02:35:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/29/2015 00:54:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/29/2015 00:06:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/28/2015 10:52:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/28/2015 10:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
Error: (05/28/2015 10:52:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (05/31/2015 07:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SuddenAttack.exe1.0.0.19c7801d09b95064b0b9626C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe51def70e-0788-11e5-9588-00ac6835924e
 
Error: (05/31/2015 07:23:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SuddenAttack.exe1.0.0.195a001d09b943849a7636C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe86b352bb-0787-11e5-9588-00ac6835924e
 
Error: (05/31/2015 06:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AI.exe0.0.0.054254411AI.exe0.0.0.054254411c0000005004208e710b6801d09b87755d6c94C:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exeC:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exefa6e0ac2-077b-11e5-9870-00ac6835924e
 
Error: (05/31/2015 05:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AI.exe0.0.0.054254411nvwgf2um.dll9.18.13.44115414a277c00000050055105bf27c01d09b866922c6e3C:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exeC:\Windows\system32\nvwgf2um.dllf786f24d-0779-11e5-9870-00ac6835924e
 
Error: (05/31/2015 02:09:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/31/2015 01:14:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gkfasglxe.exe6.0.6000.1638455695bbcunknown0.0.0.000000000c0000005001875bb268f001d09b60b28fa99fC:\Users\Admin\AppData\Local\Temp\gkfasglxe.exeunknownf0b6f434-0753-11e5-9870-00ac6835924e
 
Error: (05/31/2015 01:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gvrcyrbgh.exe6.0.6000.1638455695babunknown0.0.0.000000000c0000005001875bb24de401d09b60699011feC:\Users\Admin\AppData\Local\Temp\gvrcyrbgh.exeunknowna7facf30-0753-11e5-9870-00ac6835924e
 
Error: (05/31/2015 01:09:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hxkxquqak.exe6.0.6000.1638455695babunknown0.0.0.000000000c0000005001875bb2260401d09b5ffb46a4d6C:\Users\Admin\AppData\Local\Temp\hxkxquqak.exeunknown39332f7f-0753-11e5-9870-00ac6835924e
 
Error: (05/30/2015 02:35:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 3.3.2.1.7.4.6.7.3.A.C.1.5.5.8.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Admin-PC-2.local.
 
Error: (05/30/2015 02:35:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.6:5353   16 3.3.2.1.7.4.6.7.3.A.C.1.5.5.8.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Admin-PC.local.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 3947.86 MB
Available physical RAM: 2215.39 MB
Total Pagefile: 7893.86 MB
Available Pagefile: 6160.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.07 GB) (Free:99.03 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B10334E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 01 June 2015 - 09:48 AM

Hi there,

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

Upload File(s) to virustotal.png
I want you to upload the following file(s) to an online virus-scanner to scan.

  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\themes\Vjnknf.exe
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply;

Follow the procedure for the following file(s) too:
C:\Users\Admin\AppData\Roaming\Windows Live\vofcmdsnnf.exe

After posting the results:

Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 June 2015 - 09:02 PM

Hi,

 

Virustotal : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\themes\Vjnknf.exe  

 

RESULT : https://www.virustotal.com/en/file/6f8e361c58158c12d556409a79668b45ed1cebfd9501641387f05a39f689f389/analysis/1433172327/

 

Virustotal : C:\Users\Admin\AppData\Roaming\Windows Live\vofcmdsnnf.exe

 

Result :  https://www.virustotal.com/en/file/59dbafdd7e87947e3340dd6f4dddd4b58743a591018a2aa1fba50f8bfd9c0b09/analysis/1433210429/

 

 

COMBOFIX

 

