Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant run Malwarebytes [Closed]

Started by MARKOCARS , Sep 02 2014 01:42 PM

  • This topic is locked This topic is locked

#1
MARKOCARS
Posted 02 September 2014 - 01:42 PM

MARKOCARS

    Member

  • Member
  • PipPip
  • 25 posts

So yeah ive opend a topic and went to holiday, so i didnt respond..

But youve told me to dowloand Farbar Recovery Scan Tool and post a log from it so yeah, here it is...

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02

Ran by Dexi (administrator) on DEXI-PC on 02-09-2014 21:37:36
Running from C:\Users\Dexi\Downloads
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\System32\PnkBstrA.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) E:\Steam\Steam.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [kxesc] => c:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2012-10-08] (Kingsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\Run: [Steam] => E:\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\MountPoints2: {1a8f72f1-e067-11e1-b13d-001d92d82d25} - G:\Autorun.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA975D188AC7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {CDBF1579-0EC7-4CB4-9A45-56FDB4A7DCC9} URL = http://search.condui...7926320310&UM=1
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Dexi at 2014-09-02 21:38:23
Running from C:\Users\Dexi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Addon Sync 2009 (HKLM\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye for A2) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dishonored (HKLM\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gun Monkeys (HKLM\...\Steam App 239450) (Version:  - Size Five Games)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.61.0 - HTC)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kingsoft Antivirus 2012 (HKLM\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security)
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version:  - )
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NBA 2K13 (HKLM\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM\...\Steam App 255480) (Version:  - Visual Concepts)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NRadioBox (HKLM\...\{1AEAA6CC-98C2-4650-A217-EF5F92C3E602}) (Version: 1.0.0 - NRadioBox)
NVIDIA PhysX (HKLM\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pro Evolution Soccer 2014 (HKLM\...\Steam App 250870) (Version:  - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rome: Total War (HKLM\...\Steam App 4760) (Version:  - The Creative Assembly)
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version:  - Firaxis Games)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strategic War in Europe (HKLM\...\Steam App 283000) (Version:  - Wastelands Interactive)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Webcam (HKLM\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.6 - ETRON)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dexi\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Chrome\Application\35.0.1916.114\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Dexi\AppData\Local\Temp\007b6305\setup.exe No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02735602-5636-4BBB-9913-3D6A098DD067} - System32\Tasks\SN.Booster-S-014941198 => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
Task: {1AEE0313-EA60-435B-A3B8-EFE45A8546AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {67D532F5-3C4E-47B4-A40F-FFD2C492CB7A} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {93044A85-57A7-4B55-9A02-79650BC07DE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {93B182CC-7D71-4AB2-B833-5DE244F10AE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {98F31D3A-FD1D-482F-87FF-39E1041458CA} - System32\Tasks\{C0E35F6D-39AC-4F89-AC03-8B16B67C04DE} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {C849BC21-DF47-414A-8CEE-6DA64959BCFF} - System32\Tasks\{F3A20422-C511-4DF2-8BBF-7BA265FE6E50} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {CEFF5A2B-3805-4FAB-BB23-6D4272C6ADA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {E76897EE-0A94-44D0-99F4-C94D4B62C03F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {FE7A5654-3C7A-4729-B71E-C78D369F0039} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SN.Booster-S-014941198.job => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-17 12:42 - 2013-05-17 12:42 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-05-17 12:43 - 2013-05-17 12:43 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-05-17 12:47 - 2013-05-17 12:47 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-07-20 23:51 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-26 19:48 - 2014-04-24 12:23 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-29 23:22 - 2014-08-21 20:15 - 01171456 _____ () E:\Steam\libavcodec-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00442368 _____ () E:\Steam\libavutil-54.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00332800 _____ () E:\Steam\libavresample-2.dll
2013-07-01 08:20 - 2014-08-21 00:38 - 00774656 _____ () E:\Steam\SDL2.dll
2014-05-23 16:19 - 2014-08-28 13:48 - 02224320 _____ () E:\Steam\video.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00403968 _____ () E:\Steam\libavformat-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00485888 _____ () E:\Steam\libswscale-3.dll
2013-07-09 17:56 - 2014-08-28 13:48 - 00678080 _____ () E:\Steam\bin\chromehtml.DLL
2013-05-17 12:43 - 2013-05-17 12:43 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-07-09 13:45 - 2014-08-21 00:38 - 34589376 _____ () E:\Steam\bin\libcef.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
 
==================== Faulty Device Manager Devices =============
 
Please help :)

 


  • 0

Advertisements

#2
BrianDrab
Posted 03 September 2014 - 03:26 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I will be helping you with Malware Removal.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll review your logs now and get back to you. Just wanted to let you know that I'll be taking care of you.


  • 0

#3
BrianDrab
Posted 03 September 2014 - 03:55 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I reviewed your partial logs and there are some things to clean up however we need the complete logs first. Both your FRST and Addition logs were cut off.

 

1. Open up the FRST.txt file that is in your downloads folder.

2. Choose Edit...Select All and then Edit Copy from within Notepad.

3. Then start a new reply here and Right-click your mouse and choose paste.

 

Do the same for the Addition.txt file. If you want to do each in a separate reply to ensure the entire file is posted that is fine as well.

 

At the end of each file it will have the following line. That's how you know you have pasted the file in its entirety.

 

==================== End Of Log ============================

 

 

Thank you.


