Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disc D Corrupt and black screen on shut down or switching windowed mode


  • This topic is locked This topic is locked
42 replies to this topic

#1 CERBERUSCLH

CERBERUSCLH

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 11 July 2015 - 02:38 PM

Hello, I'm not sure if I got rid of my malwares. Here is my previous topic in another forum, where a member told me I need to post it here instead http://www.bleepingcomputer.com/forums/t/582505/disc-d-corrupt-and-black-screen-on-shut-down-or-switching-windowed-mode/page-2#entry3758223 . The Disc D is Corrupt stopped appearing after I ran CHKDSK, and I'm not experienced with this error so I don't know what it even means that it's corrupt, it works perfectly fine if it's mean to not work, I also tryed playing games. The last thing I did is scan my computer with Emisoft and there was around 20 viruses, I qarantined them all except one which was a false-positive ( Even checked on virus scan website ( I think it's virustotal ) it was voted as false-positive by other people. ) So I'm not sure if I don't have any malwares anymore

 

I'm not really experienced with posting on this site so I think I need to post FRST scan results here.

 

FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015

Ran by korisnik (administrator) on PC2-PC on 11-07-2015 21:28:56
Running from C:\Users\korisnik\Desktop\FRST
Loaded Profiles: korisnik (Available Profiles: korisnik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Yandex Browser)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Windows\System32\PnkBstrA.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
() C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\41.0.2272.3716\crash_service.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [91432 2008-06-27] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3174800 2015-07-08] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Five Nights at Freddys Full Game PC Downloader.lnk [2015-01-27]
ShortcutTarget: Five Nights at Freddys Full Game PC Downloader.lnk -> C:\ProgramData\{80bce373-71ea-13ba-80bc-ce37371e8dcd}\Five Nights at Freddys Full Game PC Downloader.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1227359831-991995275-1298296250-1000] => 223.252.33.217:80
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={EBAD6612-4A25-4ED5-9FC3-408808A35266}&mid=ca5eb6d7397147d29f4895c31dbd9c25-f9582b285072b69f743d6ea025a355df28b8495e&lang=sr&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-09-04 10:58:40&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1227359831-991995275-1298296250-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EBAD6612-4A25-4ED5-9FC3-408808A35266}&mid=ca5eb6d7397147d29f4895c31dbd9c25-f9582b285072b69f743d6ea025a355df28b8495e&lang=sr&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-09-04 10:58:40&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-22] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{850A88E3-A86C-4637-8DA1-D70F4208A726}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{C628860C-ED14-4238-91A7-B9F84E9FA66D}: [DhcpNameServer] 7.254.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-10] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-10] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-26] (Pando Networks)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\korisnik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-26] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-08]
FF Extension: Adblock Plus - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF Extension: Greasemonkey - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-02]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.rs/
CHR StartupUrls: Default -> "hxxp://www.google.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-23]
CHR Extension: (Google Drive) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-23]
CHR Extension: (YouTube) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-23]
CHR Extension: (Google Search) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-23]
CHR Extension: (AdBlock) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-10]
CHR Extension: (Hola Better Internet) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-15]
CHR Extension: (Ghostery) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-25] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-15] (Echobit LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-28] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-02-25] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1874320 2015-07-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-08] ()
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-01] (Disc Soft Ltd)
R4 epp64; C:\Program Files\EEK\bin\epp64.sys [136456 2015-07-11] (Emsisoft GmbH)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-13] (Echobit, LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-06-27] (Cyberlink Corp.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 21:28 - 2015-07-11 21:28 - 00000000 ____D C:\FRST
2015-07-11 21:27 - 2015-07-11 21:28 - 00000000 ____D C:\Users\korisnik\Desktop\FRST
2015-07-11 18:50 - 2015-07-11 18:51 - 00000000 ____D C:\Program Files\EEK
2015-07-11 18:50 - 2015-07-11 18:50 - 00000949 _____ C:\Users\korisnik\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-11 18:49 - 2015-07-11 18:49 - 00000000 ____D C:\Users\korisnik\Desktop\emisoft
2015-07-11 17:58 - 2015-07-11 17:58 - 00000000 ___RD C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-07-11 17:36 - 2015-07-11 17:38 - 00000000 ____D C:\Users\korisnik\Desktop\tdsskiller
2015-07-11 17:35 - 2015-07-11 17:35 - 04176437 _____ C:\Users\korisnik\Desktop\tdsskiller.zip
2015-07-11 17:29 - 2015-07-11 17:36 - 00000000 ____D C:\Users\korisnik\Desktop\speccy
2015-07-11 17:29 - 2015-07-11 17:29 - 05269617 _____ C:\Users\korisnik\Desktop\spsetup126.zip
2015-07-11 17:26 - 2015-07-11 17:26 - 00051160 _____ C:\Users\korisnik\Desktop\CheckResults.txt
2015-07-11 16:44 - 2015-07-11 16:44 - 01682416 _____ (Malwarebytes Corporation) C:\Users\korisnik\Desktop\mbam-check-2.1.1.1001.exe
2015-07-11 16:11 - 2015-07-11 16:12 - 00000000 ____D C:\Users\korisnik\Desktop\eu4 mods
2015-07-10 20:55 - 2015-07-10 20:55 - 00000011 _____ C:\Users\korisnik\Desktop\paypalpass.txt
2015-07-10 19:34 - 2015-07-10 19:34 - 00000817 _____ C:\Users\Public\Desktop\Crusader Kings II - Collection.lnk
2015-07-10 19:34 - 2015-07-10 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader Kings II - Collection
2015-07-10 18:48 - 2015-07-10 18:48 - 00013286 _____ C:\Users\korisnik\Desktop\[kat.cr]crusader.kings.ii.collection.repack.yuzutu.2.3.3.torrent
2015-07-10 18:39 - 2015-07-11 18:39 - 00000340 _____ C:\Windows\Tasks\TouchDetector.job
2015-07-10 18:39 - 2015-07-10 22:39 - 00000000 ____D C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}
2015-07-10 18:39 - 2015-07-10 18:43 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Supportive Gaggle
2015-07-10 18:39 - 2015-07-10 18:39 - 00003258 _____ C:\Windows\System32\Tasks\TouchDetector
2015-07-10 16:57 - 2015-07-10 16:57 - 00015495 _____ C:\Users\korisnik\Desktop\Crusader+Kings+2+v2.3.2+DLC+%5BENG%2BRUS%5D.torrent
2015-07-10 12:22 - 2015-07-10 12:23 - 00000000 ____D C:\Users\korisnik\Desktop\meshes for faction leaders mod
2015-07-10 10:20 - 2015-07-10 10:20 - 00000000 ____D C:\Users\korisnik\Desktop\variantmeshes - kopija
2015-07-10 09:30 - 2015-07-10 09:45 - 742735163 _____ C:\Users\korisnik\Downloads\romansforattila.rar
2015-07-09 21:44 - 2015-07-09 21:44 - 00000000 ____D C:\Users\korisnik\Desktop\Nova fascikla
2015-07-09 14:00 - 2015-07-09 16:38 - 00000000 ____D C:\Users\korisnik\Desktop\variantmeshes
2015-07-06 18:08 - 2015-07-06 18:10 - 00000000 ____D C:\Users\korisnik\Desktop\PFM
2015-06-28 15:34 - 2015-06-28 15:34 - 00001283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rage of dark Gods.lnk
2015-06-27 19:27 - 2015-06-27 19:27 - 00000876 _____ C:\Windows\$_hpcst$.hpc
2015-06-27 13:53 - 2015-06-27 13:53 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-24 13:38 - 2015-06-24 13:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-13 20:19 - 2015-06-15 13:40 - 00000000 ____D C:\Users\korisnik\AppData\Local\Popcorn-Time
2015-06-13 20:17 - 2015-06-13 20:17 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-06-13 20:16 - 2015-06-13 20:17 - 00000000 ____D C:\Users\korisnik\AppData\Local\Popcorn Time
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 20:33 - 2013-05-23 18:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 18:20 - 2014-07-09 15:13 - 01355310 _____ C:\Windows\WindowsUpdate.log
2015-07-11 18:05 - 2009-07-14 06:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 18:05 - 2009-07-14 06:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 18:01 - 2014-07-11 14:46 - 00000000 ____D C:\Users\korisnik\AppData\Local\LogMeIn Hamachi
2015-07-11 17:58 - 2014-12-15 14:26 - 00244590 _____ C:\Windows\SysWOW64\debug.log
2015-07-11 17:58 - 2014-10-29 17:54 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Raptr
2015-07-11 17:57 - 2014-07-09 16:27 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-07-11 17:57 - 2014-04-30 19:22 - 00116771 _____ C:\Windows\setupact.log
2015-07-11 17:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 13:21 - 2015-05-30 18:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 12:03 - 2014-07-09 16:09 - 00000000 ____D C:\ProgramData\MFAData
2015-07-11 11:53 - 2010-11-21 05:47 - 00068640 _____ C:\Windows\PFRO.log
2015-07-11 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2015-07-10 22:39 - 2013-11-07 18:49 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\uTorrent
2015-07-10 19:34 - 2014-12-27 22:33 - 00000000 ____D C:\Users\korisnik\Documents\Paradox Interactive
2015-07-10 18:43 - 2015-04-21 11:42 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-10 16:54 - 2014-11-04 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-10 16:54 - 2014-10-31 21:49 - 00000000 ____D C:\Users\korisnik\AppData\Local\SKIDROW
2015-07-10 16:47 - 2013-05-23 18:41 - 00468716 _____ C:\Windows\DirectX.log
2015-07-10 16:38 - 2014-07-10 10:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-10 10:33 - 2013-05-23 18:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-10 10:33 - 2013-05-23 18:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 10:33 - 2013-05-23 18:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 09:23 - 2014-10-29 17:54 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-07-08 21:25 - 2014-07-14 16:03 - 00000000 ____D C:\Users\korisnik\AppData\Local\Battle.net
2015-07-08 21:09 - 2014-07-14 16:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-08 14:17 - 2014-12-30 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-08 14:17 - 2014-12-15 14:26 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-07-08 14:17 - 2014-09-04 10:58 - 00000000 ____D C:\Users\korisnik\AppData\Local\AVG Web TuneUp
2015-07-08 14:17 - 2014-09-04 10:58 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-07-07 10:42 - 2014-07-09 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-06 18:09 - 2015-01-16 17:56 - 00000000 ____D C:\Users\korisnik\AppData\Local\PackFileManager
2015-07-04 11:32 - 2009-07-14 07:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-01 11:01 - 2013-05-23 18:53 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\vlc
2015-06-19 18:12 - 2014-12-17 11:24 - 00000000 ____D C:\Users\korisnik\AppData\Local\Adobe
2015-06-18 22:27 - 2009-07-14 07:13 - 00006520 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 11:04 - 2014-07-10 10:23 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-14 20:00 - 2013-11-07 18:55 - 00000000 ____D C:\Windows\SysWOW64\directx
 