ComboFix 15-05-31.01 - Admin 06/01/2015  23:32:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3948.2027 [GMT 8:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1381239732.bdinstall.bin
c:\programdata\1381240628.bdinstall.bin
c:\programdata\1381245964.bdinstall.bin
c:\programdata\1381246929.bdinstall.bin
c:\programdata\1381276142.bdinstall.bin
c:\programdata\1381276797.bdinstall.bin
c:\programdata\1381288185.bdinstall.bin
c:\programdata\1381289024.bdinstall.bin
c:\programdata\1381289703.bdinstall.bin
c:\programdata\1383898086.1512.bin
c:\programdata\1383898086.1740.bin
c:\programdata\1383898086.1832.bin
c:\programdata\1383898086.1924.bin
c:\programdata\1383898086.1960.bin
c:\programdata\1383898086.2004.bin
c:\programdata\1383898086.2028.bin
c:\programdata\1383898086.2040.bin
c:\programdata\1383898086.292.bin
c:\programdata\1383898086.648.bin
c:\programdata\1383898086.884.bin
c:\programdata\1383898513.1396.bin
c:\programdata\1383898513.1456.bin
c:\programdata\1383898513.3144.bin
c:\programdata\1383898513.3260.bin
c:\programdata\1383898513.3540.bin
c:\programdata\1383898513.3640.bin
c:\programdata\1383898513.4168.bin
c:\programdata\1383898513.4392.bin
c:\programdata\1383898513.5068.bin
c:\programdata\1383898513.5076.bin
c:\programdata\1383898513.5092.bin
c:\programdata\1383899795.bdinstall.bin
c:\programdata\1383900827.bdinstall.bin
c:\programdata\1383916926.bdinstall.bin
c:\programdata\1387871554.bdinstall.bin
c:\programdata\ntuser.pol
c:\users\Admin\AppData\Local\Temp\VPN_0829\B7091C83.dll
c:\users\Admin\AppData\Roaming\c731200
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Themes\Vjnknf.exe
c:\users\Admin\AppData\Roaming\Windowsupdate
c:\users\Admin\AppData\Roaming\Windowsupdate\Updater.exe
c:\users\Admin\Desktop\Search.lnk
c:\windows\msdownld.tmp
c:\windows\SysWow64\dt
c:\windows\SysWow64\dt\2013-11-06_22-11-11-12658295
c:\windows\SysWow64\dt\2013-11-06_22-16-11-12958301
c:\windows\SysWow64\dt\2013-11-06_22-21-11-13258322
c:\windows\SysWow64\dt\2013-11-06_22-26-11-13558343
c:\windows\SysWow64\dt\2013-11-06_22-31-11-13858317
c:\windows\SysWow64\dt\2013-11-06_22-36-11-14158338
c:\windows\SysWow64\dt\2013-11-06_22-41-11-14458297
c:\windows\SysWow64\dt\2013-11-06_22-46-11-14758349
c:\windows\SysWow64\dt\2013-11-06_22-51-11-15058324
c:\windows\SysWow64\dt\th_2013-11-06_22-11-11-12658295
c:\windows\SysWow64\dt\th_2013-11-06_22-16-11-12958301
c:\windows\SysWow64\dt\th_2013-11-06_22-21-11-13258322
c:\windows\SysWow64\dt\th_2013-11-06_22-26-11-13558343
c:\windows\SysWow64\dt\th_2013-11-06_22-31-11-13858317
c:\windows\SysWow64\dt\th_2013-11-06_22-36-11-14158338
c:\windows\SysWow64\dt\th_2013-11-06_22-41-11-14458297
c:\windows\SysWow64\dt\th_2013-11-06_22-46-11-14758349
c:\windows\SysWow64\dt\th_2013-11-06_22-51-11-15058324
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-01 to 2015-06-01  )))))))))))))))))))))))))))))))
.
.
2015-06-01 15:55 . 2015-06-01 15:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-06-01 15:55 . 2015-06-01 15:55 -------- d-----w- c:\users\Sharman\AppData\Local\temp
2015-06-01 15:55 . 2015-06-01 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-01 15:08 . 2015-06-01 15:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6F25E99-6011-4168-A4D4-6B2A59283507}\offreg.dll
2015-06-01 06:35 . 2015-06-01 06:36 -------- d-----w- C:\FRST
2015-05-31 10:57 . 2015-03-03 18:47 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2015-05-31 10:57 . 2015-02-05 00:24 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2015-05-29 13:49 . 2015-05-29 13:49 -------- d-----w- c:\programdata\RzSurroundVAD_1.1.60.0
2015-05-21 07:16 . 2015-05-21 07:16 -------- d-----w- c:\program files (x86)\ESET
2015-05-21 06:51 . 2015-05-21 07:13 -------- d-----w- c:\users\Admin\AppData\Roaming\Solvusoft
2015-05-21 06:51 . 2012-10-15 09:02 19888 ----a-w- c:\windows\system32\roboot64.exe
2015-05-17 10:04 . 2015-05-17 10:04 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2015-05-17 10:04 . 2015-05-31 10:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-05-17 10:04 . 2015-05-17 10:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-05-16 08:58 . 2015-05-16 09:09 -------- d-----w- c:\program files\D3D Overrider
2015-05-11 06:30 . 2015-06-01 15:07 -------- d-----w- c:\users\Admin\AppData\Roaming\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-16 02:59 . 2013-08-28 12:22 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-16 02:59 . 2013-08-28 12:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-14 05:49 . 2015-03-14 05:49 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0106.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0106.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 xspirit;xspirit;c:\windows\xspirit.sys;c:\windows\xspirit.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 07:31 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-28 02:59]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 11:12]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 11:12]
.
2015-06-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-05-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2014-12-06 4374072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72u5mKX-Cj9Af5izy0S9EdbYfumH7X9-eJXh9h4xhf1C6RTgLFHGM19swDg0Qi_-w,&q={searchTerms}
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6193D35C-EAE2-4704-9C24-B15292432D10}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6193D35C-EAE2-4704-9C24-B15292432D10}\14355535: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6193D35C-EAE2-4704-9C24-B15292432D10}\25576756E6: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72t4rMfCAjuNoP0Y03-h_jkub7FGXr5biBWj3RP4-Tv3HH4E8CqdSfWjpGQSC4StE,
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPnm-CKMQBZ4VTe_ya_r_RtC8jIyDJJ-kpeQraUNFYaKjBuvEfbbCa_T0aFe8B3fJRfICuHF41fbYoTdLK5bs5T_rY72u5mKX-Cj9Af5izy0S9EdbYfumH7X9-eJXh9h4xhf1C6RTgLFHGM19swDg0Qi_-w,&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Vjnknf - c:\users\Admin\AppData\Roaming\Microsoft\Windows\themes\Vjnknf.exe
Wow6432Node-HKCU-Run-Windows Live Installer - c:\users\Admin\AppData\Roaming\WindowsUpdate\Live.exe
Wow6432Node-HKCU-Run-Windows Update Installer - c:\users\Admin\AppData\Roaming\WindowsUpdate\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3404214420-3708113027-270737100-1000\Software\SecuROM\License information*]
"datasecu"=hex:03,8f,47,0d,5d,c9,5b,94,e5,53,ce,b7,ab,5c,b7,fb,a7,f0,c9,c5,e0,
   d9,f8,0a,53,e3,4b,dc,30,6b,ff,58,2e,21,42,eb,cc,a4,3f,a0,09,78,51,3d,73,e4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c1,c1,9d,a9,4c,0e,d1,0a,96,a7,1d,49,48,8a,b1,76,b7,76,a3,e7,08,
   6b,6e,0f,16,41,17,8d,9a,d0,16,d3,6e,2b,b8,cb,68,36,57,16,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):50,f8,af,3d,55,b9,b7,36,e2,5a,66,d4,a4,5a,03,1a,c6,47,7d,aa,15,
   eb,32,b6,02,cc,54,af,45,4a,d3,fb,30,55,4c,aa,d4,4b,b7,d2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\Wow6432Node\CLSID\{8e6867d9-8da1-49f6-a9d4-b7680d52e973}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000158
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,0b,bb,5b,ef,d2,24,f1,e9,c9,e5,f8,1b,73,28,05,65,1d,9c,67,7b,7c,d2,\
.
[HKEY_USERS\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\Wow6432Node\CLSID\{f7631dca-003c-4ae9-8583-ca7adcdebb8a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014e
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-02  00:23:42
ComboFix-quarantined-files.txt  2015-06-01 16:23
.
Pre-Run: 106,209,144,832 bytes free
Post-Run: 105,844,703,232 bytes free
.
- - End Of File - - 2DF536E7BB890F38E9294E70FD2A6A00


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 02 June 2015 - 04:51 AM

Hi there,
good job!

Please proceed with the followings steps now:

(NEW VERSION!)
Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 02 June 2015 - 10:57 AM

Hi !! 

 