  • 0

#4
MARKOCARS
Posted 03 September 2014 - 10:59 PM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Dexi (administrator) on DEXI-PC on 02-09-2014 21:37:36
Running from C:\Users\Dexi\Downloads
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\System32\PnkBstrA.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) E:\Steam\Steam.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [kxesc] => c:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2012-10-08] (Kingsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\Run: [Steam] => E:\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\MountPoints2: {1a8f72f1-e067-11e1-b13d-001d92d82d25} - G:\Autorun.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA975D188AC7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {CDBF1579-0EC7-4CB4-9A45-56FDB4A7DCC9} URL = http://search.condui...7926320310&UM=1
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dexi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google диск) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google претрага) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Srbija - Serbia) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokaekccaopodkibmlkmfoikhfppgbbb [2014-07-20]
CHR Extension: (Google новчаник) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [348032 2014-08-15] ()
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [92536 2014-02-20] (EasyAntiCheat Ltd)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 kxescore; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2012-08-07] (Kingsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-04-24] ()
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-28] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [27240 2012-08-07] (Kingsoft Corporation)
R1 KDHacker; c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2012-08-07] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [165176 2013-06-12] (Kingsoft Corporation)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [82264 2012-08-07] (Kingsoft Corporation)
R4 KUsbGuard; C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2012-09-11] (Kingsoft Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2014-06-17] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-29] (Etron)
S3 iatmunin; \??\C:\Users\Dexi\AppData\Local\Temp\iatmunin.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 21:37 - 2014-09-02 21:38 - 00010878 _____ () C:\Users\Dexi\Downloads\FRST.txt
2014-09-02 21:37 - 2014-09-02 21:37 - 00000000 ____D () C:\FRST
2014-09-02 21:36 - 2014-09-02 21:37 - 01096704 _____ (Farbar) C:\Users\Dexi\Downloads\FRST.exe
2014-09-02 17:47 - 2014-09-02 17:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dexi\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 23:12 - 2014-08-28 23:12 - 10969766 _____ (Ingato LTD) C:\Users\Dexi\Downloads\IngatoClient (1).exe
2014-08-26 17:36 - 2014-08-26 17:36 - 00000202 _____ () C:\Users\Dexi\Desktop\Strategic War in Europe.url
2014-08-25 13:30 - 2014-08-25 13:30 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-25 12:22 - 2014-08-25 12:22 - 00000000 ____D () C:\Users\Dexi\AppData\Local\Skyrim
2014-08-24 18:27 - 2014-08-24 18:27 - 00000202 _____ () C:\Users\Dexi\Desktop\Dishonored.url
2014-08-24 18:27 - 2014-08-24 18:27 - 00000201 _____ () C:\Users\Dexi\Desktop\The Elder Scrolls V Skyrim.url
2014-08-23 23:48 - 2014-08-23 23:48 - 00000202 _____ () C:\Users\Dexi\Desktop\Age of Empires II HD Edition.url
2014-08-23 21:52 - 2014-08-23 21:52 - 00000200 _____ () C:\Users\Dexi\Desktop\Rome Total War.url
2014-08-20 23:11 - 2014-08-20 23:11 - 00000000 ____D () C:\Users\Dexi\Documents\KONAMI
2014-08-20 17:04 - 2014-08-20 17:04 - 00000202 _____ () C:\Users\Dexi\Desktop\Pro Evolution Soccer 2014.url
2014-08-19 10:02 - 2014-08-19 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-19 06:38 - 2014-08-19 06:38 - 00000199 _____ () C:\Users\Dexi\Desktop\Counter-Strike Global Offensive.url
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\www.facebook.com
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\VVV
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\Tracert
2014-08-18 14:29 - 2014-08-18 14:29 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1638-n-bc.exe
2014-08-18 13:33 - 2014-08-18 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-17 12:57 - 2014-08-19 13:05 - 00000000 ____D () C:\New folder
2014-08-17 11:57 - 2014-08-17 11:45 - 00000121 ____H () C:\Users\Dexi\Desktop\instructions.bat
2014-08-17 11:57 - 2014-08-17 11:32 - 00000180 ____H () C:\Users\Dexi\Desktop\extra.bat
2014-08-15 14:56 - 2014-08-15 14:56 - 00000000 __SHD () C:\found.000
2014-08-15 13:48 - 2014-08-15 13:48 - 00001170 _____ () C:\Users\Dexi\Desktop\TeamSpeak 3 Client.lnk
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\TeamSpeak 3 Client
2014-08-15 13:46 - 2014-08-15 13:47 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dexi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-08-07 17:01 - 2014-08-19 06:03 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-07 17:01 - 2014-08-07 17:01 - 00000964 _____ () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-08-07 16:57 - 2014-08-07 16:57 - 00000000 ____D () C:\ProgramData\Datamngr
2014-08-07 16:56 - 2014-08-19 06:04 - 00000000 ____D () C:\Users\Dexi\AppData\Local\iLivid
2014-08-07 16:56 - 2014-08-07 16:56 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1720-n-bc.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 21:38 - 2014-09-02 21:37 - 00010878 _____ () C:\Users\Dexi\Downloads\FRST.txt
2014-09-02 21:37 - 2014-09-02 21:37 - 00000000 ____D () C:\FRST
2014-09-02 21:37 - 2014-09-02 21:36 - 01096704 _____ (Farbar) C:\Users\Dexi\Downloads\FRST.exe
2014-09-02 21:34 - 2012-08-07 09:57 - 01927547 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:31 - 2014-07-21 01:45 - 00011236 _____ () C:\Windows\setupact.log