==================== Files in the root of some directories =======
 
2015-03-22 14:21 - 2015-06-18 10:43 - 0000000 _____ () C:\Users\korisnik\AppData\Roaming\SpeedRunnersLog.txt
2015-03-24 21:52 - 2015-04-02 21:42 - 0002930 _____ () C:\Users\korisnik\AppData\Roaming\TargetInvocationLog.txt
2015-02-05 11:59 - 2015-02-05 11:59 - 0047104 ___SH () C:\Users\korisnik\AppData\Roaming\Thumbs.db
2014-11-19 16:49 - 2014-12-16 22:33 - 1065984 _____ () C:\Users\korisnik\AppData\Local\file__0.localstorage
2015-02-10 12:55 - 2015-02-10 12:55 - 0000096 _____ () C:\Users\korisnik\AppData\Local\fusioncache.dat
2014-11-08 22:18 - 2014-11-08 22:18 - 0000000 ___SH () C:\Users\korisnik\AppData\Local\LumaEmu
2014-07-09 15:36 - 2014-07-09 15:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\korisnik\AppData\Local\Temp\5rjtqsqt.dll
C:\Users\korisnik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRun.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\korisnik\AppData\Local\Temp\bdfilters.dll
C:\Users\korisnik\AppData\Local\Temp\devcon64.exe
C:\Users\korisnik\AppData\Local\Temp\dsbsqlgy.dll
C:\Users\korisnik\AppData\Local\Temp\eauninstall.exe
C:\Users\korisnik\AppData\Local\Temp\gmh5rola.dll
C:\Users\korisnik\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\korisnik\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\korisnik\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\korisnik\AppData\Local\Temp\nvStInst.exe
C:\Users\korisnik\AppData\Local\Temp\Quarantine.exe
C:\Users\korisnik\AppData\Local\Temp\raptrpatch.exe
C:\Users\korisnik\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\sevensetup.exe
C:\Users\korisnik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\korisnik\AppData\Local\Temp\sonarinst.exe
C:\Users\korisnik\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\korisnik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\korisnik\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\korisnik\AppData\Local\Temp\ucvemhck.dll
C:\Users\korisnik\AppData\Local\Temp\Uninstall.exe
C:\Users\korisnik\AppData\Local\Temp\utils.dll
C:\Users\korisnik\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\korisnik\AppData\Local\Temp\wt7o24ze.dll
C:\Users\korisnik\AppData\Local\Temp\xmlUpdater.exe
C:\Users\korisnik\AppData\Local\Temp\yupdate-exec-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\_is2FD6.exe
C:\Users\korisnik\AppData\Local\Temp\_is3C63.exe
C:\Users\korisnik\AppData\Local\Temp\_is4855.exe
C:\Users\korisnik\AppData\Local\Temp\_isBC5C.exe
C:\Users\korisnik\AppData\Local\Temp\_isCFFB.exe
C:\Users\korisnik\AppData\Local\Temp\_isD5B5.exe
C:\Users\korisnik\AppData\Local\Temp\_m4fgout.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-05 14:10
 
Addition.txt :  I don't think this is needed
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 16 July 2015 - 02:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/582538 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 17 July 2015 - 05:13 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.
 

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/582538 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link
     
  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

 

I am not sure if I have a problem, the black screen problem is because something is wrong in my computer and I need to buy a new part, but I'm not sure if I have a virus. I ran 3-4 scan programs like Malwarebytes TDSSKiller and Emisoft Emergency Kit. However I didn't remove what TDSSKiller found because I was told in the last topic in the wrong forum not to remove anything of that and one of them found was a trusted program.

 