Malwarebytes Result

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/2/2015
Scan Time: 11:30:56 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.02.04
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458079
Time Elapsed: 19 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Admin (administrator) on ADMIN-PC on 02-06-2015 23:54:55
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3404214420-3708113027-270737100-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-04] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-04] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-28] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6193D35C-EAE2-4704-9C24-B15292432D10}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3404214420-3708113027-270737100-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3404214420-3708113027-270737100-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Shopping Helper Smartbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu397ump.default\Extensions\{b0308a7b-abd3-f683-cf92-48cba8e6fda4} [2014-05-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2014-03-02]
FF HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-28]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-28]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (IDM Integration Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-20]
CHR Extension: (Save to Pocket) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5222608 2013-08-07] (INCA Internet Co., Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-16] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U0 fvow; C:\Windows\System32\drivers\ahqrh.sys [79064 2015-06-02] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0106.sys [28768 2014-12-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-04] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-28] (Duplex Secure Ltd.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 a1ptcvqu; C:\Windows\System32\Drivers\a1ptcvqu.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
R3 xspirit; \??\C:\Windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-02 23:54 - 2015-06-02 23:55 - 00022010 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-06-02 23:51 - 2015-06-02 23:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ahqrh.sys
2015-06-02 23:29 - 2015-06-02 23:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 23:28 - 2015-06-02 23:28 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 23:28 - 2015-06-02 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 23:28 - 2015-06-02 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 23:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 23:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-02 20:21 - 2015-06-02 20:21 - 00411523 _____ () C:\Users\Admin\Downloads\WinToFlash_downloader_by_WinToFlash.exe
2015-06-02 18:20 - 2015-06-02 18:35 - 00000000 ____D () C:\Users\Admin\Desktop\aoa110
2015-06-02 00:24 - 2015-06-02 00:24 - 00028335 _____ () C:\ComboFix.txt
2015-06-01 23:30 - 2015-06-02 00:25 - 00000000 ____D () C:\Qoobox
2015-06-01 23:30 - 2015-06-02 00:16 - 00000000 ____D () C:\Windows\erdnt
2015-06-01 23:30 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-06-01 23:30 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-06-01 23:30 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-01 23:30 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-01 23:30 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-01 23:30 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-06-01 23:30 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-06-01 23:30 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-06-01 23:29 - 2015-06-01 23:29 - 05628238 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-06-01 23:29 - 2015-06-01 23:29 - 05628238 _____ (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2015-06-01 23:23 - 2015-06-01 23:23 - 00052755 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-06-01 23:23 - 2015-06-01 23:23 - 00036961 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-06-01 14:35 - 2015-06-02 23:54 - 00000000 ____D () C:\FRST
2015-06-01 14:34 - 2015-06-01 14:34 - 02108928 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-05-31 18:57 - 2015-03-04 02:47 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-05-31 18:57 - 2015-02-05 08:24 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-05-31 18:48 - 2015-05-31 18:49 - 22328752 _____ (Razer Inc.) C:\Users\Admin\Downloads\Razer_Synapse_Framework_v1.18.19.25502.exe
2015-05-31 16:46 - 2015-05-31 18:03 - 00000000 ____D () C:\Users\Admin\Downloads\www.TamilRockers.com - India Pakistan [2015] Tamil 720p HDRip AC3 x264 1.4GB ESubs
2015-05-29 21:49 - 2015-05-29 21:49 - 00000000 ____D () C:\ProgramData\RzSurroundVAD_1.1.60.0
2015-05-29 15:16 - 2015-05-29 15:16 - 00007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-05-28 22:13 - 2015-06-02 23:51 - 00000000 ____D () C:\Users\Admin\Desktop\hack
2015-05-28 21:45 - 2015-05-28 21:46 - 00157163 _____ () C:\Users\Admin\Downloads\bypass.rar
2015-05-25 14:17 - 2015-05-25 16:11 - 00000000 ____D () C:\Users\Admin\Desktop\Sejarah ppr3
2015-05-21 15:21 - 2015-05-21 15:21 - 02347384 ___SH (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe 
2015-05-21 15:16 - 2015-05-21 15:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-21 14:51 - 2015-05-21 15:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Solvusoft
2015-05-21 14:51 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-05-17 18:04 - 2015-06-02 18:04 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978.job
2015-05-17 18:04 - 2015-06-02 02:00 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435.job
2015-05-17 18:04 - 2015-05-31 18:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-17 18:04 - 2015-05-17 18:04 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435
2015-05-17 18:04 - 2015-05-17 18:04 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978
2015-05-17 18:04 - 2015-05-17 18:04 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-16 16:58 - 2015-05-16 17:09 - 00000000 ____D () C:\Program Files\D3D Overrider
2015-05-16 16:55 - 2015-05-16 16:55 - 02856129 _____ () C:\Users\Admin\Downloads\D3D Overrider v2.4.zip
2015-05-15 20:31 - 2015-05-01 13:55 - 00000000 ____D () C:\Users\Admin\Documents\WWE2K15
2015-05-15 19:06 - 2015-05-15 19:06 - 00000837 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-05-15 19:06 - 2015-05-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-05-11 14:30 - 2015-06-02 23:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Windows Live
2015-05-09 18:22 - 2015-05-09 18:22 - 03659546 _____ () C:\Users\Admin\Downloads\PERAK sej spm 2011.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-02 23:30 - 2013-08-28 19:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 23:28 - 2013-11-18 13:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-02 23:28 - 2013-08-28 18:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-06-02 23:28 - 2013-08-28 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 23:21 - 2013-08-28 20:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 20:27 - 2009-07-14 13:13 - 00780868 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-02 19:10 - 2009-07-14 12:45 - 00020912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 19:10 - 2009-07-14 12:45 - 00020912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 18:55 - 2014-06-05 22:51 - 00001017 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2015-06-02 18:55 - 2014-06-05 22:51 - 00000000 ___RD () C:\Users\Admin\Dropbox
2015-06-02 18:55 - 2014-06-05 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-02 18:55 - 2014-06-05 22:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2015-06-02 10:30 - 2013-08-28 18:12 - 01470504 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 10:27 - 2014-12-06 16:19 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-06-02 10:26 - 2015-02-24 13:17 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Admin
2015-06-02 10:26 - 2013-09-23 16:14 - 00690660 _____ () C:\Windows\PFRO.log
2015-06-02 10:26 - 2013-09-22 18:08 - 00239925 _____ () C:\Windows\setupact.log
2015-06-02 10:26 - 2013-08-28 19:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 10:26 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 00:25 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2015-06-01 23:56 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2015-06-01 14:34 - 2013-08-28 18:58 - 00058008 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-01 14:30 - 2009-07-14 12:45 - 00292480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-31 19:59 - 2013-09-01 19:17 - 00000000 ____D () C:\Users\Admin\Documents\Bandicam
2015-05-31 18:57 - 2013-08-30 09:43 - 00000000 ____D () C:\ProgramData\Razer
2015-05-31 18:57 - 2013-08-30 09:43 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-31 18:56 - 2014-10-09 15:10 - 00178036 _____ () C:\Windows\DPINST.LOG
2015-05-31 18:50 - 2013-08-30 09:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Razer
2015-05-31 18:49 - 2013-08-30 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-05-31 18:31 - 2013-09-20 16:09 - 00000000 ____D () C:\Users\Admin\Documents\Ubisoft
2015-05-31 18:31 - 2013-09-19 21:35 - 00000000 ____D () C:\ProgramData\Orbit
2015-05-31 18:31 - 2013-09-19 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-31 18:31 - 2013-09-19 13:37 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-05-31 18:02 - 2015-01-31 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-05-31 18:01 - 2013-08-28 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-05-29 00:14 - 2014-08-02 18:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GarenaPlus
2015-05-29 00:14 - 2014-08-02 18:21 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-05-28 22:10 - 2014-08-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-05-26 15:33 - 2013-08-28 19:20 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 16:43 - 2013-09-12 18:18 - 00000000 ____D () C:\ProgramData\Origin
2015-05-22 16:42 - 2013-12-01 12:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-05-21 17:53 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2015-05-21 17:48 - 2014-09-30 12:42 - 00000000 ____D () C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC
2015-05-21 17:48 - 2014-05-22 17:47 - 00000000 ____D () C:\Program Files (x86)\DreadOut
2015-05-21 17:48 - 2014-05-05 23:15 - 00000000 ____D () C:\Users\Admin\Desktop\ADMIN
2015-05-21 15:25 - 2014-05-21 22:36 - 00000000 ____D () C:\Users\Admin\Downloads\Games
2015-05-21 14:44 - 2013-08-28 19:11 - 00003376 _____ () C:\Windows\System32\Tasks\svchost
2015-05-19 16:45 - 2013-12-01 11:54 - 00000000 ____D () C:\Users\Admin\Documents\FIFA 14
2015-05-17 17:52 - 2013-11-23 15:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Sony Corporation
2015-05-17 17:52 - 2013-09-19 14:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Battlefield 3
2015-05-17 17:52 - 2013-08-28 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Intel Corporation
2015-05-17 17:52 - 2013-08-28 18:29 - 00000000 ____D () C:\Dolby PCEE4
2015-05-17 14:12 - 2014-07-10 13:16 - 00000000 ____D () C:\Windows\pss
2015-05-17 01:25 - 2013-08-28 19:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 01:25 - 2013-08-28 19:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:06 - 2013-08-28 18:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache
2015-05-15 19:06 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-09 19:02 - 2013-08-28 19:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-03 13:18 - 2013-09-19 21:35 - 00000000 ____D () C:\Users\Admin\Documents\My Games
 
==================== Files in the root of some directories =======
 
2014-07-20 18:25 - 2014-08-24 22:01 - 0003926 _____ () C:\Users\Admin\AppData\Roaming\LTspiceIV.ini
2015-02-24 13:39 - 2015-02-24 13:39 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2015-05-29 15:16 - 2015-05-29 15:16 - 0007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\b888d06b5435ff80031938c63a3055dc.dll
C:\Users\Admin\AppData\Local\Temp\d54838cb34aeb4235def26b3eefe6cea.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclhibj.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-25 14:55
 