2014-09-02 21:31 - 2014-07-20 22:36 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 21:31 - 2014-05-05 18:31 - 00000474 ____H () C:\Windows\Tasks\SN.Booster-S-014941198.job
2014-09-02 21:31 - 2013-07-20 23:52 - 00000000 ____D () C:\Users\Dexi\AppData\Local\HTC MediaHub
2014-09-02 21:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 20:07 - 2012-08-07 16:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA.job
2014-09-02 20:05 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 20:05 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 18:49 - 2013-09-09 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 18:41 - 2014-07-20 22:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 18:36 - 2013-01-30 18:42 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Skype
2014-09-02 17:51 - 2014-07-21 01:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-02 17:49 - 2014-09-02 17:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dexi\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-02 15:07 - 2012-08-07 16:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core.job
2014-09-02 12:42 - 2014-05-17 17:03 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\TS3Client
2014-09-01 14:14 - 2012-08-07 10:02 - 00788036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 23:14 - 2014-03-26 17:17 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\.minecraft
2014-08-28 23:18 - 2012-08-27 23:00 - 00000444 _____ () C:\Windows\system32\khackmon.dll.log
2014-08-28 23:13 - 2014-05-20 20:18 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Ingato LTD
2014-08-28 23:12 - 2014-08-28 23:12 - 10969766 _____ (Ingato LTD) C:\Users\Dexi\Downloads\IngatoClient (1).exe
2014-08-26 19:10 - 2014-07-21 01:44 - 00009084 _____ () C:\Windows\PFRO.log
2014-08-26 19:10 - 2013-05-22 18:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-26 17:52 - 2012-09-08 10:21 - 00000000 ____D () C:\Users\Dexi\Documents\My Games
2014-08-26 17:36 - 2014-08-26 17:36 - 00000202 _____ () C:\Users\Dexi\Desktop\Strategic War in Europe.url
2014-08-26 16:39 - 2013-05-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-26 14:37 - 2012-08-09 15:21 - 00000000 __SHD () C:\KRECYCLE
2014-08-25 13:30 - 2014-08-25 13:30 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-25 12:22 - 2014-08-25 12:22 - 00000000 ____D () C:\Users\Dexi\AppData\Local\Skyrim
2014-08-24 18:27 - 2014-08-24 18:27 - 00000202 _____ () C:\Users\Dexi\Desktop\Dishonored.url
2014-08-24 18:27 - 2014-08-24 18:27 - 00000201 _____ () C:\Users\Dexi\Desktop\The Elder Scrolls V Skyrim.url
2014-08-24 02:09 - 2014-07-20 14:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:08 - 2012-08-28 22:46 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 23:48 - 2014-08-23 23:48 - 00000202 _____ () C:\Users\Dexi\Desktop\Age of Empires II HD Edition.url
2014-08-23 21:52 - 2014-08-23 21:52 - 00000200 _____ () C:\Users\Dexi\Desktop\Rome Total War.url
2014-08-20 23:11 - 2014-08-20 23:11 - 00000000 ____D () C:\Users\Dexi\Documents\KONAMI
2014-08-20 17:04 - 2014-08-20 17:04 - 00000202 _____ () C:\Users\Dexi\Desktop\Pro Evolution Soccer 2014.url
2014-08-19 13:05 - 2014-08-17 12:57 - 00000000 ____D () C:\New folder
2014-08-19 10:02 - 2014-08-19 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-19 10:02 - 2013-01-30 18:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-19 06:38 - 2014-08-19 06:38 - 00000199 _____ () C:\Users\Dexi\Desktop\Counter-Strike Global Offensive.url
2014-08-19 06:04 - 2014-08-07 16:56 - 00000000 ____D () C:\Users\Dexi\AppData\Local\iLivid
2014-08-19 06:03 - 2014-08-07 17:01 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\www.facebook.com
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\VVV
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\Tracert
2014-08-18 15:19 - 2012-08-07 09:58 - 00000000 ____D () C:\Users\Dexi
2014-08-18 14:29 - 2014-08-18 14:29 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1638-n-bc.exe
2014-08-18 13:45 - 2014-01-05 00:34 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\vlc
2014-08-18 13:33 - 2014-08-18 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-17 11:45 - 2014-08-17 11:57 - 00000121 ____H () C:\Users\Dexi\Desktop\instructions.bat
2014-08-17 11:32 - 2014-08-17 11:57 - 00000180 ____H () C:\Users\Dexi\Desktop\extra.bat
2014-08-16 15:34 - 2012-09-17 16:54 - 00000000 ____D () C:\Users\Dexi\AppData\Local\PMB Files
2014-08-16 15:34 - 2012-09-17 16:54 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-16 12:55 - 2014-07-20 22:38 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 16:48 - 2014-04-28 20:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\ArmA 2 OA
2014-08-15 16:40 - 2014-05-17 16:47 - 00000000 ____D () C:\Program Files\Common Files\BattlEye
2014-08-15 15:28 - 2013-10-12 11:52 - 00280792 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-08-15 15:28 - 2013-10-12 11:41 - 00139112 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-08-15 15:28 - 2012-10-26 19:48 - 00280792 _____ () C:\Windows\system32\PnkBstrB.exe
2014-08-15 15:25 - 2012-10-26 19:48 - 00281032 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-08-15 14:56 - 2014-08-15 14:56 - 00000000 __SHD () C:\found.000
2014-08-15 13:48 - 2014-08-15 13:48 - 00001170 _____ () C:\Users\Dexi\Desktop\TeamSpeak 3 Client.lnk
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\TeamSpeak 3 Client
2014-08-15 13:47 - 2014-08-15 13:46 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dexi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-08-12 15:22 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 17:01 - 2014-08-07 17:01 - 00000964 _____ () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-08-07 16:57 - 2014-08-07 16:57 - 00000000 ____D () C:\ProgramData\Datamngr
2014-08-07 16:56 - 2014-08-07 16:56 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1720-n-bc.exe
 