Here's FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by korisnik (administrator) on PC2-PC on 17-07-2015 12:10:54
Running from C:\Users\korisnik\Desktop\Desktop Things\FRST
Loaded Profiles: korisnik (Available Profiles: korisnik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Yandex Browser)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\System32\PnkBstrA.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
() C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\41.0.2272.3649\crash_service.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [91432 2008-06-27] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3174800 2015-07-08] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Five Nights at Freddys Full Game PC Downloader.lnk [2015-01-27]
ShortcutTarget: Five Nights at Freddys Full Game PC Downloader.lnk -> C:\ProgramData\{80bce373-71ea-13ba-80bc-ce37371e8dcd}\Five Nights at Freddys Full Game PC Downloader.exe (No File)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1227359831-991995275-1298296250-1000] => 223.252.33.217:80
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={EBAD6612-4A25-4ED5-9FC3-408808A35266}&mid=ca5eb6d7397147d29f4895c31dbd9c25-f9582b285072b69f743d6ea025a355df28b8495e&lang=sr&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-09-04 10:58:40&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1227359831-991995275-1298296250-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EBAD6612-4A25-4ED5-9FC3-408808A35266}&mid=ca5eb6d7397147d29f4895c31dbd9c25-f9582b285072b69f743d6ea025a355df28b8495e&lang=sr&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-09-04 10:58:40&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-22] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{850A88E3-A86C-4637-8DA1-D70F4208A726}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{C628860C-ED14-4238-91A7-B9F84E9FA66D}: [DhcpNameServer] 7.254.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-26] (Pando Networks)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\korisnik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-1227359831-991995275-1298296250-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-26] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-08]
FF Extension: Adblock Plus - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF Extension: Greasemonkey - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\q4d2phj6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-02]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.rs/
CHR StartupUrls: Default -> "hxxp://www.google.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-23]
CHR Extension: (Google Drive) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-23]
CHR Extension: (YouTube) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-23]
CHR Extension: (Google Search) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-23]
CHR Extension: (AdBlock) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-10]
CHR Extension: (Hola Better Internet) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-15]
CHR Extension: (Ghostery) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-25] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-15] (Echobit LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-28] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-02-25] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1874320 2015-07-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-08] ()
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-01] (Disc Soft Ltd)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-13] (Echobit, LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-06-27] (Cyberlink Corp.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 11:54 - 2015-07-17 11:54 - 00000000 ___RD C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-07-16 13:36 - 2015-07-16 13:36 - 00002507 _____ C:\Users\korisnik\Desktop\Yandex.lnk
2015-07-16 13:36 - 2015-07-16 13:36 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
2015-07-16 13:33 - 2015-07-16 13:34 - 117407696 _____ (YANDEX LLC) C:\Users\korisnik\Desktop\Yandex.exe
2015-07-16 12:19 - 2015-07-16 12:19 - 00001338 _____ C:\Users\korisnik\Desktop\eu4 - prečica.lnk
2015-07-15 18:24 - 2015-07-15 18:24 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Shooter
2015-07-15 15:15 - 2015-07-15 15:15 - 00001306 _____ C:\Users\korisnik\Desktop\CK2game - prečica.lnk
2015-07-13 16:45 - 2015-07-13 16:46 - 00000000 ____D C:\Users\korisnik\Desktop\RESKIN PACK
2015-07-13 13:08 - 2015-07-13 13:09 - 00000000 ____D C:\Users\korisnik\Desktop\variantmeshes
2015-07-13 13:08 - 2015-07-13 13:08 - 00000000 ____D C:\Users\korisnik\Desktop\db
2015-07-13 13:07 - 2015-07-13 13:10 - 00000000 ____D C:\Users\korisnik\Desktop\immortal fix
2015-07-13 12:10 - 2015-07-13 12:10 - 00001255 _____ C:\Users\korisnik\Desktop\Rome 2 Data.lnk
2015-07-12 20:02 - 2015-07-12 20:02 - 00000000 _____ C:\Users\korisnik\Desktop\model name.txt
2015-07-12 19:23 - 2015-07-12 19:45 - 00000000 ____D C:\Users\korisnik\Desktop\Desktop Things
2015-07-11 21:28 - 2015-07-17 12:10 - 00000000 ____D C:\FRST
2015-07-11 18:50 - 2015-07-11 21:31 - 00000000 ____D C:\Program Files\EEK
2015-07-10 18:39 - 2015-07-16 18:39 - 00000340 _____ C:\Windows\Tasks\TouchDetector.job
2015-07-10 18:39 - 2015-07-10 22:39 - 00000000 ____D C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}
2015-07-10 18:39 - 2015-07-10 18:43 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Supportive Gaggle
2015-07-10 18:39 - 2015-07-10 18:39 - 00003258 _____ C:\Windows\System32\Tasks\TouchDetector
2015-07-10 09:30 - 2015-07-10 09:45 - 742735163 _____ C:\Users\korisnik\Downloads\romansforattila.rar
2015-07-06 18:08 - 2015-07-06 18:10 - 00000000 ____D C:\Users\korisnik\Desktop\PFM
2015-06-28 15:34 - 2015-06-28 15:34 - 00001283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rage of dark Gods.lnk
2015-06-27 19:27 - 2015-06-27 19:27 - 00000876 _____ C:\Windows\$_hpcst$.hpc
2015-06-27 13:53 - 2015-06-27 13:53 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-24 13:38 - 2015-07-16 14:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 12:04 - 2014-07-10 10:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-17 12:01 - 2009-07-14 06:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 12:01 - 2009-07-14 06:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 11:59 - 2014-07-09 16:09 - 00000000 ____D C:\ProgramData\MFAData
2015-07-17 11:57 - 2014-07-09 15:13 - 01389917 _____ C:\Windows\WindowsUpdate.log
2015-07-17 11:55 - 2014-12-15 14:26 - 00246027 _____ C:\Windows\SysWOW64\debug.log
2015-07-17 11:54 - 2014-10-29 17:54 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Raptr
2015-07-17 11:54 - 2014-04-30 19:22 - 00117387 _____ C:\Windows\setupact.log
2015-07-17 11:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 21:33 - 2013-05-23 18:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 14:42 - 2013-05-23 18:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 13:38 - 2014-12-17 11:24 - 00000000 ____D C:\Users\korisnik\AppData\Local\Adobe
2015-07-16 13:38 - 2013-05-23 18:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 13:38 - 2013-05-23 18:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 13:38 - 2013-05-23 18:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 13:36 - 2014-12-15 20:03 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Yandex
2015-07-15 18:06 - 2014-07-10 14:42 - 00000000 ____D C:\Users\korisnik\Documents\My Games
2015-07-15 13:58 - 2013-11-07 18:49 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\uTorrent
2015-07-12 12:56 - 2014-07-11 14:46 - 00000000 ____D C:\Users\korisnik\AppData\Local\LogMeIn Hamachi
2015-07-11 17:57 - 2014-07-09 16:27 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-07-11 13:21 - 2015-05-30 18:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 11:53 - 2010-11-21 05:47 - 00068640 _____ C:\Windows\PFRO.log
2015-07-11 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2015-07-10 19:34 - 2014-12-27 22:33 - 00000000 ____D C:\Users\korisnik\Documents\Paradox Interactive
2015-07-10 18:43 - 2015-04-21 11:42 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-10 16:54 - 2014-11-04 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-10 16:54 - 2014-10-31 21:49 - 00000000 ____D C:\Users\korisnik\AppData\Local\SKIDROW
2015-07-10 16:47 - 2013-05-23 18:41 - 00468716 _____ C:\Windows\DirectX.log
2015-07-10 09:23 - 2014-10-29 17:54 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-07-08 21:25 - 2014-07-14 16:03 - 00000000 ____D C:\Users\korisnik\AppData\Local\Battle.net
2015-07-08 21:09 - 2014-07-14 16:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-08 14:17 - 2014-12-30 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-08 14:17 - 2014-12-15 14:26 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-07-08 14:17 - 2014-09-04 10:58 - 00000000 ____D C:\Users\korisnik\AppData\Local\AVG Web TuneUp
2015-07-08 14:17 - 2014-09-04 10:58 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-07-07 10:42 - 2014-07-09 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-06 18:09 - 2015-01-16 17:56 - 00000000 ____D C:\Users\korisnik\AppData\Local\PackFileManager
2015-07-04 11:32 - 2009-07-14 07:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-01 11:01 - 2013-05-23 18:53 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\vlc
2015-06-18 22:27 - 2009-07-14 07:13 - 00006520 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 11:04 - 2014-07-10 10:23 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== Files in the root of some directories =======
 
2015-03-22 14:21 - 2015-06-18 10:43 - 0000000 _____ () C:\Users\korisnik\AppData\Roaming\SpeedRunnersLog.txt
2015-03-24 21:52 - 2015-04-02 21:42 - 0002930 _____ () C:\Users\korisnik\AppData\Roaming\TargetInvocationLog.txt
2015-02-05 11:59 - 2015-02-05 11:59 - 0047104 ___SH () C:\Users\korisnik\AppData\Roaming\Thumbs.db
2014-11-19 16:49 - 2014-12-16 22:33 - 1065984 _____ () C:\Users\korisnik\AppData\Local\file__0.localstorage
2015-02-10 12:55 - 2015-02-10 12:55 - 0000096 _____ () C:\Users\korisnik\AppData\Local\fusioncache.dat
2014-11-08 22:18 - 2014-11-08 22:18 - 0000000 ___SH () C:\Users\korisnik\AppData\Local\LumaEmu
2014-07-09 15:36 - 2014-07-09 15:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\korisnik\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\korisnik\AppData\Local\Temp\5rjtqsqt.dll
C:\Users\korisnik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRun.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\korisnik\AppData\Local\Temp\bdfilters.dll
C:\Users\korisnik\AppData\Local\Temp\devcon64.exe
C:\Users\korisnik\AppData\Local\Temp\dsbsqlgy.dll
C:\Users\korisnik\AppData\Local\Temp\eauninstall.exe
C:\Users\korisnik\AppData\Local\Temp\gmh5rola.dll
C:\Users\korisnik\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\korisnik\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\korisnik\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\korisnik\AppData\Local\Temp\nvStInst.exe
C:\Users\korisnik\AppData\Local\Temp\Quarantine.exe
C:\Users\korisnik\AppData\Local\Temp\raptrpatch.exe
C:\Users\korisnik\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\sevensetup.exe
C:\Users\korisnik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\korisnik\AppData\Local\Temp\sonarinst.exe
C:\Users\korisnik\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\korisnik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\korisnik\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\korisnik\AppData\Local\Temp\ucvemhck.dll
C:\Users\korisnik\AppData\Local\Temp\Uninstall.exe
C:\Users\korisnik\AppData\Local\Temp\utils.dll
C:\Users\korisnik\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\korisnik\AppData\Local\Temp\wt7o24ze.dll
C:\Users\korisnik\AppData\Local\Temp\xmlUpdater.exe
C:\Users\korisnik\AppData\Local\Temp\yupdate-exec-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\_is2FD6.exe
C:\Users\korisnik\AppData\Local\Temp\_is3C63.exe
C:\Users\korisnik\AppData\Local\Temp\_is4855.exe
C:\Users\korisnik\AppData\Local\Temp\_isBC5C.exe
C:\Users\korisnik\AppData\Local\Temp\_isCFFB.exe
C:\Users\korisnik\AppData\Local\Temp\_isD5B5.exe
C:\Users\korisnik\AppData\Local\Temp\_m4fgout.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-14 19:50
 
==================== End of log ============================ I don't know how to add the Addition.txt file, so I'll post it in anothe reply if okay


#4 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 17 July 2015 - 05:16 AM

Hmm it seems Flash Player is out of date so I can't post a reply and also I don't know why is this saying on youtube and etc. I tryed updating both my browser and Flash Player but it still says out of date, if possible to help me with this too aswell.

 

Addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by korisnik at 2015-07-17 12:11:52
Running from C:\Users\korisnik\Desktop\Desktop Things\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1227359831-991995275-1298296250-500 - Administrator - Disabled)
Guest (S-1-5-21-1227359831-991995275-1298296250-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1227359831-991995275-1298296250-1010 - Limited - Enabled)
korisnik (S-1-5-21-1227359831-991995275-1298296250-1000 - Administrator - Enabled) => C:\Users\korisnik
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Sid Meier's Civilization V - Brave New World» (HKLM-x32\...\«Sid Meier's Civilization V - Brave New World»_is1) (Version:  - Firaxis)
µTorrent (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.4.948 - AVG Technologies)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1830 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0.1 Platinum) (Version: 8.0.1 Platinum - )
DarthMod: Shogun II (HKLM-x32\...\DarthMod: Shogun II) (Version:  - )
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Europa Universalis IV: Common Sense (HKLM-x32\...\Europa Universalis IV: Common Sense_is1) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.9 - Echobit, LLC)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
GameHouse Games Collection: Academy of Magic (HKLM-x32\...\Academy of Magic) (Version:  - )
GameHouse Games Collection: Adventure Inlay - Safari Edition (HKLM-x32\...\Adventure Inlay - Safari Edition) (Version:  - )
GameHouse Games Collection: Adventure Inlay (HKLM-x32\...\Adventure Inlay) (Version:  - )
GameHouse Games Collection: Air Strike 3D (HKLM-x32\...\Air Strike 3D) (Version:  - )
GameHouse Games Collection: Alien Sky (HKLM-x32\...\Alien Sky) (Version:  - )
GameHouse Games Collection: Aloha Solitaire (HKLM-x32\...\Aloha Solitaire) (Version:  - )
GameHouse Games Collection: Aloha TriPeaks (HKLM-x32\...\Aloha TriPeaks) (Version:  - )
GameHouse Games Collection: Ancient Tri-Jong (HKLM-x32\...\Ancient Tri-Jong) (Version:  - )
GameHouse Games Collection: Ancient Tripeaks (HKLM-x32\...\Ancient Tripeaks) (Version:  - )
GameHouse Games Collection: Astrobatics (HKLM-x32\...\Astrobatics) (Version:  - )
GameHouse Games Collection: Atlantis (HKLM-x32\...\Atlantis) (Version:  - )
GameHouse Games Collection: Atomaders (HKLM-x32\...\Atomaders) (Version:  - )
GameHouse Games Collection: Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version:  - )
GameHouse Games Collection: Bewitched (HKLM-x32\...\Bewitched) (Version:  - )
GameHouse Games Collection: Big Kahuna Reef (HKLM-x32\...\Big Kahuna Reef) (Version:  - )
GameHouse Games Collection: Bounce Out Blitz (HKLM-x32\...\Bounce Out Blitz) (Version:  - )
GameHouse Games Collection: Casino Island To Go (HKLM-x32\...\Casino Island To Go) (Version:  - )
GameHouse Games Collection: Chainz (HKLM-x32\...\Chainz) (Version:  - )
GameHouse Games Collection: Chainz 2 - Relinked (HKLM-x32\...\Chainz 2: Relinked) (Version:  - )
GameHouse Games Collection: Charm Solitaire (HKLM-x32\...\Charm Solitaire) (Version:  - )
GameHouse Games Collection: Charm Tale (HKLM-x32\...\Charm Tale) (Version:  - )
GameHouse Games Collection: Chicktionary (HKLM-x32\...\Chicktionary) (Version:  - )
GameHouse Games Collection: Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version:  - )
GameHouse Games Collection: Collapse! Crunch (HKLM-x32\...\Collapse! Crunch) (Version:  - )
GameHouse Games Collection: Combo Chaos! (HKLM-x32\...\Combo Chaos!) (Version:  - )
GameHouse Games Collection: Crystal Path (HKLM-x32\...\Crystal Path) (Version:  - )
GameHouse Games Collection: Cubis Gold 2 (HKLM-x32\...\Cubis Gold 2) (Version:  - )
GameHouse Games Collection: Digby's Donuts (HKLM-x32\...\Digby's Donuts) (Version:  - )
GameHouse Games Collection: Diner Dash (HKLM-x32\...\Diner Dash) (Version:  - )
GameHouse Games Collection: Feeding Frenzy (HKLM-x32\...\Feeding Frenzy) (Version:  - )
GameHouse Games Collection: Fiber Twig (HKLM-x32\...\Fiber Twig) (Version:  - )
GameHouse Games Collection: Five Card Deluxe (HKLM-x32\...\Five Card Deluxe) (Version:  - )
GameHouse Games Collection: Flip Words (HKLM-x32\...\Flip Words) (Version:  - )
GameHouse Games Collection: Flying Leo (HKLM-x32\...\Flying Leo) (Version:  - )
GameHouse Games Collection: Fortune Tiles Gold (HKLM-x32\...\Fortune Tiles Gold) (Version:  - )
GameHouse Games Collection: GameHouse Sudoku (HKLM-x32\...\GameHouse Sudoku) (Version:  - )
GameHouse Games Collection: Gearz (HKLM-x32\...\Gearz) (Version:  - )
GameHouse Games Collection: Granny in Paradise (HKLM-x32\...\Granny in Paradise) (Version:  - )
GameHouse Games Collection: Gutterball (HKLM-x32\...\Gutterball) (Version:  - )
GameHouse Games Collection: Gutterball 2 (HKLM-x32\...\Gutterball 2) (Version:  - )
GameHouse Games Collection: Hamsterball (HKLM-x32\...\Hamsterball) (Version:  - )
GameHouse Games Collection: Hello! (HKLM-x32\...\Hello!) (Version:  - )
GameHouse Games Collection: Holiday Express (HKLM-x32\...\Holiday Express) (Version:  - )
GameHouse Games Collection: Iggle Pop! (HKLM-x32\...\Iggle Pop!) (Version:  - )
GameHouse Games Collection: Incadia (HKLM-x32\...\Incadia) (Version:  - )
GameHouse Games Collection: Incredible Ink (HKLM-x32\...\Incredible Ink) (Version:  - )
GameHouse Games Collection: Insaniquarium Deluxe (HKLM-x32\...\Insaniquarium Deluxe) (Version:  - )
GameHouse Games Collection: Inspector Parker (HKLM-x32\...\Inspector Parker) (Version:  - )
GameHouse Games Collection: Invadazoid (HKLM-x32\...\Invadazoid) (Version:  - )
GameHouse Games Collection: Jewel Quest (HKLM-x32\...\Jewel Quest) (Version:  - )
GameHouse Games Collection: Lemonade Tycoon (HKLM-x32\...\Lemonade Tycoon) (Version:  - )
GameHouse Games Collection: Luxor (HKLM-x32\...\Luxor) (Version:  - )
GameHouse Games Collection: Mad Caps (HKLM-x32\...\Mad Caps) (Version:  - )
GameHouse Games Collection: Magic Ball (HKLM-x32\...\Magic Ball Deluxe) (Version:  - )
GameHouse Games Collection: Magic Ball 2 - New Worlds (HKLM-x32\...\Magic Ball 2 - New Worlds) (Version:  - )
GameHouse Games Collection: Magic Inlay (HKLM-x32\...\Magic Inlay) (Version:  - )
GameHouse Games Collection: Magic Vines (HKLM-x32\...\Magic Vines) (Version:  - )
GameHouse Games Collection: Mah Jong Adventures (HKLM-x32\...\Mah Jong Adventures) (Version:  - )
GameHouse Games Collection: Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version:  - )
GameHouse Games Collection: Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version:  - )
GameHouse Games Collection: Mahjong Towers Eternity (HKLM-x32\...\Mahjong Towers Eternity) (Version:  - )
GameHouse Games Collection: Maui Wowee (HKLM-x32\...\Maui Wowee) (Version:  - )
GameHouse Games Collection: Phlinx To Go (HKLM-x32\...\Phlinx To Go) (Version:  - )
GameHouse Games Collection: Pin High Country Club Golf (HKLM-x32\...\Pin High Country Club Golf) (Version:  - )
GameHouse Games Collection: Pizza Frenzy (HKLM-x32\...\Pizza Frenzy) (Version:  - )
GameHouse Games Collection: Platypus (HKLM-x32\...\Platypus) (Version:  - )
GameHouse Games Collection: Puzzle Express (HKLM-x32\...\Puzzle Express) (Version:  - )
GameHouse Games Collection: Puzzle Inlay (HKLM-x32\...\Puzzle Inlay) (Version:  - )
GameHouse Games Collection: Puzzle Solitaire (HKLM-x32\...\Puzzle Solitaire) (Version:  - )
GameHouse Games Collection: QBz (HKLM-x32\...\QBz) (Version:  - )
GameHouse Games Collection: Reader's Digest Super Word Power (HKLM-x32\...\Reader's Digest Super Word Power) (Version:  - )
GameHouse Games Collection: Ricochet (HKLM-x32\...\Ricochet) (Version:  - )
GameHouse Games Collection: Ricochet Lost Worlds - Recharged (HKLM-x32\...\Ricochet Lost Worlds: Recharged) (Version:  - )
GameHouse Games Collection: Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds) (Version:  - )
GameHouse Games Collection: Roller Rush (HKLM-x32\...\Roller Rush) (Version:  - )
GameHouse Games Collection: Saints & Sinners Bingo (HKLM-x32\...\Saints & Sinners Bingo) (Version:  - )
GameHouse Games Collection: SCRABBLE (HKLM-x32\...\SCRABBLE) (Version:  - )
GameHouse Games Collection: Slingo Deluxe (HKLM-x32\...\Slingo Deluxe) (Version:  - )
GameHouse Games Collection: Spelvin (HKLM-x32\...\Spelvin) (Version:  - )
GameHouse Games Collection: Splash (HKLM-x32\...\Splash) (Version:  - )
GameHouse Games Collection: Super 5-Line Slots (HKLM-x32\...\Super 5-Line Slots) (Version:  - )
GameHouse Games Collection: Super Blackjack! (HKLM-x32\...\Super Blackjack!) (Version:  - )
GameHouse Games Collection: Super Bounce Out! (HKLM-x32\...\Super Bounce Out!) (Version:  - )
GameHouse Games Collection: Super Candy Cruncher (HKLM-x32\...\Super Candy Cruncher) (Version:  - )
GameHouse Games Collection: Super Collapse! (HKLM-x32\...\Super Collapse!) (Version:  - )
GameHouse Games Collection: Super Collapse! II (HKLM-x32\...\Super Collapse! II) (Version:  - )
GameHouse Games Collection: Super Collapse! II Platinum (HKLM-x32\...\Super Collapse! II Platinum) (Version:  - )
GameHouse Games Collection: Super Fruit Frolic (HKLM-x32\...\Super Fruit Frolic) (Version:  - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1 (HKLM-x32\...\Super GameHouse Solitaire Vol. 1) (Version:  - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2 (HKLM-x32\...\Super GameHouse Solitaire Vol. 2) (Version:  - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3 (HKLM-x32\...\Super GameHouse Solitaire Vol. 3) (Version:  - )
GameHouse Games Collection: Super Gem Drop (HKLM-x32\...\Super Gem Drop) (Version:  - )
GameHouse Games Collection: Super Glinx! (HKLM-x32\...\Super Glinx!) (Version:  - )
GameHouse Games Collection: Super Letter Linker (HKLM-x32\...\Super Letter Linker) (Version:  - )
GameHouse Games Collection: Super Mah Jong Solitaire (HKLM-x32\...\Super Mah Jong Solitaire) (Version:  - )
GameHouse Games Collection: Super Nisqually (HKLM-x32\...\Super Nisqually) (Version:  - )
GameHouse Games Collection: Super PileUp! (HKLM-x32\...\Super PileUp!) (Version:  - )
GameHouse Games Collection: Super Pool (HKLM-x32\...\Super Pool) (Version:  - )
GameHouse Games Collection: Super Pop & Drop! (HKLM-x32\...\Super Pop & Drop!) (Version:  - )
GameHouse Games Collection: Super SpongeBob Collapse! (HKLM-x32\...\Super SpongeBob Collapse!) (Version:  - )
GameHouse Games Collection: Super TextTwist (HKLM-x32\...\Super TextTwist) (Version:  - )
GameHouse Games Collection: Super WHATword (HKLM-x32\...\Super WHATword) (Version:  - )
GameHouse Games Collection: Super Wild Wild Words (HKLM-x32\...\Super Wild Wild Words) (Version:  - )
GameHouse Games Collection: Tap a Jam (HKLM-x32\...\Tap a Jam) (Version:  - )
GameHouse Games Collection: Ten Pin Championship Bowling Pro (HKLM-x32\...\Ten Pin Championship Bowling Pro) (Version:  - )
GameHouse Games Collection: Tennis Titans (HKLM-x32\...\Tennis Titans) (Version:  - )
GameHouse Games Collection: Tradewinds 2 (HKLM-x32\...\Tradewinds 2) (Version:  - )