==================== End of log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Admin at 2015-06-02 23:55:45
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-3404214420-3708113027-270737100-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3404214420-3708113027-270737100-500 - Administrator - Disabled)
Guest (S-1-5-21-3404214420-3708113027-270737100-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3404214420-3708113027-270737100-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Outlast" (HKLM-x32\...\{F5489388-87F5-42D3-B8C7-598F32FB2260}_is1) (Version: 1.0.12046.0 (Update 8) - )
"Pro Evolution Soccer 2014" (HKLM-x32\...\{5F2F346D-43FA-47A4-97E4-1019BCE7AF45}_is1) (Version: 1.12.0.0 - )
µTorrent (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3 (HKLM-x32\...\Battlefield 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, DANTE2050)
Bioshock Infinite (HKLM-x32\...\Bioshock Infinite_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.6.0 - Conexant)
Counter-Strike Global Offensive [No-Steam] (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.33.0.0 - Valve Software)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.3.0.0359 - Disc Soft Ltd)
DMC Devi May Cry © Capcom version 1 (HKLM-x32\...\DMC Devi May Cry © Capcom_is1) (Version: 1 - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DreadOut (HKLM-x32\...\DreadOut_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.221 - Garena Online Pte Ltd.)
Garena - FIFA ONLINE 3(English) (HKLM-x32\...\FO3) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Gone Home (HKLM-x32\...\GoneHome) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grid 2 version 5.1 (HKLM-x32\...\{432CF492-2A3C-4F96-821A-E102B6F18F07}_is1) (Version: 5.1 - Black_Box)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MKVToolNix 7.6.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.6.0 - Moritz Bunkus)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\MyFreeCodec) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.7 - Razer USA Ltd)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM-x32\...\{B2A302E7-8FA4-4585-AB7F-12C4DEBC0D32}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Thief (HKLM-x32\...\Thief_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Unity Web Player (HKU\S-1-5-21-3404214420-3708113027-270737100-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3404214420-3708113027-270737100-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
21-05-2015 15:11:41 WinThruster Thu, May 21, 15  15:11
28-05-2015 17:05:59 Scheduled Checkpoint
31-05-2015 18:45:35 Removed Razer Synapse 2.0.
31-05-2015 18:49:23 Installed Razer Synapse.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-06-01 23:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF709F0-5AF7-4569-869E-686DBDAE2747} - System32\Tasks\{535E9E2F-06D3-4EC9-A4DB-6ABFA3778B82} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {1F443C1D-1469-4663-B01E-3595D5761F01} - System32\Tasks\{F64C086F-2FF4-4BE8-930F-4DF72937B104} => pcalua.exe -a "C:\Computer\Games\Amnesia - The Dark Descent\Amnesia.exe" -d "C:\Computer\Games\Amnesia - The Dark Descent"
Task: {6903C043-3B46-47FC-8C5D-89104A09FAA3} - No Task path could be read. Access Denied. 
Task: {6FFD6411-CDBA-4495-896A-03691A420965} - System32\Tasks\{909A43C5-3C6F-4237-A7E8-D0FE8CDFA95B} => pcalua.exe -a C:\Users\Admin\Desktop\SuddenAttackSEA_v43.00.exe -d C:\Users\Admin\Desktop
Task: {73E6226F-B6B8-4509-95F8-0AEE7A0BCED2} - System32\Tasks\{683E3FD5-9B01-42BA-954D-B72E0931372A} => pcalua.exe -a C:\Users\Admin\Downloads\Programs\bitdefender_tsecurity.exe -d C:\Users\Admin\Downloads\Programs
Task: {75A16BC1-3619-4AE6-9F0B-E6F73891985D} - System32\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {75CF2CC8-CFAA-4993-993B-199CC7DB2018} - System32\Tasks\{AB8942D7-37CA-4A4F-9060-F4311545163D} => pcalua.exe -a C:\Users\Admin\Downloads\SUPERAntiSpyware.exe -d C:\Users\Admin\Downloads
Task: {777CA51F-3E80-420D-B079-9879A2D28710} - System32\Tasks\{916A96C7-7348-4179-B3B8-DBACDBA053EE} => pcalua.exe -a "C:\Computer\Games\Dead Island Riptide\DeadIslandGame_x86_rwdi.exe" -d "C:\Computer\Games\Dead Island Riptide"
Task: {894DCFEC-1A3A-4E55-9C55-AA6116F374E2} - System32\Tasks\{ED1FE6B1-3492-4B07-A8AA-E8865026457E} => pcalua.exe -a "C:\Computer\Games\Football Manager 2014 PC game ^^nosTEAM^^\Football Manager 2014\fm.exe" -d "C:\Computer\Games\Football Manager 2014 PC game ^^nosTEAM^^\Football Manager 2014"
Task: {8A25BC2E-3EC7-4E22-B7CE-518A6BE96D5F} - System32\Tasks\gg_uac_daemon_Admin => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {917C926D-51AA-4C67-A069-3983CDC62FED} - System32\Tasks\{BE37C2E8-14C5-4125-A07A-253D82AB6586} => pcalua.exe -a C:\Users\Admin\Downloads\Programs\devcpp-4.9.9.2_setup.exe -d C:\Users\Admin\AppData\Roaming\IDM
Task: {95D55A7B-53BB-447B-964C-B8E22A00691D} - System32\Tasks\svchost => c:\windows\resources\svchost.exe
Task: {98F6F731-7495-4BD4-8732-4098A336D07D} - System32\Tasks\{F1BBC9C1-600D-4F97-BB21-8E0A9FF328FE} => pcalua.exe -a "C:\Computer\Games\Tomb Raider\TombRaider.exe" -d "C:\Computer\Games\Tomb Raider"
Task: {A3161AFB-1C09-42D4-80EB-EBC16A56BE9F} - System32\Tasks\{088EE017-1BE6-4E70-A853-A85F28E0D365} => pcalua.exe -a C:\Computer\Games\PlayFPS\SuddenAttackSEA\launcher.exe.exe -d C:\Computer\Games\PlayFPS\SuddenAttackSEA
Task: {A394397C-3381-4B77-B8EB-A1EC5B8B6695} - System32\Tasks\{8F1FE83E-DD47-4247-9D89-E442C224B9EB} => pcalua.exe -a "F:\IDM V.15 - All Activator.exe" -d F:\
Task: {B407B452-DE8C-44E0-962F-C65DFA5DC343} - System32\Tasks\{7F98132A-6788-4BED-8E17-71D6AE2BB7E9} => pcalua.exe -a "C:\Computer\Games\Need for Speed Most Wanted\NFS13.exe" -d "C:\Computer\Games\Need for Speed Most Wanted"
Task: {CC8D3FE3-9192-4959-BA46-A983DC7409CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)
Task: {E06E478C-E037-4426-A056-0E38DDD20540} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {E6BBA330-774F-4583-89E3-C201C787B29E} - System32\Tasks\{92DD7DBC-C7F4-40F3-96E8-5D82D6866A45} => pcalua.exe -a "C:\Computer\Games\FarCry 3\bin\Far Cry 3.exe" -d "C:\Computer\Games\FarCry 3\bin"
Task: {E77409EA-9C72-4561-B0A1-450C54CD9AEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E8DFB250-E735-4085-8034-DA8CD1216395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)
Task: {E90A38AA-336E-4316-A272-D73B86628D10} - System32\Tasks\{AABC8C13-466D-4B26-9A11-FD13236F42EE} => pcalua.exe -a H:\BitDefender\BD2013.TR.Setup-BBs.exe -d H:\BitDefender
Task: {E9EA6BFA-4927-4C04-A45C-120C1BAEA779} - System32\Tasks\{610DB50C-84A3-4D39-B786-2D9B183B1822} => pcalua.exe -a "C:\Computer\Games\SuddenAttackSEA\launcher (2).exe" -d C:\Computer\Games\SuddenAttackSEA
Task: {EA85E55C-158D-4387-8A26-5E8BEC2BC604} - System32\Tasks\{B89C11A2-1FF4-49EA-9791-2AD7F461A7C2} => pcalua.exe -a C:\Computer\Games\Bully\Bully.exe -d C:\Computer\Games\Bully
Task: {EAC28732-3764-45E3-9DAC-FC98E22E5684} - System32\Tasks\{B1EF0B41-519C-4744-8960-0004DE3706BC} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {EF1CE842-CE70-4D65-9BE2-51676728F0CB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-30] (Microsoft Corporation)
Task: {F1BDEFCF-0C7C-4A72-A67F-FE60331EE85B} - System32\Tasks\{16CAED7A-FD55-46DE-880F-39EE446A47F0} => pcalua.exe -a C:\Users\Admin\Desktop\bitdefender_ts_2013_32b.exe -d C:\Users\Admin\Desktop
Task: {FD9AA149-B37E-4D8F-A3E1-5409A202FB5F} - System32\Tasks\{2020C05A-2BDD-4C7F-A7EF-0A4EB7FA7580} => pcalua.exe -a "C:\Computer\Games\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe" -d "C:\Computer\Games\Euro Truck Simulator 2\bin\win_x86"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6292e8f3-4a16-406d-bb9a-3910fa932978.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a37e416e-aa41-4d22-ae7f-0797536cb435.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-10 16:40 - 2014-09-14 05:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-08-30 09:43 - 2012-08-01 15:44 - 00139024 ____N () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll
2013-08-28 18:51 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-11 11:52 - 2015-01-20 20:20 - 00055896 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-05-16 16:07 - 2014-05-16 16:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 08:24 - 2015-02-05 08:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-11 11:52 - 2015-04-20 19:07 - 00865728 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-10-10 16:34 - 2014-09-14 07:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-30 19:24 - 2013-08-30 19:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\366e6aec83b27f8d600a297163bfe9d0\IsdiInterop.ni.dll
2013-08-28 18:28 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-06-02 18:55 - 2015-06-02 18:55 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclhibj.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00750080 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00047616 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00865280 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00200704 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-26 15:33 - 2015-05-23 04:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 15:33 - 2015-05-23 04:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3404214420-3708113027-270737100-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Djnknn => C:\Users\Admin\AppData\Roaming\Djnknn.scr
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Keyboard Inf. => C:\Users\Admin\AppData\Roaming\Media Center Programs\ndsm.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{255C396F-AA01-4028-9CD5-A9037022CBF7}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D800DE01-2F19-45A4-9883-26E790679B3E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E65E268C-C525-49CF-8A2B-1C1BF4051E95}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ACB552AF-1169-46DE-9FF2-08C6D2A14D3B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0E9015D1-3879-4FCB-8367-3FEB1491C76D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8AACD3A4-2806-4313-B76B-BDE6DF82972B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{7F5389F5-213A-4C8E-B294-03AF775ACDDE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{9DC27299-ACA3-48F6-B7AA-09C9B07B39AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14381F15-ABD5-4AF5-9961-BFF0A921492B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17AB1058-55C7-413D-BCA1-31C77308B608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{06839C0D-19C5-47F0-9846-9F040E125166}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B211D493-1C1A-4A44-BF43-230C0CBCF166}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{79A3CBF5-AABA-43AA-8183-B2A2A4C0F4DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{505193B5-A5B7-4318-8AFD-36F16CE7D25D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{29A76DCB-EF34-42EE-8254-606BF26D69DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F015FD6C-B702-4AAC-8237-5C335E749CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9768F5DE-A6F7-40E6-80F4-0C0BBBFBA31B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3FF70534-8546-4E37-A214-0E8C985DCCC5}C:\computer\games\fifa 13\game\fifa13.exe ] => (Allow) C:\computer\games\fifa 13\game\fifa13.exe 