Some content of TEMP:
====================
C:\Users\Dexi\AppData\Local\Temp\CloudBackup8828.exe
C:\Users\Dexi\AppData\Local\Temp\mpegc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-30 12:41
 
==================== End Of Log ============================

  • 0

#5
MARKOCARS
Posted 03 September 2014 - 11:00 PM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Dexi at 2014-09-02 21:38:23
Running from C:\Users\Dexi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Addon Sync 2009 (HKLM\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye for A2) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dishonored (HKLM\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gun Monkeys (HKLM\...\Steam App 239450) (Version:  - Size Five Games)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.61.0 - HTC)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kingsoft Antivirus 2012 (HKLM\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security)
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version:  - )
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NBA 2K13 (HKLM\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM\...\Steam App 255480) (Version:  - Visual Concepts)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NRadioBox (HKLM\...\{1AEAA6CC-98C2-4650-A217-EF5F92C3E602}) (Version: 1.0.0 - NRadioBox)
NVIDIA PhysX (HKLM\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pro Evolution Soccer 2014 (HKLM\...\Steam App 250870) (Version:  - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rome: Total War (HKLM\...\Steam App 4760) (Version:  - The Creative Assembly)
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version:  - Firaxis Games)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strategic War in Europe (HKLM\...\Steam App 283000) (Version:  - Wastelands Interactive)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Webcam (HKLM\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.6 - ETRON)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dexi\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Chrome\Application\35.0.1916.114\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Dexi\AppData\Local\Temp\007b6305\setup.exe No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02735602-5636-4BBB-9913-3D6A098DD067} - System32\Tasks\SN.Booster-S-014941198 => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
Task: {1AEE0313-EA60-435B-A3B8-EFE45A8546AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {67D532F5-3C4E-47B4-A40F-FFD2C492CB7A} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {93044A85-57A7-4B55-9A02-79650BC07DE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {93B182CC-7D71-4AB2-B833-5DE244F10AE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {98F31D3A-FD1D-482F-87FF-39E1041458CA} - System32\Tasks\{C0E35F6D-39AC-4F89-AC03-8B16B67C04DE} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {C849BC21-DF47-414A-8CEE-6DA64959BCFF} - System32\Tasks\{F3A20422-C511-4DF2-8BBF-7BA265FE6E50} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {CEFF5A2B-3805-4FAB-BB23-6D4272C6ADA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {E76897EE-0A94-44D0-99F4-C94D4B62C03F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {FE7A5654-3C7A-4729-B71E-C78D369F0039} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SN.Booster-S-014941198.job => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-17 12:42 - 2013-05-17 12:42 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-05-17 12:43 - 2013-05-17 12:43 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-05-17 12:47 - 2013-05-17 12:47 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-07-20 23:51 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-26 19:48 - 2014-04-24 12:23 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-29 23:22 - 2014-08-21 20:15 - 01171456 _____ () E:\Steam\libavcodec-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00442368 _____ () E:\Steam\libavutil-54.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00332800 _____ () E:\Steam\libavresample-2.dll
2013-07-01 08:20 - 2014-08-21 00:38 - 00774656 _____ () E:\Steam\SDL2.dll
2014-05-23 16:19 - 2014-08-28 13:48 - 02224320 _____ () E:\Steam\video.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00403968 _____ () E:\Steam\libavformat-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00485888 _____ () E:\Steam\libswscale-3.dll
2013-07-09 17:56 - 2014-08-28 13:48 - 00678080 _____ () E:\Steam\bin\chromehtml.DLL
2013-05-17 12:43 - 2013-05-17 12:43 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-07-09 13:45 - 2014-08-21 00:38 - 34589376 _____ () E:\Steam\bin\libcef.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 12:54 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2014 05:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1400
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/01/2014 07:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2014 00:41:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/27/2014 09:22:20 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/27/2014 01:02:33 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/26/2014 03:09:01 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/25/2014 01:30:12 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/24/2014 07:53:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 08:28:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 02:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e68
 
Start Time: 01cfbe689b36b1ca
 
Termination Time: 4
 
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Report Id: ed7f71a7-2a5b-11e4-b787-001d92d82d25
 
 
System errors:
=============
Error: (08/31/2014 02:28:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:25:21 on ‎31.‎8.‎2014 was unexpected.
 
Error: (08/31/2014 01:16:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:14:37 on ‎31.‎8.‎2014 was unexpected.
 
Error: (08/24/2014 10:28:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:12:27 on ‎24.‎8.‎2014 was unexpected.
 
Error: (08/24/2014 10:11:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:08:24 on ‎24.‎8.‎2014 was unexpected.
 
Error: (08/22/2014 05:28:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (08/22/2014 05:27:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (08/22/2014 05:26:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (08/21/2014 06:33:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:32:04 on ‎21.‎8.‎2014 was unexpected.
 
Error: (08/21/2014 05:37:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:36:19 on ‎21.‎8.‎2014 was unexpected.
 
Error: (08/21/2014 05:32:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:40:16 on ‎21.‎8.‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (09/02/2014 05:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd140001cfc6c59dd99063C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dlldc2e582b-32b8-11e4-b99a-001d92d82d25
 
Error: (09/01/2014 07:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/30/2014 00:41:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/27/2014 09:22:20 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/27/2014 01:02:33 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/26/2014 03:09:01 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/25/2014 01:30:12 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/24/2014 07:53:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/23/2014 08:28:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/23/2014 02:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.143e6801cfbe689b36b1ca4C:\Program Files\Google\Chrome\Application\chrome.exeed7f71a7-2a5b-11e4-b787-001d92d82d25
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 49%
Total physical RAM: 2047.37 MB
Available physical RAM: 1032.2 MB
Total Pagefile: 4094.73 MB
Available Pagefile: 2621.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:82.92 GB) (Free:48.97 GB) NTFS
Drive d: () (Fixed) (Total:107.53 GB) (Free:3.27 GB) NTFS
Drive e: () (Fixed) (Total:107.54 GB) (Free:4.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 963FF6FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=82.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.1 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#6
BrianDrab
Posted 04 September 2014 - 06:41 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you for the information. I see no reason we can't get you all fixed up. Please follow the instructions below.

 

Step#1 - Warnings
 
#1 - P2P Detected
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
 
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent
To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

#2 - CCleaner 
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
#3 - Low on Disk Space
Two of your drives (D & E) are very low on space. They have between 3 and 4 percent free disk space. This can adversely affects the performance of your computer. It's recommended to have at least 15% free disk space so that tools such as the automated defragger can keep your drive optimized.
 
 
Step#2 - Uninstalls
Please uninstall the following program. You can use the same instructions in Step#1 above to do this. Let me know if you have trouble doing this.
Pando Media Booster
 
 
Step#3 - AdwCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.
 
Step#4 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating
system
1. Download attached file and save it to the Desktop. txt.gif.pagespeed.ce.weXzwzRVPS.gif  Fixlist.txt   2.41KB   1 downloads

    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (I suggest moving FRST to the desktop).
 
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Step#5 - Malwarebytes Removal Tool

We will be reinstalling Malwarebytes shortly. Since you have been having trouble with it I would like to do the following first.