GameHouse Games Collection: Trivia Machine (HKLM-x32\...\Trivia Machine) (Version:  - )
GameHouse Games Collection: Tropical Swaps (HKLM-x32\...\Tropical Swaps) (Version:  - )
GameHouse Games Collection: Tumblebugs (HKLM-x32\...\Tumblebugs) (Version:  - )
GameHouse Games Collection: Turtle Bay (HKLM-x32\...\Turtle Bay) (Version:  - )
GameHouse Games Collection: Twistingo (HKLM-x32\...\Twistingo) (Version:  - )
GameHouse Games Collection: Ultimate Dominoes (HKLM-x32\...\Ultimate Dominoes) (Version:  - )
GameHouse Games Collection: Varmintz Deluxe (HKLM-x32\...\Varmintz Deluxe) (Version:  - )
GameHouse Games Collection: Walls of Jericho, The (HKLM-x32\...\Walls of Jericho, The) (Version:  - )
GameHouse Games Collection: Wheel of Fortune (HKLM-x32\...\Wheel of Fortune) (Version:  - )
GameHouse Games Collection: Word Jolt (HKLM-x32\...\Word Jolt) (Version:  - )
GameHouse Games Collection: Word Slinger (HKLM-x32\...\Word Slinger) (Version:  - )
GameHouse Games Collection: WordJong To Go (HKLM-x32\...\WordJong To Go) (Version:  - )
GameHouse Games Collection: Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geeks3D.com FurMark 1.10.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version:  - RobTop Games)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Guacamelee! Gold Edition (HKLM-x32\...\GOGPACKGUACAMELEE_is1) (Version: 2.0.0.8 - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Hotline Miami 2: Wrong Number_is1) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Knights of Honor (HKLM-x32\...\Knights of Honor) (Version: 1.05 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Microsoft .NET Framework 1.1 SP1 with Hotfixes (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle Earth - Shadow of Mordor (HKLM-x32\...\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MonitorTest V3.1 (HKLM-x32\...\MonitorTest_is1) (Version: 3.1 - PassMark Software)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount and Blade Warband - Viking Conquest v1.0 / RePack by Azaq (HKLM-x32\...\Mount and Blade Warband - Viking Conquest_is1) (Version:  - )
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.83.62.0 - Overwolf Ltd.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC TWIN SHOCK (HKLM-x32\...\{FBAD8782-5327-4FF9-9499-15A5AC266BEA}) (Version: 1.00.0000 - GASIA)
PlanetSide 2 (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Popcorn Time (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\Popcorn Time) (Version:  - Popcorn Official)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0032 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Refunktion (HKLM-x32\...\Refunktion_is1) (Version: 1.7 - Dominique Grieshofer)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
Rome: Total War - Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Saints Row IV (HKLM-x32\...\Saints Row IV1.0.0.1) (Version: 1.0.0.1 - Joker_RETURNS)
Sherlock Holmes - Crimes & Punishments (HKLM-x32\...\Sherlock Holmes - Crimes & Punishments_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.2.2636.0 - Hi-Rez Studios)
Smite Public Test (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF019}) (Version: 1.0.2267.0 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Crusader Special Edition  [AmGaD-SaLaH] version 1.0.8.0 (HKLM-x32\...\Stronghold Crusader Special Edition  [AmGaD-SaLaH]_is1) (Version: 1.0.8.0 - TeRM!NaToR)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Binding of Isaac - Rebirth (HKLM-x32\...\The Binding of Isaac - Rebirth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
The Sims 4 (HKLM-x32\...\The Sims 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
Total War Battles: KINGDOM (HKLM-x32\...\Steam App 300080) (Version:  - Creative Assembly)
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version:  - Creative Assembly)
Total War: ATTILA - Assembly Kit BETA (HKLM-x32\...\Steam App 343660) (Version:  - )
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version:  - Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
ViewRight Web PC 3.6.0.0  (HKLM-x32\...\{27961C9F-1965-48D9-A579-40F8EBEA0603}) (Version: 3.6.0.0 - Verimatrix, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yandex (HKU\S-1-5-21-1227359831-991995275-1298296250-1000\...\YandexBrowser) (Version: 15.4.2272.3649 - YANDEX)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
10-07-2015 16:46:27 Installed DirectX
12-07-2015 12:54:49 Removed LogMeIn Hamachi
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-05-13 20:45 - 00001180 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C83DFF-033A-4758-918E-FB22646B7A7A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {037FBE16-386C-464C-8A9C-57163E190494} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-02-25] (Overwolf LTD)
Task: {18342994-FDBD-4F43-AF74-FA366E917BA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {1F5C6F8F-0CB9-477D-9E2F-F8EF755E736E} - System32\Tasks\{467E12C3-AD6B-469F-AB8F-F90355333EAD} => Chrome.exe http://ui.skype.com/ui/0/6.9.59.106/sr/abandoninstall?page=tsBing
Task: {2138021F-0462-4386-B293-DE9C953B199D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {758A9E96-734F-4051-9FFB-DCE5F3050CF5} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7CBBBA45-87C0-450F-81D6-4435DE97B971}.exe [2014-12-16] ()
Task: {A91230D4-D148-408C-A84D-D5C1530D2816} - System32\Tasks\{D1A13044-1C67-4B4C-9511-B3A892F3266A} => pcalua.exe -a "F:\PROGRAMI\Poboljsavanje sistema\Windows 7 registry tweaks silent installs\Disable Hibernate\Instal.exe" -d "F:\PROGRAMI\Poboljsavanje sistema\Windows 7 registry tweaks silent installs\Disable Hibernate"
Task: {AB58F4EE-F440-4EBB-A32B-B6F8CDE38852} - System32\Tasks\{F560B621-6177-4D78-9C80-761AB7857BA5} => pcalua.exe -a "F:\PROGRAMI\Poboljsavanje sistema\Windows 7 registry tweaks silent installs\Speed up shell response\Instal.exe" -d "F:\PROGRAMI\Poboljsavanje sistema\Windows 7 registry tweaks silent installs\Speed up shell response"
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F02C3EE4-B9D4-40A6-826B-58D86B397E33} - System32\Tasks\{4339B6FE-7A95-4828-821E-F2FF16E10511} => pcalua.exe -a E:\Network\Realtek\PCIE\WIN7\setup.exe -d E:\Network\Realtek\PCIE\WIN7
Task: {FAA4D174-33A0-4A29-A7F9-488958807083} - System32\Tasks\TouchDetector => c:\programdata\{9611eb22-481a-b339-9611-1eb22481ac89}\sevensetup.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7CBBBA45-87C0-450F-81D6-4435DE97B971}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TouchDetector.job => c:\programdata\{9611eb22-481a-b339-9611-1eb22481ac89}\sevensetup.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-03 16:16 - 2015-07-08 14:17 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-12-15 14:26 - 2015-07-08 14:17 - 03174800 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-08-10 15:47 - 2014-08-10 15:47 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-07-08 14:17 - 2015-07-08 14:17 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-16 13:36 - 2015-05-07 12:44 - 00414160 _____ () C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\41.0.2272.3649\crash_service.exe
2015-07-08 14:17 - 2015-07-08 14:17 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2014-12-15 14:26 - 2015-07-08 14:17 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-07-16 13:36 - 2015-05-07 12:44 - 01174992 _____ () C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\41.0.2272.3649\libglesv2.dll
2015-07-16 13:36 - 2015-05-07 12:44 - 00080336 _____ () C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\41.0.2272.3649\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24403519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24403519.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 89.216.1.40 - 89.216.1.50
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{716A4F69-669D-4FD6-917C-7416440B2CE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [TCP Query User{B14F1653-7416-4E70-8C1F-E0D307EF84CA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{9166E1DC-235B-422B-9779-A84094D06F96}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{A452D4F5-FCB5-4B77-995E-AF2B14F689B8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E47E241-3AB4-4B55-A984-DDB2F6C8DBBD}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{D4FB7638-4A05-43B6-8C86-4E659DF01FA4}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{CD642858-C1A9-4B87-801C-22766BAB39AF}] => (Allow) C:\Users\korisnik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE0DE669-5511-443D-9991-3EDE8FE85AD3}] => (Allow) C:\Users\korisnik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CB99B6A-2EB9-4379-A98B-D4A1EEFD0AD5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8B4EEFA2-3296-42D4-B323-800B5D0BACED}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{5A712E2E-A696-4C60-B491-F6164A0A9918}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E76C70BB-CAAC-43AE-8222-5ABFE63DAD75}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F7F1FFC6-DB7B-479A-B320-0EF9442A1B47}D:\program files (x86)\hi-rez studios\hirezgames\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\hi-rez studios\hirezgames\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{0DCF9EFB-2B53-4D5C-A0F3-39F33ACD9209}D:\program files (x86)\hi-rez studios\hirezgames\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\hi-rez studios\hirezgames\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{A6C67A39-0012-472C-B293-4E6566B9DA64}] => (Allow) D:\SteamLibrary\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{BC44D731-4A75-4C0C-A9E0-33154D935427}] => (Allow) D:\SteamLibrary\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{67F9FC56-5FFB-4AC2-A894-FD163FC3C25D}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A529D5FF-8DE2-4509-9BFB-AD4174307CCF}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{37AFA607-9C13-4E25-A966-06EB353C9E68}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8D73E90C-43C4-463B-8ABF-4B2B4DA8910F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{17F1785A-30F7-40A2-AC92-E7FE458C36CD}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F684E8B4-8363-4581-82A6-D070D1D16FE1}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{6F4888E6-5F0F-4300-A6B2-0DC3FB3A8CB4}] => (Allow) D:\SteamLibrary\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{30EEBC8B-6E26-4843-8EFC-D3B3DE169BEA}] => (Allow) D:\SteamLibrary\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{6BF2E65F-5060-45D7-916D-9B3F377ED129}D:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe] => (Allow) D:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe
FirewallRules: [UDP Query User{5DC773A5-BA20-4DBF-A483-50403601B581}D:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe] => (Allow) D:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe
FirewallRules: [TCP Query User{3F0077D4-B2AF-4F9C-B8E8-D02097E375DC}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{26893F93-FC3A-4993-B0BA-0B73FBB581DF}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{454F6256-96A7-464E-9762-A9D1A1036841}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{663ABEDE-94EE-4E3C-B503-BD289262C6ED}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9A0D327A-21D3-4024-AD87-9507A5106198}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{C489C49E-90A6-4727-9DA5-4B6EA7F51BCA}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{E415B2D1-5639-43EC-8562-FFEF0C396A76}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D91BC4C7-6BE4-4D5B-8596-A2A5F25C9BD4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F33F8C66-A024-424A-B69D-67C3CEDACEDF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DD0E59D0-95E4-4D4D-A685-99560DE59C9D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{044BE3EE-2CFC-4DEE-BEF3-4667058DDDBF}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{6B25FA3F-149F-427E-986D-EA0694C7D81B}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{226017D5-E43B-452D-83C3-C92853EFD284}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AC67836-97B7-4788-BC3F-879386510F61}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{42299609-514D-483E-A5C6-FA43FA576247}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2B13B226-4AA6-4A51-9C59-C4AE505BC01A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{73E664BC-49E5-4C8F-97BC-CF870FD0F78D}] => (Allow) C:\Users\korisnik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FEDD8D0-E9FD-4056-8873-AD8833C6A429}] => (Allow) C:\Users\korisnik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33D16FF3-E216-4290-A210-C80D0AD6E19A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D564FB5-49D8-4473-AFFC-AF6CFA99FF6F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D277E057-BB6F-4ACC-9A9A-97BE5E36FE77}] => (Allow) D:\SteamLibrary\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{C9DC1D25-E655-400B-88FC-9619F1FF3123}] => (Allow) D:\SteamLibrary\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{2CE21F6E-E577-47F1-8F54-A93CD5BAFCD1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{C7AF6EEB-89E8-4D19-9B0F-BBD524E2AF17}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{1F21DE65-FCB5-4F57-BE7C-EE05E51EFD33}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F7CD8567-A5BA-40F9-8324-956EEB032289}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{83D8A448-8D41-41B8-8702-F5663A1C38F6}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{54F404E4-2C27-4CD1-AD2A-B3532EAFB711}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{2D403C74-F1D3-4CF7-86D6-D1F526990053}] => (Allow) D:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{DC958B1E-673E-4847-8EA9-02A1E333EF0D}] => (Allow) D:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{23D617CA-D8AD-474B-A41B-CE9341A8AC10}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{A8013598-7F49-459D-9F4A-A15A6F1B9780}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6328BAE6-A9E4-4BA5-8ED0-7B00C846F2E7}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{ED2787A8-B9CE-4927-B191-8D3832AC6A8D}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{A4640B01-B05F-4844-A24A-44F6FDDCB4D3}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{F46F3F66-89C7-4444-87C7-DADBDE39143E}] => (Allow) D:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{3E5D4360-6650-4D67-97FE-0C3A8026AB52}] => (Allow) D:\SteamLibrary\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{D9D6AA33-5232-4CD8-87BB-BB48E2458552}] => (Allow) D:\SteamLibrary\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{85097FD4-6E60-4BB0-8283-B80CBA4350A4}D:\steamlibrary\steamapps\common\total war attila\attila.exe] => (Allow) D:\steamlibrary\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{28470292-272D-463F-8321-B3CDF154C911}D:\steamlibrary\steamapps\common\total war attila\attila.exe] => (Allow) D:\steamlibrary\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{500749A1-8F33-4182-AA2C-7FE17C519318}D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{BE705A3B-0E91-4EB7-B42C-548E16D26270}D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{507EDCCE-F85D-419F-BE3D-91918AA37AC3}D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FFC0ED9B-D8DB-42F6-B840-AE3D0E077739}D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{737EA330-9EBA-4A43-B1DF-FB222CA1390A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{37A8A904-CA6B-440E-8956-58F40FF53808}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{979AB846-4602-4A1B-A8E6-2E7ED168BB86}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6546F7A1-F3B8-4FC5-AD70-DB4D9004803C}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{360038B2-F3C4-4309-966C-3D5F8AADDDD8}] => (Allow) D:\Program Files (x86)\Starcraft 2\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{E2367A34-D612-43E8-AE2E-6382D394935A}] => (Allow) D:\Program Files (x86)\Starcraft 2\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{D91506A6-0398-4306-8E4B-8ABD4FAB3A54}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{02A3579B-76A4-4051-8A7E-168F30512E10}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{A6E04BAF-6DFB-4ABD-BD36-C391B89C6D1C}D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C410C968-3933-4516-8F02-63B252A810AA}D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{8F1DCD7E-6295-4582-A39F-93925EB4A98E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{725B4658-E7E4-4171-A7F5-40A3B14E7E1D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FCF31C1D-D352-44E1-B1FB-E9AD6FA66D95}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D285624F-AB60-4169-AC79-0BF5F8E85B80}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B1F0DA29-AF34-4E81-8876-0460E47D39E5}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{9B6A3A1D-9970-4436-BA87-FDC8BF7A9130}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{46B00F41-5EB7-4E2F-88E6-58814CD8A78D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2C9AA2B1-7E50-4D00-B7E5-EE1E964D811A}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E7C2A436-6E0C-47E5-B77B-3E6AAB353E16}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8884C2CD-D7B5-4AB6-AFE8-ADD0E9AA8DF8}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E627867A-3C7D-4977-BE1D-1EF4A15B0B6D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{ED6D700A-8C59-4521-82A1-64F90CA0763B}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{1D911C48-9454-4393-A3D2-046D14217E2A}D:\program files (x86)\starcraft 2\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\starcraft 2\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FCAD589-8B07-47D1-9A38-CBF93F1FE7F6}D:\program files (x86)\starcraft 2\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\starcraft 2\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C841A70B-A1ED-48E5-8DFE-8E604613696F}D:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Allow) D:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [UDP Query User{AF584615-68A3-4B88-84E6-DFBFB98EEAA9}D:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Allow) D:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [TCP Query User{C401FBEB-9640-4BED-A88B-D6D3AF1FC7FE}D:\program files (x86)\dayz standalone v0.46\dayz.exe] => (Allow) D:\program files (x86)\dayz standalone v0.46\dayz.exe
FirewallRules: [UDP Query User{CDC250EC-0C0C-4CDD-9E16-B730ABE964BC}D:\program files (x86)\dayz standalone v0.46\dayz.exe] => (Allow) D:\program files (x86)\dayz standalone v0.46\dayz.exe
FirewallRules: [{A9A42C23-E69B-4F12-89CD-5D5533B49889}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Battles KINGDOM\TWB_Kingdom.exe
FirewallRules: [{14DE77DF-D640-45E5-A219-FF6ED39C56CD}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Battles KINGDOM\TWB_Kingdom.exe
FirewallRules: [{CA1CF0AC-2767-496C-8A76-4A0AA486D845}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{174AA935-1C17-4BCD-A39B-BF67AF8EE5C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1DDF5CB3-E780-435B-B45D-A06CF260B7E3}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{6E13834D-307B-4014-BE5B-A38B32893BD2}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2EE2A7CE-0682-4DC0-9D43-AD5B37E8DEBD}] => (Allow) D:\SteamLibrary\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{0711D6C7-7AD0-4A1E-B08C-8E72254E640B}] => (Allow) D:\SteamLibrary\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{3FB8EB97-BF82-421B-A861-A738B43842AB}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{08D3C040-B08B-4EB8-81A6-406BFB0349E5}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{243172BE-26A3-4E17-9A75-4CC624E431F5}] => (Allow) D:\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{654FB588-AABF-49AD-8005-90CCFAC820B1}] => (Allow) D:\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{65716189-E786-434C-AA00-D629D1268DB4}] => (Allow) D:\SteamLibrary\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{F105FE2A-B749-4237-ABF8-8B7CAE3D0A02}] => (Allow) D:\SteamLibrary\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{A68651BF-0876-4960-B640-E6C73AAB7C2D}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{95A3B0B4-588F-4D72-AEF2-9CFF96A38558}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{D7F99408-C3A0-4399-8376-61F35F126BEE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{19F0011C-41F2-4A19-9F66-A6A165264FFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{48F2A60D-5DA8-4182-B664-824848D4F2E7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{89AF3E34-21B5-4E0D-9320-63E8D2FC48B9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1A18B4DA-1169-4FC6-A896-D4FFBA9368DD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5724CC53-271F-4E5E-80FD-0F1E6F761937}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2E4CDCFA-CE4D-482B-A995-99F96BF2736A}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{0DBB5608-2505-4EEA-8A5B-3C460A098BAA}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{DA590F04-D0FD-4EC6-B9D7-9B6C39ACB392}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{3344143D-0612-4964-ABC3-3556BE542DC6}] => (Allow) D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{658BADFD-8D39-4491-9B72-8FF79B2AC9ED}D:\steamlibrary\steamapps\common\total war arena\arena.exe] => (Allow) D:\steamlibrary\steamapps\common\total war arena\arena.exe
FirewallRules: [UDP Query User{1EFFD18A-5B3A-478B-A252-E34A34F86BF1}D:\steamlibrary\steamapps\common\total war arena\arena.exe] => (Allow) D:\steamlibrary\steamapps\common\total war arena\arena.exe
FirewallRules: [{8CB870FD-FF73-40AF-ACBD-6128C02465F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{4C648B8F-F165-4879-818A-A7825FFB7F61}] => (Allow) D:\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{A8C43632-3BEE-4851-85F0-D9824E50ED73}] => (Allow) C:\Users\korisnik\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2015 11:56:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 08:37:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program eu4.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1564
 