FirewallRules: [UDP Query User{B42B933F-9A7B-4549-BCFD-5B8EC677A7E7}C:\computer\games\fifa 13\game\fifa13.exe ] => (Allow) C:\computer\games\fifa 13\game\fifa13.exe 
FirewallRules: [{B6101DE3-C149-4184-A13B-A2608A7D5645}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{C45CFE6C-4A84-4CC9-BE7F-14C3633FF3AA}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{6110F808-3E84-4FE5-95FF-BF8E760B4B51}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{89690CBD-BF67-424D-9A2C-2946CAEF1D13}] => (Allow) C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\launcher.exe
FirewallRules: [{B4D45097-186E-47D8-AE22-C6EE4EDF6712}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe 
FirewallRules: [{545643F5-7104-4874-B851-678F8A0F686B}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe 
FirewallRules: [{6D4B253E-30E0-4B1B-A084-DB4539C1A3C3}] => (Allow) G:\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{547237DA-D290-468F-84B2-4107807139C1}] => (Allow) G:\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{B261D710-A18D-4CDB-8BD3-150F799F4056}] => (Allow) C:\Users\Admin\Desktop\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{495092B1-CA83-4F67-8BB7-71718BF2BA59}] => (Allow) C:\Users\Admin\Desktop\SuddenAttackSEA\suddenattack.exe
FirewallRules: [{F85C4E01-8ADC-4EB3-8444-1CB754D27ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{298588B3-7E6C-4912-9B3D-75B69773D73F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{3F184828-CE6B-4576-A3C5-756DE8253261}C:\computer\games\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\computer\games\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{7A409D16-0560-43DD-95D5-BC10F89C7B54}C:\computer\games\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\computer\games\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [TCP Query User{32496A99-07D8-4ADD-85A8-8D0B261EAEF3}C:\computer\games\farcry 3\bin\farcry3.exe ] => (Allow) C:\computer\games\farcry 3\bin\farcry3.exe 
FirewallRules: [UDP Query User{DF0BA026-D47A-4CBE-938A-AA8F5BC860EE}C:\computer\games\farcry 3\bin\farcry3.exe ] => (Allow) C:\computer\games\farcry 3\bin\farcry3.exe 
FirewallRules: [TCP Query User{1421A0E0-BB58-478C-8771-7687A066DA9F}C:\computer\games\need for speed most wanted\nfs13.exe ] => (Allow) C:\computer\games\need for speed most wanted\nfs13.exe 
FirewallRules: [UDP Query User{4E3630BE-E82E-471C-84BD-CFB69808B2EB}C:\computer\games\need for speed most wanted\nfs13.exe ] => (Allow) C:\computer\games\need for speed most wanted\nfs13.exe 
FirewallRules: [TCP Query User{8EC60E0B-393E-40AD-B4C9-8C8EF44C43C9}C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe] => (Block) C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe
FirewallRules: [UDP Query User{A8BDD5DE-FC47-49D1-9606-1C5CFC03271C}C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe] => (Block) C:\program files (x86)\r.g. mechanics\splinter cell - blacklist\src\system\blacklist_game.exe
FirewallRules: [{60CB332A-4354-4A4B-862D-2B69926A5476}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C0800C37-E954-4948-967A-F8E44F72364F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FAC6E5D1-DD93-41CF-88D5-DE56DACFD5E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6238503F-A571-4E1B-B050-FEFEC037770F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4B82BD4D-919B-472D-B7A8-376D75E0EF56}C:\computer\games\resident evil 6\bh6.exe ] => (Block) C:\computer\games\resident evil 6\bh6.exe 
FirewallRules: [UDP Query User{C01CDC4E-E6DC-4607-98E6-8324CEFD71D3}C:\computer\games\resident evil 6\bh6.exe ] => (Block) C:\computer\games\resident evil 6\bh6.exe 
FirewallRules: [TCP Query User{84DD115D-FAF9-4E8A-9F04-80E25102F7B4}C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe ] => (Block) C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe 
FirewallRules: [UDP Query User{024AB133-079B-401A-931E-6B23190D4029}C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe ] => (Block) C:\computer\games\dead island riptide\deadislandgame_x86_rwdi.exe 
FirewallRules: [{C796221B-17FB-4F1B-A447-C7CFD500AD82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0ECC9571-2B5B-4F3C-8663-ACFA755FC854}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33C286E6-F1B2-42A4-8387-D113335872D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0D5344E9-3807-4D7E-90C0-D890479A5E05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A08407F-6AE1-46C5-9DDD-00C8B18E56FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F4228D2-FB98-4917-AD7D-64F1BDB40017}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1684E388-B317-47B5-98E5-42CBD667AB08}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [UDP Query User{082D44A8-F937-4967-8D50-2B20C070D83E}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [{7BD031C2-06EB-42CE-8053-33DE38275037}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{607AF456-16C9-4B79-BC07-21CC4CDCF835}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F5C2C1B4-F620-4CA8-BA84-9E9540966B7A}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{D1ACEE25-3B57-4E79-AAA8-2E0AD6263C92}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{3C5B58DF-E568-4429-B1AA-55C779A71DAF}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{FC2483FE-BD2C-4468-9382-1DA8A5558770}] => (Allow) C:\Program Files (x86)\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{71568B6F-219E-4106-B45F-186D39F56D20}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56457D32-968C-4CFC-BA36-DFB68DC5CDEE}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83BB3A1E-5081-415F-84F9-02A7A258CD77}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCAAA9F5-A611-4948-920B-AA7928CEDC90}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A653947B-2878-4DB3-98F2-C2904D71F3E7}] => (Allow) C:\Program Files (x86)\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{E733854B-9680-4B34-B53D-DA155295FE94}] => (Allow) C:\Program Files (x86)\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{03976781-81A7-46FE-B253-C9755662931D}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{7579087F-F36C-4E52-AD58-9C861D75B202}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{4771E927-1E05-4D48-9199-17D37F40B6F0}] => (Allow) C:\Users\Admin\Downloads\Programs\fo3Installer.exe
FirewallRules: [{DA474041-CF13-4F85-B648-CF7B6FFBEDF8}] => (Allow) C:\Users\Admin\Downloads\Programs\fo3Installer.exe
FirewallRules: [{63951C5F-A488-4899-ACD9-389F1C31D261}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{48CC4199-B940-4BE8-A9E5-6377DADBAFEB}] => (Allow) C:\Program Files (x86)\GarenaFO3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{5732097D-7347-4796-B1CB-1EA257EFC7AC}] => (Allow) C:\Program Files (x86)\GarenaFO3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{EE5E9BB3-E961-4EA7-BA52-365EBC6F3053}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F837618-EC13-4349-9948-5D25EAE6FC38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{015347F4-8EF1-4A9F-B204-961899C1AB02}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{2B0FB6D3-31DA-4D35-BC35-B4BD19374B6C}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{DAEA1918-0BEF-4B1D-9CE7-7A1A7C5850DC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{8EDB04AA-4C27-419D-BAF3-6A19ADA4063D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{9449CE90-ABE7-45AF-88C9-72B874BA74A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{45332C27-6FB1-4306-9301-7C14E2EA5BAB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{538F6473-A79C-4D05-B816-103D38B4C3D5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{704FD8C4-A803-4C7A-8BCF-015C88315602}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D7A581AE-2769-4A0B-8687-45E779DDDF8D}] => (Allow) C:\Users\Admin\Downloads\Programs\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{16EBE7FF-84C1-4FB7-8868-83A818EB6E4F}] => (Allow) C:\Users\Admin\Downloads\Programs\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{B3ECC359-66BA-4068-83F7-EFEE95AE1943}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{1FF87F83-AAAB-4D31-BCED-7C37E4D7B85C}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe
FirewallRules: [{97BABD84-FA88-4E17-AAB1-49B2DAF11648}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe
FirewallRules: [{01744166-05DB-42AC-AFD7-DA930FA853CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02FDAC39-D545-413E-8455-8244439A1AF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07ED26B1-ADCB-40FC-ADF4-8FCF820FE807}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B2D3FD7-1F3C-4068-B2DC-9FA8452DEC70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25C2C099-3F26-45CE-A361-250A258D1FC4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{171C9B07-BFCA-481D-B7DF-DAF4E0C1E413}] => (Allow) C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC\fifasetup\fifaconfig.exe
FirewallRules: [{7937DB76-6038-4BED-B9CC-39A6883D7386}] => (Allow) C:\Users\Admin\Desktop\FIFA 15-ULTIMATE TEAM EDITION-SC\fifasetup\fifaconfig.exe
FirewallRules: [{D7C754DF-BB23-4F6D-B155-77160A2C708A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2015 00:55:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/01/2015 06:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpopwfnqj.exe, version: 5.0.0.0, time stamp: 0x556c0060
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875df
Faulting process id: 0x216e4
Faulting application start time: 0xmpopwfnqj.exe0
Faulting application path: mpopwfnqj.exe1
Faulting module path: mpopwfnqj.exe2
Report Id: mpopwfnqj.exe3
 