1. Please download the Malwarebytes removal tool from here and save to your desktop.

2. Right-click on the file and choose Run as administrator.

3. Let the program run and reboot if prompted.

 

Step#6 - Fresh Set of Logs

1. Right click to run as administrator.

2. Ensure that you select the Addition.txt check box at the bottom of the form within the Optional Scan section.

2. Press Scan button.

3. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)

4. Please copy and paste log back here.

5. Another log will be generated (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

 

 

 

Items for the Next Post

1. AdwCleaner log

2. FRST fix log

3. Fresh FRST and Addition logs.


  • 2

#7
MARKOCARS
Posted 04 September 2014 - 09:25 AM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
# AdwCleaner v3.309 - Report created 04/09/2014 at 17:23:44
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Dexi - DEXI-PC
# Running from : C:\Users\Dexi\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AppReady Software
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Dexi\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Dexi\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Dexi\AppData\Local\Conduit
Folder Deleted : C:\Users\Dexi\AppData\Local\iLivid
Folder Deleted : C:\Users\Dexi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dexi\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnbjoaffnhaoebfpbpmocmdlodnmdci
File Deleted : C:\Users\Dexi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Deleted : C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=266&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1611626902214233&q={searchTerms}
Deleted [Homepage] : hxxp://www.searchnu.com/406
Deleted [Extension] : gflandjopdloblmlcoiidmncpinmmacn
Deleted [Extension] : kiplfnciaokpcennlkldkdaeaaomamof
 
*************************
 
AdwCleaner[R0].txt - [5726 octets] - [04/09/2014 17:22:31]
AdwCleaner[S0].txt - [5795 octets] - [04/09/2014 17:23:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5855 octets] ##########

  • 0

#8
MARKOCARS
Posted 04 September 2014 - 09:28 AM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sorry, you don't have permission for that!

 

[#10171]

You do not have permission to view this attachment.

 

For some reason i cant download the file....


  • 0

#9
BrianDrab
Posted 04 September 2014 - 09:30 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Try this one. Attached File  Fixlist.txt   2.41KB   434 downloads


  • 0

#10
MARKOCARS
Posted 04 September 2014 - 09:36 AM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by Dexi at 2014-09-04 17:32:52 Run:1
Running from C:\Users\Dexi\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {CDBF1579-0EC7-4CB4-9A45-56FDB4A7DCC9} URL = http://search.condui...7926320310&UM=1
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Dexi\AppData\Local\Temp\007b6305\setup.exe No File
Task: {02735602-5636-4BBB-9913-3D6A098DD067} - System32\Tasks\SN.Booster-S-014941198 => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
Task: {67D532F5-3C4E-47B4-A40F-FFD2C492CB7A} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\SN.Booster-S-014941198.job => c:\programdata\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR HomePage: Default -> hxxp://www.searchnu.com/406
2014-08-07 16:56 - 2014-08-07 16:56 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1720-n-bc.exe
2014-08-07 16:56 - 2014-08-19 06:04 - 00000000 ____D () C:\Users\Dexi\AppData\Local\iLivid
2014-08-07 17:01 - 2014-08-07 17:01 - 00000964 _____ () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-08-07 17:01 - 2014-08-19 06:03 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-18 14:29 - 2014-08-18 14:29 - 01922200 _____ (Bandoo Media Inc) C:\Users\Dexi\Downloads\iLividSetup-r1638-n-bc.exe
2014-09-02 21:31 - 2014-05-05 18:31 - 00000474 ____H () C:\Windows\Tasks\SN.Booster-S-014941198.job
C:\Program Files\Pando Networks
c:\programdata\appready software
EmptyTemp:
 
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDBF1579-0EC7-4CB4-9A45-56FDB4A7DCC9}" => Key deleted successfully.
"HKCR\CLSID\{CDBF1579-0EC7-4CB4-9A45-56FDB4A7DCC9}" => Key not found.
"HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}" => Key not found.
"HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02735602-5636-4BBB-9913-3D6A098DD067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02735602-5636-4BBB-9913-3D6A098DD067}" => Key deleted successfully.
C:\Windows\System32\Tasks\SN.Booster-S-014941198 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SN.Booster-S-014941198" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D532F5-3C4E-47B4-A40F-FFD2C492CB7A}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
C:\Windows\Tasks\SN.Booster-S-014941198.job => Moved successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Chrome HomePage deleted successfully.
C:\Users\Dexi\Downloads\iLividSetup-r1720-n-bc.exe => Moved successfully.
"C:\Users\Dexi\AppData\Local\iLivid" => File/Directory not found.
"C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
C:\Users\Dexi\Downloads\iLividSetup-r1638-n-bc.exe => Moved successfully.
"C:\Windows\Tasks\SN.Booster-S-014941198.job" => File/Directory not found.
C:\Program Files\Pando Networks => Moved successfully.
"c:\programdata\appready software" => File/Directory not found.
EmptyTemp: => Removed 12.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