Start Time: 01d0bff56b02fc48
 
Termination Time: 0
 
Application Path: D:\Program Files (x86)\Europa Universalis IV - Common Sense\eu4.exe
 
Report Id: 8a662145-2be9-11e5-a15e-448a5b5975d6
 
Error: (07/16/2015 03:44:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CK2game.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15e8
 
Start Time: 01d0bfcd7612f52c
 
Termination Time: 0
 
Application Path: D:\Program Files (x86)\Crusader Kings 2 Horse Lords\CK2game.exe
 
Report Id: c335c3dc-2bc0-11e5-a15e-448a5b5975d6
 
Error: (07/16/2015 12:21:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program eu4.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1780
 
Start Time: 01d0bfb0ef3a2eab
 
Termination Time: 0
 
Application Path: D:\Program Files (x86)\Europa Universalis IV - Common Sense\eu4.exe
 
Report Id: 5fb92c76-2ba4-11e5-a15e-448a5b5975d6
 
Error: (07/16/2015 11:05:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CK2game.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2f8
 
Start Time: 01d0bfa652661bf9
 
Termination Time: 19
 
Application Path: D:\Program Files (x86)\Crusader Kings 2 Horse Lords\CK2game.exe
 
Report Id: ce1cd101-2b99-11e5-a15e-448a5b5975d6
 
Error: (07/16/2015 11:00:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2015 06:05:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2015 12:17:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 03:13:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 12:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je prouzrokovala grešku: TEd.AssemblyKit.exe, verzija: 1.0.112.1, vremenska oznaka: 0x5592056a
ime modula koji je prouzrokovao grešku: EmpireConsole.AssemblyKit.dll, verzija: 1.0.0.1, vremenska oznaka: 0x55920487
kôd izuzetka: 0xc0000005
pomak greške: 0x00004f31
ID procesa koji je prouzrokovao grešku: 0x142c
vreme početka aplikacije koja je prouzrokovala grešku: 0xTEd.AssemblyKit.exe0
putanja aplikacije koja je prouzrokovala grešku: TEd.AssemblyKit.exe1
putanja modula koji je prouzrokovao grešku: TEd.AssemblyKit.exe2
ID izveštaja: TEd.AssemblyKit.exe3
 
 
System errors:
=============
Error: (07/17/2015 11:54:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „vToolbarUpdater3.2.0“ nije uspelo zbog sledeće greške: 
%%2
 
Error: (07/17/2015 11:54:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:46:56 on ‎16.‎7.‎2015 was unexpected.
 
Error: (07/16/2015 10:58:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „vToolbarUpdater3.2.0“ nije uspelo zbog sledeće greške: 
%%2
 
Error: (07/16/2015 10:58:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:40:23 on ‎15.‎7.‎2015 was unexpected.
 
Error: (07/15/2015 06:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „vToolbarUpdater3.2.0“ nije uspelo zbog sledeće greške: 
%%2
 
Error: (07/15/2015 06:03:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:02:07 on ‎15.‎7.‎2015 was unexpected.
 
Error: (07/15/2015 12:16:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „vToolbarUpdater3.2.0“ nije uspelo zbog sledeće greške: 
%%2
 
Error: (07/15/2015 12:15:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:52:25 on ‎14.‎7.‎2015 was unexpected.
 
Error: (07/14/2015 03:12:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „vToolbarUpdater3.2.0“ nije uspelo zbog sledeće greške: 
%%2
 
Error: (07/14/2015 03:11:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:10:19 on ‎14.‎7.‎2015 was unexpected.
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ X4 750K Quad Core Processor 
Percentage of memory in use: 29%
Total physical RAM: 8152.18 MB
Available physical RAM: 5779.79 MB
Total Virtual: 16302.54 MB
Available Virtual: 13285.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:312.5 GB) (Free:140.62 GB) NTFS
Drive d: () (Fixed) (Total:618.91 GB) (Free:116.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE01B64C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=312.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=618.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 17 July 2015 - 08:45 PM

Greetings CERBERUSCLH and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There is evidence of pirated copies of some software on your computer. I am going to ask you to remove the below programs before we begin cleaning your computer. If you are willing to do so please delete the below programs. If you are unwilling to remove the programs I will be closing the Topic.

Bandicam
Bandisoft


Please let me know what you wish to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 18 July 2015 - 03:48 AM

I've removed those two programs. Thought why was it important to remove them??



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 18 July 2015 - 07:22 AM

Thank you. Because they are illegal (at least in the U.S.) and are downloads from an untrusted source.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
IFEO\CCleaner64.exe: [Debugger] svchost.exe
ProxyServer: [S-1-5-21-1227359831-991995275-1298296250-1000] => 223.252.33.217:80
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-07-10 18:39 - 2015-07-16 18:39 - 00000340 _____ C:\Windows\Tasks\TouchDetector.job
2015-07-10 18:39 - 2015-07-10 22:39 - 00000000 ____D C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}
2015-07-10 18:39 - 2015-07-10 18:43 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Supportive Gaggle
2015-07-10 18:39 - 2015-07-10 18:39 - 00003258 _____ C:\Windows\System32\Tasks\TouchDetector
C:\Users\korisnik\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\korisnik\AppData\Local\Temp\5rjtqsqt.dll
C:\Users\korisnik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRun.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\korisnik\AppData\Local\Temp\bdfilters.dll
C:\Users\korisnik\AppData\Local\Temp\devcon64.exe
C:\Users\korisnik\AppData\Local\Temp\dsbsqlgy.dll
C:\Users\korisnik\AppData\Local\Temp\eauninstall.exe
C:\Users\korisnik\AppData\Local\Temp\gmh5rola.dll
C:\Users\korisnik\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\korisnik\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\korisnik\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\korisnik\AppData\Local\Temp\nvStInst.exe
C:\Users\korisnik\AppData\Local\Temp\Quarantine.exe
C:\Users\korisnik\AppData\Local\Temp\raptrpatch.exe
C:\Users\korisnik\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\sevensetup.exe
C:\Users\korisnik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\korisnik\AppData\Local\Temp\sonarinst.exe
C:\Users\korisnik\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\korisnik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\korisnik\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\korisnik\AppData\Local\Temp\ucvemhck.dll
C:\Users\korisnik\AppData\Local\Temp\Uninstall.exe
C:\Users\korisnik\AppData\Local\Temp\utils.dll
C:\Users\korisnik\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\korisnik\AppData\Local\Temp\wt7o24ze.dll
C:\Users\korisnik\AppData\Local\Temp\xmlUpdater.exe
C:\Users\korisnik\AppData\Local\Temp\yupdate-exec-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\_is2FD6.exe
C:\Users\korisnik\AppData\Local\Temp\_is3C63.exe
C:\Users\korisnik\AppData\Local\Temp\_is4855.exe
C:\Users\korisnik\AppData\Local\Temp\_isBC5C.exe
C:\Users\korisnik\AppData\Local\Temp\_isCFFB.exe
C:\Users\korisnik\AppData\Local\Temp\_isD5B5.exe
C:\Users\korisnik\AppData\Local\Temp\_m4fgout.dll
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 18 July 2015 - 08:25 AM

Thanks for suggestion of removing uTorrent Gary, but I'm not the only one who uses it here, my father also uses it. As for that I might download a ransomware through uTorrent is unlikely, I download only from trusted uploaders. But before I download those two programs I wish to know what they do if it's okay with you since I've never used those programs.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 18 July 2015 - 01:10 PM

Greetings,

Of course it is OK to ask, it is your computer. :)

The use of torrents is your call. I only want to caution you about the dangers and request you don't download Peer to Peer files because of the very real possibility of infections being delivered via those means.

Both AdwCleaner and Junkware Removal Tool are designed to clean out unwanted and unnecessary programs and other entries on your computer. After you run each tool you are given an option to review what the programs have detected and choose to leave whatever you'd like. Most people just allow the programs to clean their computer but you can certainly screen the results before apply the clean up.

The Fixlist contains the items I have determined should be removed from your computer. Some of them are orphaned entries (lead to nowhere), others are temporary files, and some are files you don't need and/or shouldn't have.

The System Summary step will not modify your computer in any way but will simply provide me with information about your system.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 18 July 2015 - 01:18 PM

Thanks Gary, I'll post these logs soon



#11 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 18 July 2015 - 01:29 PM

Here's adwcleaner log, I won't put everything in one reply because last time I couldn't post when I had a long reply. # AdwCleaner v4.208 - Logfile created 18/07/2015 at 20:26:15

# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : korisnik - PC2-PC
# Running from : C:\Users\korisnik\Desktop\Temporary Programs\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.7.0
[#] Service Deleted : vToolbarUpdater3.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\ProgramData\{80bce373-71ea-13ba-80bc-ce37371e8dcd}
Folder Deleted : C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\korisnik\AppData\Local\Temp\Utils.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Deleted : C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : 1214tbUpdateInfo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 223.252.33.217:80
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3107 bytes] - [04/09/2014 11:48:16]
AdwCleaner[R1].txt - [4133 bytes] - [18/07/2015 20:23:58]
AdwCleaner[S0].txt - [3184 bytes] - [04/09/2014 11:49:56]
AdwCleaner[S1].txt - [3826 bytes] - [18/07/2015 20:26:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3885  bytes] ##########


#12 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 18 July 2015 - 01:32 PM

Hmm I just rank Junkware Removal Tool but a notepad didn't open. What should I do??



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 18 July 2015 - 04:13 PM

Skip it and run the fixlist.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 19 July 2015 - 04:37 AM

Here's the fixlist, and also while Fixing my Antivirus saw Farbar Recovery Scan Tool as a virus, I clicked ignore, since I remember I read somewhere on these forums it's false positives, did i do good??

 

Here's the fixlist : Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01

Ran by korisnik at 2015-07-19 11:28:14 Run:1
Running from C:\Users\korisnik\Desktop\Desktop Things\FRST
Loaded Profiles: korisnik (Available Profiles: korisnik)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
IFEO\CCleaner64.exe: [Debugger] svchost.exe
ProxyServer: [S-1-5-21-1227359831-991995275-1298296250-1000] => 223.252.33.217:80
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-07-10 18:39 - 2015-07-16 18:39 - 00000340 _____ C:\Windows\Tasks\TouchDetector.job
2015-07-10 18:39 - 2015-07-10 22:39 - 00000000 ____D C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}
2015-07-10 18:39 - 2015-07-10 18:43 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Supportive Gaggle
2015-07-10 18:39 - 2015-07-10 18:39 - 00003258 _____ C:\Windows\System32\Tasks\TouchDetector
C:\Users\korisnik\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\korisnik\AppData\Local\Temp\5rjtqsqt.dll
C:\Users\korisnik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRun.exe
C:\Users\korisnik\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\korisnik\AppData\Local\Temp\bdfilters.dll
C:\Users\korisnik\AppData\Local\Temp\devcon64.exe
C:\Users\korisnik\AppData\Local\Temp\dsbsqlgy.dll
C:\Users\korisnik\AppData\Local\Temp\eauninstall.exe
C:\Users\korisnik\AppData\Local\Temp\gmh5rola.dll
C:\Users\korisnik\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\korisnik\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\korisnik\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\korisnik\AppData\Local\Temp\nvStInst.exe
C:\Users\korisnik\AppData\Local\Temp\Quarantine.exe
C:\Users\korisnik\AppData\Local\Temp\raptrpatch.exe
C:\Users\korisnik\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\sevensetup.exe
C:\Users\korisnik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\korisnik\AppData\Local\Temp\sonarinst.exe
C:\Users\korisnik\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\korisnik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\korisnik\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\korisnik\AppData\Local\Temp\ucvemhck.dll
C:\Users\korisnik\AppData\Local\Temp\Uninstall.exe
C:\Users\korisnik\AppData\Local\Temp\utils.dll
C:\Users\korisnik\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\korisnik\AppData\Local\Temp\wt7o24ze.dll
C:\Users\korisnik\AppData\Local\Temp\xmlUpdater.exe
C:\Users\korisnik\AppData\Local\Temp\yupdate-exec-yabrowser.exe
C:\Users\korisnik\AppData\Local\Temp\_is2FD6.exe
C:\Users\korisnik\AppData\Local\Temp\_is3C63.exe
C:\Users\korisnik\AppData\Local\Temp\_is4855.exe
C:\Users\korisnik\AppData\Local\Temp\_isBC5C.exe
C:\Users\korisnik\AppData\Local\Temp\_isCFFB.exe
C:\Users\korisnik\AppData\Local\Temp\_isD5B5.exe
C:\Users\korisnik\AppData\Local\Temp\_m4fgout.dll
Hosts:
*****************
 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner64.exe" => key removed successfully
HKU\S-1-5-21-1227359831-991995275-1298296250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKCR\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
"HKCR\PROTOCOLS\Filter\application/octet-stream" => key removed successfully
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => key removed successfully
"HKCR\PROTOCOLS\Filter\application/x-complus" => key removed successfully
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => key not found. 
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => key removed successfully
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => key not found. 
vToolbarUpdater3.2.0 => Service not found.
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => Service removed successfully
cpuz135 => Service removed successfully
EagleX64 => Service removed successfully
MSICDSetup => Service removed successfully
NTIOLib_1_0_C => Service removed successfully
NVHDA => Service removed successfully
nvlddmkm => Service removed successfully
nvvad_WaveExtensible => Service removed successfully
VGPU => Service removed successfully
xhunter1 => Service removed successfully
C:\Windows\Tasks\TouchDetector.job => moved successfully.
"C:\ProgramData\{9611eb22-481a-b339-9611-1eb22481ac89}" => File/Folder not found.
C:\Users\korisnik\AppData\Roaming\Supportive Gaggle => moved successfully.
C:\Windows\System32\Tasks\TouchDetector => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\5rjtqsqt.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\AutoDetectUtilApp.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\AutoRun.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\AutoRunGUI.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\bdfilters.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\devcon64.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\dsbsqlgy.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\eauninstall.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\gmh5rola.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\HiRezLauncherControls.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\nvStInst.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\raptrpatch.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\Setup-yabrowser.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\sevensetup.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\sonarinst.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\swt-win32-3349.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\ucvemhck.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\Uninstall.exe => moved successfully.
"C:\Users\korisnik\AppData\Local\Temp\utils.dll" => File/Folder not found.
C:\Users\korisnik\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\wt7o24ze.dll => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\xmlUpdater.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\yupdate-exec-yabrowser.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_is2FD6.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_is3C63.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_is4855.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_isBC5C.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_isCFFB.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_isD5B5.exe => moved successfully.
C:\Users\korisnik\AppData\Local\Temp\_m4fgout.dll => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
 
==== End of Fixlog 11:28:37 ==== http://www.mediafire.com/download/dm69l1chem150od/Summary.rar Here's the mediafire link to Summary.rar, as I said before I cannot attach because it says Flash player is out of date everywhere, even on youtube, still don't know how to fix it, I tryed updating both flash player and my web browser ( Yandex ) if you know how to fix this aswell, I would be thankful.

Hm and I noticed there's the file HiRez moved, which is for sure safe, it's an updater for a game.



#15 CERBERUSCLH

CERBERUSCLH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:30 PM

Posted 19 July 2015 - 04:38 AM

Adobe Flash player was blocked because it's out of date is what the problem says by the way, there's the option Update Plug-In but that's for Google and I don't use Google.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users