Error: (06/01/2015 06:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ogxkcyipi.exe, version: 5.0.0.0, time stamp: 0x556c004e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875df
Faulting process id: 0x21188
Faulting application start time: 0xogxkcyipi.exe0
Faulting application path: ogxkcyipi.exe1
Faulting module path: ogxkcyipi.exe2
Report Id: ogxkcyipi.exe3
 
Error: (06/01/2015 06:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: djusbfdtf.exe, version: 5.0.0.0, time stamp: 0x556c004e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875df
Faulting process id: 0x203d8
Faulting application start time: 0xdjusbfdtf.exe0
Faulting application path: djusbfdtf.exe1
Faulting module path: djusbfdtf.exe2
Report Id: djusbfdtf.exe3
 
Error: (05/31/2015 07:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuddenAttack.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9c78
 
Start Time: 01d09b95064b0b96
 
Termination Time: 26
 
Application Path: C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe
 
Report Id: 51def70e-0788-11e5-9588-00ac6835924e
 
Error: (05/31/2015 07:23:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuddenAttack.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 95a0
 
Start Time: 01d09b943849a763
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe
 
Report Id: 86b352bb-0787-11e5-9588-00ac6835924e
 
Error: (05/31/2015 06:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Faulting module name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Exception code: 0xc0000005
Fault offset: 0x004208e7
Faulting process id: 0x10b68
Faulting application start time: 0xAI.exe0
Faulting application path: AI.exe1
Faulting module path: AI.exe2
Report Id: AI.exe3
 
Error: (05/31/2015 05:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AI.exe, version: 0.0.0.0, time stamp: 0x54254411
Faulting module name: nvwgf2um.dll, version: 9.18.13.4411, time stamp: 0x5414a277
Exception code: 0xc0000005
Fault offset: 0x0055105b
Faulting process id: 0xf27c
Faulting application start time: 0xAI.exe0
Faulting application path: AI.exe1
Faulting module path: AI.exe2
Report Id: AI.exe3
 
Error: (05/31/2015 02:09:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (05/31/2015 01:14:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gkfasglxe.exe, version: 6.0.6000.16384, time stamp: 0x55695bbc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001875bb
Faulting process id: 0x268f0
Faulting application start time: 0xgkfasglxe.exe0
Faulting application path: gkfasglxe.exe1
Faulting module path: gkfasglxe.exe2
Report Id: gkfasglxe.exe3
 
 
System errors:
=============
Error: (06/02/2015 09:31:39 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:31:31 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:31:22 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:31:14 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:31:05 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:30:34 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:30:26 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:30:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:30:09 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (06/02/2015 09:30:00 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
 
Microsoft Office:
=========================
Error: (06/02/2015 00:55:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/01/2015 06:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mpopwfnqj.exe5.0.0.0556c0060unknown0.0.0.000000000c0000005001875df216e401d09c5333fe2e66C:\Users\Admin\AppData\Local\Temp\mpopwfnqj.exeunknown7294901b-0846-11e5-ac8b-00ac6835924e
 