Advertisements

#11
MARKOCARS
Posted 04 September 2014 - 09:42 AM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Dexi (administrator) on DEXI-PC on 04-09-2014 17:41:45
Running from C:\Users\Dexi\Downloads
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\System32\PnkBstrA.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [kxesc] => c:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2012-10-08] (Kingsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\Run: [Steam] => E:\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1647691666-3661379803-2873215379-1000\...\MountPoints2: {1a8f72f1-e067-11e1-b13d-001d92d82d25} - G:\Autorun.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA975D188AC7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dexi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 3C884F8CF14F382512BE9C709FCF53AC82BE72753EA1569FC0D66541F1B6FC4A
CHR DefaultSearchProvider: Default -> 0869498A94F64AC129568B0C1987AB61427D268659D88596298194607E13FD52
CHR DefaultSearchURL: Default -> 6E4FB2D259E9D390B0E0170C6384F1895910420274370B2005BD863065A7AD9E
CHR CustomProfile: C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google диск) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google претрага) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Srbija - Serbia) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokaekccaopodkibmlkmfoikhfppgbbb [2014-07-20]
CHR Extension: (Google новчаник) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Dexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [348032 2014-08-15] ()
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [92536 2014-02-20] (EasyAntiCheat Ltd)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 kxescore; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2012-08-07] (Kingsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-04-24] ()
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-28] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [27240 2012-08-07] (Kingsoft Corporation)
R1 KDHacker; c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2012-08-07] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [165176 2013-06-12] (Kingsoft Corporation)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [82264 2012-08-07] (Kingsoft Corporation)
R4 KUsbGuard; C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2012-09-11] (Kingsoft Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2014-06-17] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-29] (Etron)
S3 iatmunin; \??\C:\Users\Dexi\AppData\Local\Temp\iatmunin.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 17:38 - 2014-09-04 17:38 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Dexi\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-04 17:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-04 17:22 - 2014-09-04 17:23 - 00000000 ____D () C:\AdwCleaner
2014-09-04 17:19 - 2014-09-04 17:19 - 01370467 _____ () C:\Users\Dexi\Downloads\AdwCleaner.exe
2014-09-02 21:38 - 2014-09-02 21:39 - 00031061 _____ () C:\Users\Dexi\Downloads\Addition.txt
2014-09-02 21:37 - 2014-09-04 17:41 - 00009467 _____ () C:\Users\Dexi\Downloads\FRST.txt
2014-09-02 21:37 - 2014-09-04 17:41 - 00000000 ____D () C:\FRST
2014-09-02 21:36 - 2014-09-02 21:37 - 01096704 _____ (Farbar) C:\Users\Dexi\Downloads\FRST.exe
2014-09-02 17:47 - 2014-09-02 17:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dexi\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 23:12 - 2014-08-28 23:12 - 10969766 _____ (Ingato LTD) C:\Users\Dexi\Downloads\IngatoClient (1).exe
2014-08-26 17:36 - 2014-08-26 17:36 - 00000202 _____ () C:\Users\Dexi\Desktop\Strategic War in Europe.url
2014-08-25 13:30 - 2014-08-25 13:30 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-25 12:22 - 2014-08-25 12:22 - 00000000 ____D () C:\Users\Dexi\AppData\Local\Skyrim
2014-08-24 18:27 - 2014-08-24 18:27 - 00000202 _____ () C:\Users\Dexi\Desktop\Dishonored.url
2014-08-24 18:27 - 2014-08-24 18:27 - 00000201 _____ () C:\Users\Dexi\Desktop\The Elder Scrolls V Skyrim.url
2014-08-23 23:48 - 2014-08-23 23:48 - 00000202 _____ () C:\Users\Dexi\Desktop\Age of Empires II HD Edition.url
2014-08-23 21:52 - 2014-08-23 21:52 - 00000200 _____ () C:\Users\Dexi\Desktop\Rome Total War.url
2014-08-20 23:11 - 2014-08-20 23:11 - 00000000 ____D () C:\Users\Dexi\Documents\KONAMI
2014-08-20 17:04 - 2014-08-20 17:04 - 00000202 _____ () C:\Users\Dexi\Desktop\Pro Evolution Soccer 2014.url
2014-08-19 10:02 - 2014-08-19 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-19 06:38 - 2014-08-19 06:38 - 00000199 _____ () C:\Users\Dexi\Desktop\Counter-Strike Global Offensive.url
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\www.facebook.com
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\VVV
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\Tracert
2014-08-18 13:33 - 2014-08-18 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-17 12:57 - 2014-08-19 13:05 - 00000000 ____D () C:\New folder
2014-08-17 11:57 - 2014-08-17 11:45 - 00000121 ____H () C:\Users\Dexi\Desktop\instructions.bat
2014-08-17 11:57 - 2014-08-17 11:32 - 00000180 ____H () C:\Users\Dexi\Desktop\extra.bat
2014-08-15 14:56 - 2014-08-15 14:56 - 00000000 __SHD () C:\found.000
2014-08-15 13:48 - 2014-08-15 13:48 - 00001170 _____ () C:\Users\Dexi\Desktop\TeamSpeak 3 Client.lnk
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\TeamSpeak 3 Client
2014-08-15 13:46 - 2014-08-15 13:47 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dexi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 17:42 - 2014-09-02 21:37 - 00009467 _____ () C:\Users\Dexi\Downloads\FRST.txt
2014-09-04 17:41 - 2014-09-02 21:37 - 00000000 ____D () C:\FRST
2014-09-04 17:41 - 2014-07-20 22:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 17:39 - 2014-07-21 01:45 - 00012020 _____ () C:\Windows\setupact.log
2014-09-04 17:39 - 2014-07-21 01:44 - 00362378 _____ () C:\Windows\PFRO.log
2014-09-04 17:39 - 2014-07-20 22:36 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 17:39 - 2013-07-20 23:52 - 00000000 ____D () C:\Users\Dexi\AppData\Local\HTC MediaHub
2014-09-04 17:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 17:38 - 2014-09-04 17:38 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Dexi\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-04 17:38 - 2012-08-07 09:57 - 01975348 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 17:38 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 17:38 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 17:23 - 2014-09-04 17:22 - 00000000 ____D () C:\AdwCleaner
2014-09-04 17:19 - 2014-09-04 17:19 - 01370467 _____ () C:\Users\Dexi\Downloads\AdwCleaner.exe
2014-09-04 17:19 - 2012-08-09 15:21 - 00000000 __SHD () C:\KRECYCLE
2014-09-04 17:17 - 2012-08-27 23:00 - 00000448 _____ () C:\Windows\system32\khackmon.dll.log
2014-09-04 17:07 - 2012-08-07 16:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA.job
2014-09-04 16:49 - 2013-09-09 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 15:43 - 2014-07-20 22:38 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 15:07 - 2012-08-07 16:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core.job
2014-09-04 13:32 - 2014-05-17 17:03 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\TS3Client
2014-09-03 22:04 - 2013-01-30 18:42 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Skype
2014-09-02 21:39 - 2014-09-02 21:38 - 00031061 _____ () C:\Users\Dexi\Downloads\Addition.txt
2014-09-02 21:37 - 2014-09-02 21:36 - 01096704 _____ (Farbar) C:\Users\Dexi\Downloads\FRST.exe
2014-09-02 17:49 - 2014-09-02 17:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dexi\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-01 14:14 - 2012-08-07 10:02 - 00788036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 23:14 - 2014-03-26 17:17 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\.minecraft
2014-08-28 23:13 - 2014-05-20 20:18 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Ingato LTD
2014-08-28 23:12 - 2014-08-28 23:12 - 10969766 _____ (Ingato LTD) C:\Users\Dexi\Downloads\IngatoClient (1).exe
2014-08-26 19:10 - 2013-05-22 18:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-26 17:52 - 2012-09-08 10:21 - 00000000 ____D () C:\Users\Dexi\Documents\My Games
2014-08-26 17:36 - 2014-08-26 17:36 - 00000202 _____ () C:\Users\Dexi\Desktop\Strategic War in Europe.url
2014-08-26 16:39 - 2013-05-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 13:30 - 2014-08-25 13:30 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-25 12:22 - 2014-08-25 12:22 - 00000000 ____D () C:\Users\Dexi\AppData\Local\Skyrim
2014-08-24 18:27 - 2014-08-24 18:27 - 00000202 _____ () C:\Users\Dexi\Desktop\Dishonored.url
2014-08-24 18:27 - 2014-08-24 18:27 - 00000201 _____ () C:\Users\Dexi\Desktop\The Elder Scrolls V Skyrim.url
2014-08-24 02:09 - 2014-07-20 14:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:08 - 2012-08-28 22:46 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 23:48 - 2014-08-23 23:48 - 00000202 _____ () C:\Users\Dexi\Desktop\Age of Empires II HD Edition.url
2014-08-23 21:52 - 2014-08-23 21:52 - 00000200 _____ () C:\Users\Dexi\Desktop\Rome Total War.url
2014-08-20 23:11 - 2014-08-20 23:11 - 00000000 ____D () C:\Users\Dexi\Documents\KONAMI
2014-08-20 17:04 - 2014-08-20 17:04 - 00000202 _____ () C:\Users\Dexi\Desktop\Pro Evolution Soccer 2014.url
2014-08-19 13:05 - 2014-08-17 12:57 - 00000000 ____D () C:\New folder
2014-08-19 10:02 - 2014-08-19 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-19 10:02 - 2013-01-30 18:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-19 06:38 - 2014-08-19 06:38 - 00000199 _____ () C:\Users\Dexi\Desktop\Counter-Strike Global Offensive.url
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\www.facebook.com
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\VVV
2014-08-18 15:19 - 2014-08-18 15:19 - 00000000 _____ () C:\Users\Dexi\Tracert
2014-08-18 15:19 - 2012-08-07 09:58 - 00000000 ____D () C:\Users\Dexi
2014-08-18 13:45 - 2014-01-05 00:34 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\vlc
2014-08-18 13:33 - 2014-08-18 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-17 11:45 - 2014-08-17 11:57 - 00000121 ____H () C:\Users\Dexi\Desktop\instructions.bat
2014-08-17 11:32 - 2014-08-17 11:57 - 00000180 ____H () C:\Users\Dexi\Desktop\extra.bat
2014-08-15 16:48 - 2014-04-28 20:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\ArmA 2 OA
2014-08-15 16:40 - 2014-05-17 16:47 - 00000000 ____D () C:\Program Files\Common Files\BattlEye
2014-08-15 15:28 - 2013-10-12 11:52 - 00280792 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-08-15 15:28 - 2013-10-12 11:41 - 00139112 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-08-15 15:28 - 2012-10-26 19:48 - 00280792 _____ () C:\Windows\system32\PnkBstrB.exe
2014-08-15 15:25 - 2012-10-26 19:48 - 00281032 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-08-15 14:56 - 2014-08-15 14:56 - 00000000 __SHD () C:\found.000
2014-08-15 13:48 - 2014-08-15 13:48 - 00001170 _____ () C:\Users\Dexi\Desktop\TeamSpeak 3 Client.lnk
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-15 13:48 - 2014-08-15 13:48 - 00000000 ____D () C:\Users\Dexi\AppData\Local\TeamSpeak 3 Client
2014-08-15 13:47 - 2014-08-15 13:46 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dexi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-08-12 15:22 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-30 12:41
 