Error: (06/01/2015 06:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ogxkcyipi.exe5.0.0.0556c004eunknown0.0.0.000000000c0000005001875df2118801d09c52ebacb3a1C:\Users\Admin\AppData\Local\Temp\ogxkcyipi.exeunknown29dab50f-0846-11e5-ac8b-00ac6835924e
 
Error: (06/01/2015 06:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: djusbfdtf.exe5.0.0.0556c004eunknown0.0.0.000000000c0000005001875df203d801d09c5275d8c685C:\Users\Admin\AppData\Local\Temp\djusbfdtf.exeunknownb40a4a71-0845-11e5-ac8b-00ac6835924e
 
Error: (05/31/2015 07:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SuddenAttack.exe1.0.0.19c7801d09b95064b0b9626C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe51def70e-0788-11e5-9588-00ac6835924e
 
Error: (05/31/2015 07:23:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SuddenAttack.exe1.0.0.195a001d09b943849a7636C:\Program Files (x86)\PlayFPS\SuddenAttackSEA\SuddenAttack.exe86b352bb-0787-11e5-9588-00ac6835924e
 
Error: (05/31/2015 06:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AI.exe0.0.0.054254411AI.exe0.0.0.054254411c0000005004208e710b6801d09b87755d6c94C:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exeC:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exefa6e0ac2-077b-11e5-9870-00ac6835924e
 
Error: (05/31/2015 05:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AI.exe0.0.0.054254411nvwgf2um.dll9.18.13.44115414a277c00000050055105bf27c01d09b866922c6e3C:\Program Files (x86)\R.G. Mechanics\Alien Isolation\AI.exeC:\Windows\system32\nvwgf2um.dllf786f24d-0779-11e5-9870-00ac6835924e
 
Error: (05/31/2015 02:09:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/31/2015 01:14:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gkfasglxe.exe6.0.6000.1638455695bbcunknown0.0.0.000000000c0000005001875bb268f001d09b60b28fa99fC:\Users\Admin\AppData\Local\Temp\gkfasglxe.exeunknownf0b6f434-0753-11e5-9870-00ac6835924e
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-01 23:42:16.123
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-01 23:42:16.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 3947.86 MB
Available physical RAM: 1886.5 MB
Total Pagefile: 7893.86 MB
Available Pagefile: 5666.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.07 GB) (Free:98.47 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B10334E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================

Edited by jamesharden, 02 June 2015 - 11:02 AM.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 02 June 2015 - 11:06 AM

OK, next steps are:

 

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:

    Shopping Helper Smartbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:


settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.


esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 02 June 2015 - 11:23 AM

I have done step 1

 

But im having problem with step 2:

 

- i got run as admin

- i got put it at desktop

 

When i press scan it pops out like this 

 

Attached Files



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 02 June 2015 - 11:41 AM

OK, then skip step 2 and proceed with ESET.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 03 June 2015 - 12:28 AM

ESET Log : 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d64d63f435ed834a8e37384dad2dd38e
# end=init
# utc_time=2015-06-03 01:53:18
# local_time=2015-06-03 09:53:18 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=6.1.7600 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24143
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d64d63f435ed834a8e37384dad2dd38e
# end=updated
# utc_time=2015-06-03 01:58:50
# local_time=2015-06-03 09:58:50 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=6.1.7600 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d64d63f435ed834a8e37384dad2dd38e
# engine=24143
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-03 05:18:29
# local_time=2015-06-03 01:18:29 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 47274 184938559 0 0
# scanned=403563
# found=60
# cleaned=60
# scan_time=11979
sh=4DBD4EF8E407E65D9522120B13C0F8DC893C4F18 ft=1 fh=cf9e93c5c920be2d vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\BlackShot_GarenaPlus_Install_2_221.exe"
sh=2D1464586B74FAFAEF1D0B80CCACCF54DBA14A5F ft=1 fh=4027f3a95eb9c997 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Bully\Bully.exe"
sh=7690C42A4616ACE1C020BB491001719EF658A08C ft=1 fh=7b321a9b395d08d6 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Call of Duty 4 - Modern Warfare\iw3sp.exe"
sh=531031B51464A89A2E3426617E79808D6AE30F97 ft=1 fh=c937e5e7ad38a6ee vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Dead Island Riptide\DeadIslandGame_x86_rwdi.exe"
sh=1A0CB000F08A7D19E6C4D5F6666EBD8513BB420B ft=1 fh=a43ce111c2a2b8ce vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Dead Island Riptide\steam_api.dll"
sh=A0B7FD1BB185CD50020749369B269330394562DF ft=1 fh=e2c9a20aa69a8b75 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Dead Rising 2\deadrising2.exe"
sh=8FADB5DD969C1B143AD64EDD932EDA7FBFADDB88 ft=1 fh=95e812e0b40c365b vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Dead Rising 2\DR2Launcher.exe"
sh=7115B2C946BEF1B528A61DC213F38AA1722F5D55 ft=1 fh=b2a79cb2198a372c vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FarCry 3\bin\Far Cry 3.exe"
sh=58FD38AB5AABD919795B8912A83D0FA7CF36F4D1 ft=1 fh=6330627c6a9b2062 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FarCry 3\bin\farcry3.exe"
sh=BDF0AEB2981975F327C63B7C677A9FBE6D19C1ED ft=1 fh=7bbafe8ef3ce5823 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FarCry 3\bin\farcry3_d3d11.exe"
sh=5866D0032469AFAFC8F9A2EA9E6CEE0A9126D046 ft=1 fh=6817929de9d224a1 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FarCry 3\bin\FC3Editor.exe"
sh=46144A83F1BFDEB5FB986394CC59AB0EEF0E7A80 ft=1 fh=cd38872ab58d759b vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FarCry 3\bin\FC3Updater.exe"
sh=F897678C2FDB328D5BC22D457ED5147564B77AA2 ft=1 fh=3f6d7c6d1057523e vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FIFA 13\Game\fifa13 i68regenerator 3.0.1.exe"
sh=9F8C1EF71986B0B3C59CC2416BC55267D5262D21 ft=1 fh=12338c988a22b832 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FIFA 13\Game\fifa13.exe"
sh=19B8CA2365A8414B4EDC8A06170977F1DFD2EA2E ft=1 fh=ec4cfa85e2cd59d5 vn="Win32/HackTool.Crack.BA potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\FIFA 13\Game\rldea.dll"
sh=6D722B21D5B288A2D611E2D63EC7DA106FC2C5B9 ft=1 fh=c41a15228b0f26ee vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Grand Theft Auto IV\GTAIV.exe"
sh=9F5E0947A87080A185AE56397000B930F7F7FFF6 ft=1 fh=40e35cae4991dc96 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=9A7CE4B80711E280CD23C0FDCA060F21325256FE ft=1 fh=160c7edf63e15d2a vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Metro Last Light\Metro.exe"
sh=B25784380979F5CEF10EBFB789A33B3A250478FC ft=1 fh=b5444f5c3e6ccda3 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Metro Last Light\MetroLL.exe"
sh=3A49E46376EB536D8EEE29E9EF3D891A9D478A3E ft=1 fh=5dfb4f44c2a2b8ce vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Metro Last Light\steam_api.dll"
sh=C20B568FEB2B87D981B266E2FB53ADEAEB19A256 ft=1 fh=2f0895e397ad3b8e vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Need for Speed Most Wanted\NFS13.exe"
sh=6778102ADE9AB284BC3BA4CC6403CC63C1EBAC5F ft=1 fh=e722b031a726381c vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Computer\Games\Resident Evil 6\BH6.exe"
sh=1D0D99144D6BDCA57E66668BA6CA085B633F1423 ft=1 fh=748c615e6631e87e vn="a variant of Win32/Kryptik.DJMA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\c731200.vir"
sh=1D0D99144D6BDCA57E66668BA6CA085B633F1423 ft=1 fh=748c615e6631e87e vn="a variant of Win32/Kryptik.DJMA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\Vjnknf.exe.vir"
sh=1D0D99144D6BDCA57E66668BA6CA085B633F1423 ft=1 fh=748c615e6631e87e vn="a variant of Win32/Kryptik.DJMA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\WindowsUpdate\Updater.exe.vir"
sh=24B215E712FA745AC94D033EE7C5A556A5DF0DAB ft=1 fh=b6316f7961e71d88 vn="a variant of Win32/HackTool.Inject.D potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Desktop\hack\PerX.exe"
sh=5636C3C089B4ECB21B8A7C74288B3CAEFB1E48A5 ft=1 fh=171a82de0d69bd82 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Blur\Blur.exe"
sh=2D1464586B74FAFAEF1D0B80CCACCF54DBA14A5F ft=1 fh=4027f3a95eb9c997 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Bully\Bully.exe"
sh=7690C42A4616ACE1C020BB491001719EF658A08C ft=1 fh=7b321a9b395d08d6 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Call Of Duty 4\iw3sp.exe"
sh=531031B51464A89A2E3426617E79808D6AE30F97 ft=1 fh=c937e5e7ad38a6ee vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Dead island Riptile\DeadIslandGame_x86_rwdi.exe"
sh=1A0CB000F08A7D19E6C4D5F6666EBD8513BB420B ft=1 fh=a43ce111c2a2b8ce vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Dead island Riptile\steam_api.dll"
sh=A0B7FD1BB185CD50020749369B269330394562DF ft=1 fh=e2c9a20aa69a8b75 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Dead Rising 2\deadrising2.exe"
sh=8FADB5DD969C1B143AD64EDD932EDA7FBFADDB88 ft=1 fh=95e812e0b40c365b vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Dead Rising 2\DR2Launcher.exe"
sh=0BB7DAFB81C7F56A52FC9655F21EAAACC2E42671 ft=1 fh=a0c9f24c94e16ca8 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Euro Truck Simulator\eurotrucks2.exe"
sh=58FD38AB5AABD919795B8912A83D0FA7CF36F4D1 ft=1 fh=6330627c6a9b2062 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Far Cry 3\farcry3.exe"
sh=BDF0AEB2981975F327C63B7C677A9FBE6D19C1ED ft=1 fh=7bbafe8ef3ce5823 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Far Cry 3\farcry3_d3d11.exe"
sh=5866D0032469AFAFC8F9A2EA9E6CEE0A9126D046 ft=1 fh=6817929de9d224a1 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Far Cry 3\FC3Editor.exe"
sh=46144A83F1BFDEB5FB986394CC59AB0EEF0E7A80 ft=1 fh=cd38872ab58d759b vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Far Cry 3\FC3Updater.exe"
sh=9F8C1EF71986B0B3C59CC2416BC55267D5262D21 ft=1 fh=12338c988a22b832 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 13\fifa13.exe"
sh=19B8CA2365A8414B4EDC8A06170977F1DFD2EA2E ft=1 fh=ec4cfa85e2cd59d5 vn="Win32/HackTool.Crack.BA potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 13\rldea.dll"
sh=1466E942A3650CEE64EA4C8448B896BCBE2A9ABB ft=1 fh=f95fe0c63d8fa6e5 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\Fifa 14 Update 1+Crack fix-Skidrow\Crack only\fifa14-www.skidrowcrack.com.exe"
sh=77FCD35BAE79E84633F9BCFC859B0F487C44BC57 ft=1 fh=5d3a402efc9f9bab vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\patch.exe"
sh=C3C91EA17C261430EAB5BC198F158DAB3F64B3DB ft=1 fh=db38e20d35d8455c vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\update.exe"
sh=1F3C26C7A0E7D04111B85B6B32CD475484D0F416 ft=1 fh=15e5c16131401572 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\xdelta3.exe"
sh=1C5C36B2428314A0EF736FA9E5283A14110442AB ft=1 fh=e1e3de3ebf01fbb0 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\FIFA.14.Ultimate.Edition.v1.3.0.0.Update-CRACKED\Crack\fifa14-3dm.exe"
sh=F9E53C379BDB24F8F8CDE20AA3202DF53B31F9F4 ft=1 fh=f5d10a222a5f3976 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14\FIFA.14.Ultimate.Edition.v1.3.0.0.Update-CRACKED\Update\Game\fifa14.exe"
sh=FEEEC32049771626B58C99F2337F1FABD2F48822 ft=1 fh=8f130130c832d38f vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14 CRACK\fifa14-3dm.exe"
sh=3C2BD19D9E2A70F7B7AA42073C36D461C6FD2489 ft=1 fh=3212810cdcbe1590 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\FIFA 14 CRACK\fifa14.exe"
sh=6D722B21D5B288A2D611E2D63EC7DA106FC2C5B9 ft=1 fh=c41a15228b0f26ee vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\GTA IV Crack Only\GTAIV.exe"
sh=9F5E0947A87080A185AE56397000B930F7F7FFF6 ft=1 fh=40e35cae4991dc96 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\GTA IV Crack Only\LaunchGTAIV.exe"
sh=9A7CE4B80711E280CD23C0FDCA060F21325256FE ft=1 fh=160c7edf63e15d2a vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Metro Last Light\Metro.exe"
sh=B25784380979F5CEF10EBFB789A33B3A250478FC ft=1 fh=b5444f5c3e6ccda3 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Metro Last Light\MetroLL.exe"
sh=C20B568FEB2B87D981B266E2FB53ADEAEB19A256 ft=1 fh=2f0895e397ad3b8e vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Need for Speed Most Wanted\NFS13.exe"
sh=6778102ADE9AB284BC3BA4CC6403CC63C1EBAC5F ft=1 fh=e722b031a726381c vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\CRACKS\Resident Evil 6 - Full Crack - Saves OK\BH6.exe"
sh=980BCB083389F8C8A39B6DF873918EC232BE74C4 ft=1 fh=ec162829b5a6fae2 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\FIFA 14 PC game ^^nosTEAM^^\FIFA 14 nosTEAM.part1.exe,"
sh=1466E942A3650CEE64EA4C8448B896BCBE2A9ABB ft=1 fh=f95fe0c63d8fa6e5 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\FIFA 14 PC game ^^nosTEAM^^\Fifa 14 Update 1+Crack fix-Skidrow\Crack only\fifa14-www.skidrowcrack.com.exe"
sh=77FCD35BAE79E84633F9BCFC859B0F487C44BC57 ft=1 fh=5d3a402efc9f9bab vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\FIFA 14 PC game ^^nosTEAM^^\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\patch.exe"
sh=C3C91EA17C261430EAB5BC198F158DAB3F64B3DB ft=1 fh=db38e20d35d8455c vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\FIFA 14 PC game ^^nosTEAM^^\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\update.exe"
sh=1F3C26C7A0E7D04111B85B6B32CD475484D0F416 ft=1 fh=15e5c16131401572 vn="a variant of Win32/TrojanDownloader.VB.QCC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Admin\Downloads\Games\FIFA 14 PC game ^^nosTEAM^^\Fifa 14 Update 1+Crack fix-Skidrow\FIFA.14.Update.1-www.skidrowcrack.com\xdelta3.exe"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="a variant of Win64/Systweak.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\roboot64.exe"


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 03 June 2015 - 02:31 AM

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:14 AM

Posted 08 June 2015 - 02:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users