==================== End Of Log ============================

  • 0

#12
MARKOCARS
Posted 04 September 2014 - 09:45 AM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Dexi at 2014-09-04 17:43:16
Running from C:\Users\Dexi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Addon Sync 2009 (HKLM\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye for A2) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dishonored (HKLM\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gun Monkeys (HKLM\...\Steam App 239450) (Version:  - Size Five Games)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.61.0 - HTC)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kingsoft Antivirus 2012 (HKLM\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security)
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version:  - )
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NBA 2K13 (HKLM\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM\...\Steam App 255480) (Version:  - Visual Concepts)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NRadioBox (HKLM\...\{1AEAA6CC-98C2-4650-A217-EF5F92C3E602}) (Version: 1.0.0 - NRadioBox)
NVIDIA PhysX (HKLM\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pro Evolution Soccer 2014 (HKLM\...\Steam App 250870) (Version:  - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rome: Total War (HKLM\...\Steam App 4760) (Version:  - The Creative Assembly)
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version:  - Firaxis Games)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strategic War in Europe (HKLM\...\Steam App 283000) (Version:  - Wastelands Interactive)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Webcam (HKLM\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.6 - ETRON)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dexi\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Chrome\Application\35.0.1916.114\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1647691666-3661379803-2873215379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dexi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AEE0313-EA60-435B-A3B8-EFE45A8546AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {93044A85-57A7-4B55-9A02-79650BC07DE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {93B182CC-7D71-4AB2-B833-5DE244F10AE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {98F31D3A-FD1D-482F-87FF-39E1041458CA} - System32\Tasks\{C0E35F6D-39AC-4F89-AC03-8B16B67C04DE} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {C849BC21-DF47-414A-8CEE-6DA64959BCFF} - System32\Tasks\{F3A20422-C511-4DF2-8BBF-7BA265FE6E50} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {CEFF5A2B-3805-4FAB-BB23-6D4272C6ADA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {E76897EE-0A94-44D0-99F4-C94D4B62C03F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {FE7A5654-3C7A-4729-B71E-C78D369F0039} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000Core.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647691666-3661379803-2873215379-1000UA.job => C:\Users\Dexi\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-17 12:42 - 2013-05-17 12:42 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-05-17 12:42 - 2013-05-17 12:42 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-05-17 12:43 - 2013-05-17 12:43 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-05-17 12:47 - 2013-05-17 12:47 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-07-20 23:51 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-26 19:48 - 2014-04-24 12:23 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-05-17 12:43 - 2013-05-17 12:43 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-08-29 23:22 - 2014-08-21 20:15 - 01171456 _____ () E:\Steam\libavcodec-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00442368 _____ () E:\Steam\libavutil-54.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00332800 _____ () E:\Steam\libavresample-2.dll
2013-07-01 08:20 - 2014-08-21 00:38 - 00774656 _____ () E:\Steam\SDL2.dll
2014-05-23 16:19 - 2014-08-28 13:48 - 02224320 _____ () E:\Steam\video.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00403968 _____ () E:\Steam\libavformat-56.dll
2014-08-29 23:22 - 2014-08-21 20:15 - 00485888 _____ () E:\Steam\libswscale-3.dll
2013-07-09 17:56 - 2014-08-28 13:48 - 00678080 _____ () E:\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2014-08-21 00:38 - 34589376 _____ () E:\Steam\bin\libcef.dll
2013-12-31 22:38 - 2010-12-02 18:30 - 00188416 _____ () C:\Windows\system32\Etprop.ax
2014-09-04 15:43 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 15:43 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 15:43 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 15:43 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 15:43 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2014 05:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1400
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/01/2014 07:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2014 00:41:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/27/2014 09:22:20 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/27/2014 01:02:33 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/26/2014 03:09:01 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/25/2014 01:30:12 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (08/24/2014 07:53:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 08:28:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2014 02:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e68
 
Start Time: 01cfbe689b36b1ca
 
Termination Time: 4
 
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Report Id: ed7f71a7-2a5b-11e4-b787-001d92d82d25
 
 
System errors:
=============
Error: (09/03/2014 01:48:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/31/2014 02:28:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:25:21 on ‎31.‎8.‎2014 was unexpected.
 
Error: (08/31/2014 01:16:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:14:37 on ‎31.‎8.‎2014 was unexpected.
 
Error: (08/24/2014 10:28:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:12:27 on ‎24.‎8.‎2014 was unexpected.
 
Error: (08/24/2014 10:11:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:08:24 on ‎24.‎8.‎2014 was unexpected.
 
Error: (08/22/2014 05:28:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (08/22/2014 05:27:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (08/22/2014 05:26:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (08/21/2014 06:33:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:32:04 on ‎21.‎8.‎2014 was unexpected.
 
Error: (08/21/2014 05:37:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:36:19 on ‎21.‎8.‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (09/02/2014 05:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd140001cfc6c59dd99063C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dlldc2e582b-32b8-11e4-b99a-001d92d82d25
 
Error: (09/01/2014 07:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/30/2014 00:41:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/27/2014 09:22:20 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/27/2014 01:02:33 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/26/2014 03:09:01 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/25/2014 01:30:12 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dexi-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/24/2014 07:53:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/23/2014 08:28:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\HTC Sync Manager\HTC Sync\FDAgentForOutlook64.exe
 
Error: (08/23/2014 02:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.143e6801cfbe689b36b1ca4C:\Program Files\Google\Chrome\Application\chrome.exeed7f71a7-2a5b-11e4-b787-001d92d82d25
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 39%
Total physical RAM: 2047.37 MB
Available physical RAM: 1230.12 MB
Total Pagefile: 4094.73 MB
Available Pagefile: 2968.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:82.92 GB) (Free:61.86 GB) NTFS
Drive d: () (Fixed) (Total:107.53 GB) (Free:0.11 GB) NTFS
Drive e: () (Fixed) (Total:107.54 GB) (Free:4.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 963FF6FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=82.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.1 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#13
BrianDrab
Posted 04 September 2014 - 11:14 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Nice job! Thanks for being so responsive. Please follow the instructions below.

 

Step#1 - Chrome - Change your Search Provider Settings
 
1. Click the Chrome menu Settings.JPG on the browser toolbar.
2. Select Settings.
3. In the "Search" section, click Manage search engines.
SearchSection.JPG
 
4. Select which search engine you want to be the default and then click on the Make default button that appears. Note: If your preferred search engine is already in bold text and has the
    word (Default) after it then it is already set as the default and you can go to the next step without selecting anything.
SearchEngines.JPG
 
5. Hover the mouse over any other suspicious search engine entries (i.e. conduit) that are not familiar and click X to remove them as show below.
RemoveBadSearchEngines.JPG
 
6. Click the Done button when you are finished.

 

 

Step#2 - Chrome - Set your Home Page
 
1. Click the Chrome menu Settings.JPG on the browser toolbar.
2. Select Settings.
3. Under the Appearance section, check the "Show Home button" option and click the Change button as shown below.
Appearance.JPG
 
4. Then select the "Open this page" radio button and type in your preferred home page. This is the page that your browser will go to when you first open it up. Click OK when done.
HomePage.JPG
 
5. Scroll down to the Privacy section and click the Clear browsing data... button.
Privacy.JPG
 
6. Select "the beginning of time" from the drop-down box and ensure that the four options are checked shown below.
Cache.JPG
 
7. Click the Clear browsing data button.

 

 

Step#3 - Install and Run Malwarebytes
 

  • Download Malwarebytes to your desktop from here. Note: I know it's in your downloads folder but in case there is something wrong with it, please download again.
  • Double-click on the file that is downloaded to your desktop.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium" since we are going to uninstall when we are done.
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

Step#4 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Sometimes this can take 10 to 15 minutes to run so don't be alarmed if it does.

 

  

 

Items for your next Post

1. Malware Bytes log or any information you can provide if it doesn't work

2. Security Check log

 


  • 0

#14
MARKOCARS
Posted 04 September 2014 - 12:24 PM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Results of screen317's Security Check version 0.99.87  
 Windows 7  x86 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kingsoft Antivirus System Defense   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log``````````````````````

  • 0

#15
MARKOCARS
Posted 04 September 2014 - 12:27 PM

MARKOCARS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

By the way, just wanted to thank you for great help and fast response... So yeah i wish you all luck in succeeding in your training :)...


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP