Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My PC starting to lag [Solved]

Started by Gatt , Dec 07 2014 10:40 AM

  • This topic is locked This topic is locked

#1
Gatt
Posted 07 December 2014 - 10:40 AM

Gatt

    Member

  • Member
  • PipPip
  • 20 posts

Hello there,

Well my computer started to slow down/lag not sure why so i need to do a check-up please for my pc if possible please.

 

Here is the OTL Log.

 

 

 

OTL logfile created on: 12/7/2014 6:29:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fadod\Downloads
64bit- Enterprise Edition  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.14% Memory free
4.27 Gb Paging File | 2.48 Gb Available in Paging File | 58.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.31 Gb Total Space | 3.65 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 74.12 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
 
Computer Name: FADY | User Name: Fadod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fadod\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe (Skillbrains)
PRC - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (VsEtwService120) -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (Microsoft Corporation)
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (Origin Client Service) -- D:\Programs\Origin\OriginClientService.exe (Electronic Arts)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (AIPS) -- C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\Drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tapSF0901) -- C:\Windows\SysNative\Drivers\tapSF0901.sys (Spotflux, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\Drivers\mcvidrv.sys (Visicom Media Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.3) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\Drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\Drivers\mcaudrv_x64.sys (Visicom Media Inc.)
DRV:64bit: - (AU8168) -- C:\Windows\SysNative\Drivers\au630x64.sys (Realtek                                            )
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\Drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\Drivers\ASACPI.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\Drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\Drivers\amdkmafd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\Drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\Drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\Drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\Drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\Drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\Drivers\rsdrvx64.sys (EldoS Corporation)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetProfile = 94556222
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 94561153
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.eg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com...EG&dcc=EG&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ar-EG;q=0.5,ar;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 7D AD 09 39 5E CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=187.94.99.197:1080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: linkgopher%40oooninja.com:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DAP\daplinkchecker [2014/05/11 13:25:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/24 01:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fadod\AppData\Roaming\Mozilla\Extensions
[2014/01/24 01:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fadod\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2014/11/20 18:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\extensions
[2014/10/02 13:03:42 | 000,026,646 | ---- | M] () (No name found) -- C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\extensions\[email protected]
[2014/11/20 18:12:44 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/02 13:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/23 09:45:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.1.0.1_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\6.1.0_0\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/06/13 14:31:41 | 000,000,893 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ads.adk2.com
O1 - Hosts: 127.0.0.1 s.m2pub.com
O1 - Hosts: 127.0.0.1 www.w3.org
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - D:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Fadod\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programs\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [LightShot] C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04FC5572-248E-495D-9BF8-53E12CF7D1BC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B0CF3DB-6CF9-4DA3-9145-7ADF8F385CD1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3D1CBE-8213-4686-8876-2EAAB7CC559E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C792C2B-6003-4A4E-BEFC-9693831B1051}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9374268F-5B09-46C9-A79C-876BD0CBCBC9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0931231-BA64-41F9-B86A-1B4E293A365C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB84026E-E7BE-4699-AE2C-E3CC7F5E1236}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62002D3-FFFD-4CDF-A530-C6CA1F7F947B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2544B34-168D-46C1-B82E-93C5BA379E16}: DhcpNameServer = 62.240.110.198 62.240.110.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC42E50B-47EB-487A-96F2-B3AFBF4600D9}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93702667-f67d-11e3-bece-485b3976fdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{93702667-f67d-11e3-bece-485b3976fdd0}\Shell\AutoRun\command - "" = "F:\Windows/Install.exe" 
O33 - MountPoints2\{968a05f6-ebfb-11e3-beb6-485b3976fdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{968a05f6-ebfb-11e3-beb6-485b3976fdd0}\Shell\AutoRun\command - "" = "F:\Windows/Install.exe" 
O33 - MountPoints2\{cfab77f5-7758-11e3-be66-485b3976fdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{cfab77f5-7758-11e3-be66-485b3976fdd0}\Shell\AutoRun\command - "" = "H:\Windows/Install.exe" 
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\Windows/Install.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/07 18:13:31 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\AutoIt v3
[2014/12/07 14:19:22 | 000,000,000 | ---D | C] -- C:\Users\Fadod\Documents\7 Days To Die
[2014/12/06 22:16:49 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2014/12/06 22:16:49 | 000,000,000 | ---D | C] -- C:\Users\Fadod\Documents\Tunngle
[2014/12/06 22:16:49 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Roaming\Tunngle
[2014/12/05 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Spitefulv2
[2014/12/05 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Fadod\Documents\JoWooD
[2014/12/03 17:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014/12/03 07:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014/12/03 07:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2014/12/02 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Gameforge4d
[2014/12/02 17:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
[2014/12/02 02:17:11 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Akamai
[2014/11/27 22:57:44 | 000,000,000 | ---D | C] -- C:\Users\Fadod\Documents\My Games
[2014/11/26 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\Fadod\Documents\Clone2Go Video Converter Professional
[2014/11/26 18:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Clone2go
[2014/11/26 18:24:49 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Roaming\Clone2Go Video Converter Professional
[2014/11/26 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Roaming\DVDVideoSoft
[2014/11/22 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\PunkBuster
[2014/11/21 22:31:38 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\pinger.com
[2014/11/21 22:31:34 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Caphyon
[2014/11/21 22:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinger
[2014/11/21 22:31:23 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Roaming\Pinger Inc
[2014/11/09 19:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/11/09 19:35:59 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Roaming\Notepad++
[2014/11/09 19:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/11/09 13:11:23 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Macromedia
[2014/11/09 00:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxy Finder Enterprise
[2014/11/08 15:53:17 | 000,000,000 | ---D | C] -- C:\Users\Fadod\AppData\Local\Carter
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/07 18:25:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 18:13:37 | 001,182,208 | ---- | M] () -- C:\Users\Fadod\Desktop\Letmesca.exe
[2014/12/07 18:11:45 | 000,029,696 | ---- | M] () -- C:\Users\Fadod\Desktop\Server.exe
[2014/12/07 18:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/07 17:40:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/12/07 16:29:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3315983353-3425692480-1218410527-1001.job
[2014/12/07 15:09:32 | 000,002,198 | -H-- | M] () -- C:\Users\Fadod\Documents\Default.rdp
[2014/12/07 14:23:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 14:22:45 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 14:21:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/07 14:21:54 | 1716,346,880 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/07 10:27:19 | 000,297,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/02 17:37:35 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
[2014/12/01 00:07:28 | 000,000,040 | -H-- | M] () -- C:\78E63017C9FB
[2014/11/28 08:08:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/26 22:15:52 | 000,000,209 | ---- | M] () -- C:\Users\Fadod\Desktop\BioShock Infinite.url
[2014/11/26 21:29:18 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/26 18:13:54 | 000,013,411 | ---- | M] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel
[2014/11/26 17:57:58 | 000,006,823 | ---- | M] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.BMS1PX
[2014/11/22 16:52:25 | 000,001,101 | ---- | M] () -- C:\Users\Fadod\Desktop\Play COD4 MultiPlayer.lnk
[2014/11/21 22:31:32 | 000,000,947 | ---- | M] () -- C:\Users\Fadod\Desktop\Pinger.lnk
[2014/11/21 12:32:19 | 000,000,437 | ---- | M] () -- C:\Users\Fadod\AppData\Local\UserProducts.xml
[2014/11/14 16:35:26 | 002,433,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/14 16:35:26 | 000,821,268 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/11/14 16:35:26 | 000,761,344 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/14 16:35:26 | 000,470,256 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2014/11/14 16:35:26 | 000,166,716 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/11/14 16:35:26 | 000,149,956 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/14 16:35:26 | 000,082,000 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2014/11/12 17:39:31 | 000,001,760 | ---- | M] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.MGBIPX
[2014/11/12 17:39:25 | 000,001,248 | ---- | M] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.U4N5OX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/07 18:13:47 | 001,182,208 | ---- | C] () -- C:\Users\Fadod\Desktop\Letmesca.exe
[2014/12/07 18:11:44 | 000,029,696 | ---- | C] () -- C:\Users\Fadod\Desktop\Server.exe
[2014/12/02 17:37:35 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
[2014/12/01 00:07:28 | 000,000,040 | -H-- | C] () -- C:\78E63017C9FB
[2014/11/26 22:15:52 | 000,000,209 | ---- | C] () -- C:\Users\Fadod\Desktop\BioShock Infinite.url
[2014/11/26 18:13:54 | 000,013,411 | ---- | C] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel
[2014/11/26 17:57:58 | 000,006,823 | ---- | C] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.BMS1PX
[2014/11/22 16:52:25 | 000,001,101 | ---- | C] () -- C:\Users\Fadod\Desktop\Play COD4 MultiPlayer.lnk
[2014/11/21 22:31:32 | 000,000,947 | ---- | C] () -- C:\Users\Fadod\Desktop\Pinger.lnk
[2014/11/12 17:39:31 | 000,001,760 | ---- | C] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.MGBIPX
[2014/11/12 17:39:25 | 000,001,248 | ---- | C] () -- C:\Users\Fadod\AppData\Local\recently-used.xbel.U4N5OX
[2014/11/09 09:25:40 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/04 16:48:07 | 000,000,437 | ---- | C] () -- C:\Users\Fadod\AppData\Local\UserProducts.xml
[2014/08/19 17:23:13 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2014/08/19 17:23:13 | 000,001,938 | ---- | C] () -- C:\Windows\unins000.dat
[2014/06/15 23:07:04 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2014/05/18 22:18:04 | 000,045,400 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2014/05/16 17:54:51 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/05/13 17:02:30 | 003,916,288 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2014/05/13 17:01:48 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/05/13 17:01:12 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2014/05/13 17:00:58 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2014/05/13 17:00:58 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2014/05/13 17:00:56 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2014/05/13 17:00:56 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2014/05/13 17:00:56 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2014/05/13 17:00:54 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2014/05/13 17:00:52 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2014/05/11 12:46:10 | 000,000,093 | ---- | C] () -- C:\Users\Fadod\AppData\Local\fusioncache.dat
[2014/05/11 12:45:14 | 002,483,326 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/25 18:45:16 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\cwrlib32.dll
[2014/04/22 23:43:18 | 000,001,748 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2014/04/18 14:57:47 | 000,000,054 | ---- | C] () -- C:\Users\Fadod\AppData\Roaming\updater.cfg
[2014/04/18 04:22:56 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/04/18 04:22:56 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/04/08 17:29:48 | 000,238,736 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2014/01/07 07:00:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/12/17 04:19:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/12/17 04:15:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2013/12/17 04:15:32 | 000,000,236 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2013/12/17 04:15:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\bass_tak.dll
[2013/12/17 03:28:18 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2013/12/17 03:28:18 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2013/12/17 03:28:18 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2013/12/17 03:27:52 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2013/12/17 03:27:50 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2013/12/17 03:27:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2013/12/17 03:27:16 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2013/12/17 03:27:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2013/12/17 03:27:14 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2013/12/17 03:27:14 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2013/12/17 03:27:10 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2013/12/17 03:26:52 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2013/12/17 03:26:40 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2013/07/08 09:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/03/01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2014/05/02 12:59:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/26 05:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/26 05:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/21 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\.minecraft
[2014/07/23 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\.purple
[2014/04/25 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\addpcs
[2014/09/28 18:12:27 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Ashampoo
[2014/11/26 18:27:54 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Clone2Go Video Converter Professional
[2014/09/21 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Convivea
[2014/04/24 19:03:04 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Crypto Obfuscator For .Net v2012
[2014/10/18 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\DAEMON Tools Lite
[2014/09/28 17:32:36 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\DeepBurner Pro
[2014/11/26 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\DVDVideoSoft
[2014/05/24 05:19:59 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Easeware
[2014/09/26 18:51:42 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Free 3GP Video Convert Wizard
[2014/04/17 14:38:43 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Gyazo
[2014/08/13 19:05:45 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\HandBrake
[2014/06/10 03:34:21 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\iFunBox.NXGen
[2014/06/10 03:14:51 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\iFunbox_UserCache
[2014/10/26 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\ManyCam
[2014/10/12 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\MassTube
[2014/11/07 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Molura
[2014/09/28 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Mp3CompressorFreeEdition
[2014/08/15 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\MPC-HC
[2014/05/09 23:39:43 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\MultiForce
[2014/05/05 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\MultiForce Backup
[2014/09/05 19:16:21 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Mumble
[2014/09/26 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\New Version Available
[2014/11/09 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Notepad++
[2014/06/07 11:45:36 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\NuGet
[2014/06/11 16:34:20 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\OmniCoin
[2014/01/24 01:39:01 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\OpenVPN Technologies
[2014/11/30 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Origin
[2014/05/24 04:57:09 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\PC Drivers HeadQuarters
[2014/04/25 03:32:44 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\PE Explorer
[2014/06/16 07:26:33 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\PFStaticIP
[2014/11/21 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Pinger Inc
[2014/09/04 20:00:00 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\ProxySwitcher
[2014/04/18 11:59:22 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Publish Providers
[2014/04/18 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Red Giant Link
[2014/05/15 01:57:28 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Resource Tuner
[2014/05/27 23:05:35 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Screaming Bee
[2014/06/15 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Shark007
[2014/04/18 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Sony
[2014/05/11 13:25:57 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\SpeedBit
[2014/04/30 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\TeamViewer
[2014/04/24 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Thinstall
[2014/10/18 16:24:16 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\TS3Client
[2014/12/07 10:51:20 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Tunngle
[2014/12/07 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\uTorrent
[2014/10/02 23:27:16 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\Wireshark
[2014/05/13 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\Fadod\AppData\Roaming\WNR
[2014/11/20 03:34:24 | 000,000,000 | -HSD | M] -- C:\Users\Fadod\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:367BF129
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7578EF04
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:56E2E879
 
< End of report >

Edited by Gatt, 07 December 2014 - 10:41 AM.

  • 0

Advertisements

#2
Machiavelli
Posted 08 December 2014 - 12:04 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
Gatt
Posted 08 December 2014 - 09:25 AM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thank you for assisting me :) here is the logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Fadod (administrator) on FADY on 08-12-2014 17:21:57
Running from C:\Users\Fadod\Downloads
Loaded Profile: Fadod (Available profiles: Fadod)
Platform: Windows 8 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Skillbrains) C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Games\Warrock EU\WRUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [DAEMON Tools Lite] => D:\Programs\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [LightShot] => C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: H - "H:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {93702667-f67d-11e3-bece-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {968a05f6-ebfb-11e3-beb6-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {cfab77f5-7758-11e3-be66-485b3976fdd0} - "H:\Windows/Install.exe" 
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3315983353-3425692480-1218410527-1001] => socks=187.94.99.197:1080
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.eg/
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com...EG&dcc=EG&opt=0
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A7DAD09395ECF01
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ar-EG;q=0.5,ar;q=0.3
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> D:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FC42E50B-47EB-487A-96F2-B3AFBF4600D9}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Link Gopher - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\[email protected] [2014-10-02]
FF Extension: Adblock Plus - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Programs\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Programs\Fiddler2\FiddlerHook [2014-12-07]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-12]
CHR Extension: (Google Docs) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-05-11]
CHR Extension: (AdBlock) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-26]
CHR Extension: (FVD Downloader) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2014-05-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2012-07-26] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S4 MBAMScheduler; D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Origin Client Service; D:\Programs\Origin\OriginClientService.exe [1900400 2014-11-30] (Electronic Arts)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-24] (Realtek                                            )
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-04] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187B; \SystemRoot\system32\DRIVERS\RTL8187B.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 17:21 - 2014-12-08 17:23 - 00015707 _____ () C:\Users\Fadod\Downloads\FRST.txt
2014-12-08 17:21 - 2014-12-08 17:22 - 00000000 ____D () C:\FRST
2014-12-08 17:20 - 2014-12-08 17:20 - 02119680 _____ (Farbar) C:\Users\Fadod\Downloads\FRST64.exe
2014-12-08 17:00 - 2014-12-08 17:00 - 00001017 _____ () C:\Users\Fadod\Desktop\WRLauncher - Shortcut.lnk
2014-12-07 22:53 - 2014-12-07 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\Fiddler2
2014-12-07 22:26 - 2014-12-07 22:26 - 00000718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2014-12-07 18:13 - 2014-12-07 18:13 - 00000000 ____D () C:\Users\Fadod\AppData\Local\AutoIt v3
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8977873.txt
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8975954.txt
2014-12-07 14:19 - 2014-12-07 14:19 - 00000000 ____D () C:\Users\Fadod\Documents\7 Days To Die
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41761.txt
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41153.txt
2014-12-07 08:52 - 2014-12-07 08:52 - 00000146 _____ () C:\Windows\system32\netcfg-4340041.txt
2014-12-06 22:17 - 2014-12-06 22:17 - 00001170 _____ () C:\Windows\system32\netcfg-3039617.txt
2014-12-06 22:16 - 2014-12-07 10:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Tunngle
2014-12-06 22:16 - 2014-12-06 22:16 - 00000000 ____D () C:\Users\Fadod\Documents\Tunngle
2014-12-06 22:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-12-05 23:02 - 2014-12-05 23:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Spitefulv2
2014-12-05 20:25 - 2014-12-05 20:25 - 00000000 ____D () C:\Users\Fadod\Documents\JoWooD
2014-12-03 17:59 - 2014-12-03 17:59 - 00000000 ____D () C:\ProgramData\Nexon
2014-12-03 07:19 - 2014-12-08 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-12-03 07:14 - 2014-12-05 13:28 - 00000000 ____D () C:\ProgramData\NexonEU
2014-12-02 17:37 - 2014-12-02 17:37 - 00000761 _____ () C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2014-12-02 17:35 - 2014-12-02 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-02 17:35 - 2014-12-02 17:35 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Gameforge4d
2014-12-02 17:06 - 2014-12-05 13:43 - 00000035 _____ () C:\Users\Fadod\Desktop\New Text Document.txt
2014-12-01 17:18 - 2014-12-01 17:18 - 00000156 _____ () C:\Windows\system32\netcfg-3215508.txt
2014-12-01 00:07 - 2014-12-01 00:07 - 00000040 ____H () C:\78E63017C9FB
2014-11-27 22:57 - 2014-11-27 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\My Games
2014-11-27 22:56 - 2014-11-27 22:57 - 00017533 _____ () C:\Windows\DirectX.log
2014-11-26 22:15 - 2014-11-26 22:15 - 00000209 _____ () C:\Users\Fadod\Desktop\BioShock Infinite.url
2014-11-26 18:24 - 2014-11-26 18:27 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\Users\Fadod\Documents\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\ProgramData\Clone2go
2014-11-26 18:13 - 2014-11-26 18:13 - 00013411 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel
2014-11-26 17:57 - 2014-11-26 17:57 - 00006823 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.BMS1PX
2014-11-26 17:16 - 2014-11-26 17:57 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\DVDVideoSoft
2014-11-22 17:02 - 2014-11-22 17:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\PunkBuster
2014-11-22 16:52 - 2014-11-22 16:52 - 00001101 _____ () C:\Users\Fadod\Desktop\Play COD4 MultiPlayer.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000971 _____ () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000947 _____ () C:\Users\Fadod\Desktop\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Pinger Inc
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\pinger.com
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Caphyon
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Pinger
2014-11-12 17:39 - 2014-11-12 17:39 - 00001760 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.MGBIPX
2014-11-12 17:39 - 2014-11-12 17:39 - 00001248 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.U4N5OX
2014-11-09 19:36 - 2014-11-09 19:36 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-11-09 19:36 - 2014-11-09 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-11-09 19:35 - 2014-11-09 19:37 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Notepad++
2014-11-09 19:35 - 2014-11-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-11-09 13:11 - 2014-11-09 13:11 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Macromedia
2014-11-09 09:25 - 2014-12-08 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 09:25 - 2014-11-26 18:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-09 00:27 - 2014-11-09 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxy Finder Enterprise
2014-11-08 15:53 - 2014-11-08 15:53 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Carter
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 17:23 - 2014-01-09 06:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Skype
2014-12-08 17:17 - 2014-07-22 21:31 - 00002198 ____H () C:\Users\Fadod\Documents\Default.rdp
2014-12-08 17:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-08 16:43 - 2014-01-07 07:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3315983353-3425692480-1218410527-1001
2014-12-08 16:38 - 2014-04-17 13:55 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 16:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 02:25 - 2014-04-17 13:55 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 01:40 - 2014-11-04 16:48 - 00000398 _____ () C:\Windows\Tasks\update-sys.job
2014-12-08 01:20 - 2014-05-03 17:51 - 00000000 ____D () C:\ProgramData\Temp
2014-12-08 00:29 - 2014-11-04 16:48 - 00000398 _____ () C:\Windows\Tasks\update-S-1-5-21-3315983353-3425692480-1218410527-1001.job
2014-12-07 22:25 - 2014-10-18 19:26 - 00138601 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 18:55 - 2014-10-20 21:49 - 00296360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 18:53 - 2014-01-07 07:05 - 00000000 ____D () C:\Users\Fadod
2014-12-07 16:59 - 2014-01-18 20:36 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\uTorrent
2014-12-06 21:26 - 2014-10-26 21:06 - 00005014 _____ () C:\Windows\PFRO.log
2014-12-05 13:04 - 2014-10-24 12:34 - 00000721 _____ () C:\Windows\setupact.log
2014-12-03 19:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-30 16:32 - 2014-05-01 01:30 - 00000000 ____D () C:\ProgramData\Origin
2014-11-30 16:30 - 2014-05-01 03:10 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Origin
2014-11-28 08:08 - 2014-04-25 20:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 21:29 - 2014-04-17 14:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 16:46 - 2014-03-25 16:05 - 00000000 _RSHD () C:\Users\Fadod\AppData\Local\Start
2014-11-24 16:31 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 20:46 - 2012-07-26 10:14 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 18:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-23 09:45 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 00:58 - 2014-08-13 23:46 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Dxtory Software
2014-11-21 18:51 - 2014-05-02 12:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-21 17:24 - 2014-06-07 11:21 - 00000000 ____D () C:\Users\Fadod\Documents\Visual Studio 2013
2014-11-21 12:32 - 2014-11-04 16:48 - 00003246 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3315983353-3425692480-1218410527-1001
2014-11-21 12:32 - 2014-11-04 16:48 - 00000437 _____ () C:\Users\Fadod\AppData\Local\UserProducts.xml
2014-11-21 12:32 - 2014-11-04 16:48 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\wc
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\AppData\Roaming\wyUpdate AU
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Molura
2014-11-20 00:26 - 2014-04-17 14:17 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Xfire
2014-11-20 00:19 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\Xfire
2014-11-14 19:20 - 2014-04-17 13:55 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:20 - 2014-04-17 13:55 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 16:35 - 2014-04-24 18:09 - 00821268 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00470256 _____ () C:\Windows\system32\perfh001.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00166716 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00082000 _____ () C:\Windows\system32\perfc001.dat
2014-11-14 16:35 - 2012-07-26 09:28 - 02433440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 19:56 - 2014-04-30 16:01 - 00000000 ____D () C:\ProgramData\Skype
2014-11-09 09:26 - 2014-01-13 21:36 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Adobe
 
Some content of TEMP:
====================
C:\Users\Fadod\AppData\Local\Temp\9066824e9baf8ff23d5243520120485e.dll
C:\Users\Fadod\AppData\Local\Temp\NGMDll.dll
C:\Users\Fadod\AppData\Local\Temp\NGMResource.dll
C:\Users\Fadod\AppData\Local\Temp\NGMSetup.exe
C:\Users\Fadod\AppData\Local\Temp\tmpBEDB.exe
C:\Users\Fadod\AppData\Local\Temp\unicows.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 14:20
 
==================== End Of Log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Fadod at 2014-12-08 17:23:33
Running from C:\Users\Fadod\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\uTorrent) (Version: 3.4.2.31633 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Babel Obfuscator 4 (HKLM-x32\...\{17856158-5A86-4F9F-BC69-19129B2B3059}) (Version: 4.0.0 - Alberto Ferrazzoli)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.0 build 10 - Convivea Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.7 - Telerik)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.1.4.41 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.41 - Skillbrains)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.)
MassTube 12.8.3.295 (HKLM-x32\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.8.3.295 - Havy Alegria)
Media Player Codec Pack 4.3.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.1 - Media Player Codec Pack)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Pinger (HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Pinger 1.4.0.0) (Version: 1.4.0.0 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.0 - Pinger Inc.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StartIsBack (HKLM-x32\...\StartIsBack) (Version: 2.1.2 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{405C187C-504B-4F32-9434-1F6A0FF0F854}) (Version: 2.2.3.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 11.0 (64-bit) (HKLM\...\{43EBA222-8DF7-11E1-862B-F04DA23A5C58}) (Version: 11.0.683 - Sony)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
x64Components v2.0.5 (HKLM\...\Standard x64Components_is1) (Version: 2.0.5 - Shark007)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-11-2014 20:56:09 Installed DirectX
05-12-2014 11:01:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2014-06-13 14:31 - 00000893 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 ads.adk2.com
127.0.0.1 s.m2pub.com
127.0.0.1 www.w3.org
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {026E2F9D-4F7E-4C8C-AE5C-59295DC4DCAF} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {042750A1-5FA0-4ED3-ADEC-6B54D43ED221} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-5 No Task File <==== ATTENTION
Task: {102E30A3-7864-4BCE-8724-2823BFBC1083} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-1 No Task File <==== ATTENTION
Task: {262DCD4F-8120-412B-B231-3E245819CD4F} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {384DA905-42EA-403C-AF15-9FAE099532DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {43FC3979-61EE-4816-9180-0EE0544D1F65} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4 No Task File <==== ATTENTION
Task: {690A8E48-06F8-4F92-8C76-95C61A3C1B4C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {73ECA5B9-468B-40FF-8405-2CB04D6E0D87} - System32\Tasks\update-S-1-5-21-3315983353-3425692480-1218410527-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {7DB02F39-0E82-4F55-9553-DB4523A1FFDD} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-6 No Task File <==== ATTENTION
Task: {7DECF172-73AC-4EE2-987C-4C64A4A7D8A3} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-7 No Task File <==== ATTENTION
Task: {84EF1FAA-290E-4E6B-9ED1-12E0EF5C846E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {9EEE5373-86AC-4613-9F33-109E2E56A32F} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2 No Task File <==== ATTENTION
Task: {B14BE6A4-560F-4E68-801D-86692EB812E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {B1B6B0CE-5A21-424C-BADE-AEE70FCE1083} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {BDF80750-E7F3-4C18-91A5-9C54527503A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {BF9B7430-FC7A-4AB9-9164-77200DC6BD4F} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3315983353-3425692480-1218410527-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-12-08 16:59 - 2014-07-22 18:07 - 12360840 _____ () D:\Games\Warrock EU\WRUpdater.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-26 21:29 - 2014-11-25 08:39 - 01077064 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 21:29 - 2014-11-25 08:39 - 00211272 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 21:29 - 2014-11-25 08:39 - 09009480 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 21:29 - 2014-11-25 08:39 - 01677128 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-12-08 16:59 - 2014-07-04 18:16 - 00421888 _____ () D:\Games\Warrock EU\imgdecoder.dll
2014-11-26 21:29 - 2014-11-25 08:39 - 14910280 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\Temp:367BF129
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:7578EF04
AlternateDataStreams: C:\Users\Fadod\Application Data:NT
AlternateDataStreams: C:\Users\Fadod\Application Data:NT2
AlternateDataStreams: C:\Users\Fadod\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Fadod\AppData\Roaming:NT2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\Run: => "d1f8105376404fb4c0574fcd4e7dbe65"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\StartupFolder: => "6e1ce27bcc6ff5920e6f5b65cc3a57bd.exe"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\StartupFolder: => "Server.exe"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\StartupFolder: => "صورتي على السكايب.exe"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "xNeat Clipboard Manager"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "6e1ce27bcc6ff5920e6f5b65cc3a57bd"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "0de1410cc081f8a5030bcd75b514d506"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "d1f8105376404fb4c0574fcd4e7dbe65"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3315983353-3425692480-1218410527-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3315983353-3425692480-1218410527-1003 - Limited - Enabled)
Fadod (S-1-5-21-3315983353-3425692480-1218410527-1001 - Administrator - Enabled) => C:\Users\Fadod
Guest (S-1-5-21-3315983353-3425692480-1218410527-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 04:59:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WRUpdater.exe, version: 1.0.0.1, time stamp: 0x53ce2987
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000001
Faulting process id: 0xae8
Faulting application start time: 0xWRUpdater.exe0
Faulting application path: WRUpdater.exe1
Faulting module path: WRUpdater.exe2
Report Id: WRUpdater.exe3
Faulting package full name: WRUpdater.exe4
Faulting package-relative application ID: WRUpdater.exe5
 
Error: (12/08/2014 04:38:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 11:42:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7
Faulting module name: chrome.dll, version: 39.0.2171.71, time stamp: 0x547403b3
Exception code: 0xc0000005
Fault offset: 0x0000d455
Faulting process id: 0x10c4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/07/2014 06:55:24 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 05:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.21.85.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: aa0
 
Start Time: 01d0121e2403c60c
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: b8aa58f4-7e21-11e4-bf95-485b3976fdd0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/07/2014 04:34:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program 7DaysToDie.exe version 4.5.5.43793 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2bc
 
Start Time: 01d01226b1e00347
 
Termination Time: 644
 
Application Path: D:\Games\7 Days To Die\7 Days To Die\7DaysToDie.exe
 
Report Id: 19debb46-7e1e-11e4-bf95-485b3976fdd0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/07/2014 02:22:19 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 01:37:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (12/07/2014 01:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 2.50.25.37, time stamp: 0x546ba74e
Faulting module name: libcef.dll, version: 3.1916.1692.0, time stamp: 0x543d533d
Exception code: 0x80000003
Fault offset: 0x000a3680
Faulting process id: 0x130c
Faulting application start time: 0xsteamwebhelper.exe0
Faulting application path: steamwebhelper.exe1
Faulting module path: steamwebhelper.exe2
Report Id: steamwebhelper.exe3
Faulting package full name: steamwebhelper.exe4
Faulting package-relative application ID: steamwebhelper.exe5
 
Error: (12/07/2014 10:27:37 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (12/08/2014 04:38:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/07/2014 06:55:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/07/2014 02:22:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/07/2014 02:21:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:47:20 PM on ‎12/‎7/‎2014 was unexpected.
 
Error: (12/07/2014 10:27:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/07/2014 07:41:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/06/2014 10:19:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (12/06/2014 09:26:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/05/2014 00:17:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/03/2014 05:34:18 PM) (Source: DCOM) (EventID: 10010) (User: Fady)
Description: {787D01C9-AA41-4D81-90A6-4E44557CF902}
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2014 04:59:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WRUpdater.exe1.0.0.153ce2987unknown0.0.0.000000000c000000500000001ae801d012f789abcb29D:\Games\Warrock EU\WRUpdater.exeunknownd135451c-7eea-11e4-bf97-485b3976fdd0
 
Error: (12/08/2014 04:38:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 11:42:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b3c00000050000d45510c401d01264db941bbdC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dlleda72e7e-7e59-11e4-bf96-485b3976fdd0
 
Error: (12/07/2014 06:55:24 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 05:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.21.85.104aa001d0121e2403c60c60000C:\Program Files (x86)\Skype\Phone\Skype.exeb8aa58f4-7e21-11e4-bf95-485b3976fdd0
 
Error: (12/07/2014 04:34:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 7DaysToDie.exe4.5.5.437932bc01d01226b1e00347644D:\Games\7 Days To Die\7 Days To Die\7DaysToDie.exe19debb46-7e1e-11e4-bf95-485b3976fdd0
 
Error: (12/07/2014 02:22:19 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/07/2014 01:37:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (12/07/2014 01:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: steamwebhelper.exe2.50.25.37546ba74elibcef.dll3.1916.1692.0543d533d80000003000a3680130c01d0120aff218212D:\Programs\Steam\bin\steamwebhelper.exeD:\Programs\Steam\bin\libcef.dll5cbf3328-7e04-11e4-bf94-485b3976fdd0
 
Error: (12/07/2014 10:27:37 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-16 21:49:54.461
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\rtl8187B.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 68%
Total physical RAM: 2046.05 MB
Available physical RAM: 641.23 MB
Total Pagefile: 3838.05 MB
Available Pagefile: 2025.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.31 GB) (Free:4.06 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:69.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3E6E3E6E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
Machiavelli
Posted 08 December 2014 - 10:01 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
Gatt
Posted 10 December 2014 - 05:10 PM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
# AdwCleaner v4.105 - Report created 11/12/2014 at 00:59:04
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 8 Enterprise  (64 bits)
# Username : Fadod - FADY
# Running from : C:\Users\Fadod\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
Folder Deleted : C:\Users\Fadod\AppData\Roaming\PC Drivers HeadQuarters
Folder Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
File Deleted : C:\Windows\System32\drivers\rsdrvx64.sys
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : update-sys
Task Deleted : DriverEasy Scheduled Scan
Task Deleted : update-S-1-5-21-3315983353-3425692480-1218410527-1001
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16384
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[nplx9b8a.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Fadod\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nplx9b8a.default\\\\extensions\[...]
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R1].txt - [5333 octets] - [11/12/2014 00:47:01]
AdwCleaner[S1].txt - [5208 octets] - [11/12/2014 00:59:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5268 octets] ##########

  • 0

#6
Gatt
Posted 10 December 2014 - 11:27 PM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/11/2014
Scan Time: 1:18:14 AM
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.10.09
Rootkit Database: v2014.12.08.03
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Fadod
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 703041
Time Elapsed: 2 hr, 36 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
Trojan.Agent, C:\Sandbox\Fadod\DefaultBox\user\current\AppData\Local\Temp\msupd.exe, Quarantined, [f6d149174c30c373a83c7f3561a01fe1], 
PUP.Optional.Somoto, C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000, Quarantined, [c8ff7ce475073ef84e74035529dca759], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
Machiavelli
Posted 11 December 2014 - 10:39 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Step 3 & 4 are missing.
  • 0

#8
Gatt
Posted 11 December 2014 - 05:41 PM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 Enterprise x64
Ran by Fadod on Fri 12/12/2014 at  1:37:55.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Fadod\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Fadod\appdata\local\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/12/2014 at  1:40:47.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#9
Gatt
Posted 11 December 2014 - 05:44 PM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Fadod (administrator) on FADY on 12-12-2014 01:42:52
Running from C:\Users\Fadod\Downloads
Loaded Profile: Fadod (Available profiles: Fadod)
Platform: Windows 8 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Malwarebytes Corporation) D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Skillbrains) C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Fadod\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [DAEMON Tools Lite] => D:\Programs\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [LightShot] => C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: H - "H:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {93702667-f67d-11e3-bece-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {968a05f6-ebfb-11e3-beb6-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {cfab77f5-7758-11e3-be66-485b3976fdd0} - "H:\Windows/Install.exe" 
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3315983353-3425692480-1218410527-1001] => socks=187.94.99.197:1080
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.eg/
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com...EG&dcc=EG&opt=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> D:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FC42E50B-47EB-487A-96F2-B3AFBF4600D9}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Link Gopher - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\[email protected] [2014-10-02]
FF Extension: Adblock Plus - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Programs\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Programs\Fiddler2\FiddlerHook [2014-12-07]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-12]
CHR Extension: (Google Docs) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (AdBlock) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-26]
CHR Extension: (FVD Downloader) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2012-07-26] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; D:\Programs\Origin\OriginClientService.exe [1900400 2014-11-30] (Electronic Arts)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-24] (Realtek                                            )
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-04] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187B; \SystemRoot\system32\DRIVERS\RTL8187B.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 01:42 - 2014-12-12 01:42 - 02119680 _____ (Farbar) C:\Users\Fadod\Downloads\FRST64 (1).exe
2014-12-12 01:40 - 2014-12-12 01:40 - 00000781 _____ () C:\Users\Fadod\Desktop\JRT.txt
2014-12-12 01:37 - 2014-12-12 01:37 - 01707646 _____ (Thisisu) C:\Users\Fadod\Downloads\JRT.exe
2014-12-12 01:37 - 2014-12-12 01:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-11 00:46 - 2014-12-11 00:59 - 00000000 ____D () C:\AdwCleaner
2014-12-11 00:46 - 2014-12-11 00:46 - 02166272 _____ () C:\Users\Fadod\Downloads\AdwCleaner.exe
2014-12-11 00:46 - 2014-12-11 00:46 - 02166272 _____ () C:\Users\Fadod\Desktop\AdwCleaner.exe
2014-12-10 17:16 - 2014-12-10 17:16 - 00343455 _____ () C:\Users\Fadod\Downloads\filtered 17000 proxies Selected 10 dec.txt
2014-12-10 17:15 - 2014-12-10 17:15 - 00491732 _____ () C:\Users\Fadod\Downloads\Proxies All In One (SSL-L1L2L3) 23950 For 10.12.2014.txt
2014-12-10 17:13 - 2014-12-10 17:13 - 00429963 _____ () C:\Users\Fadod\Downloads\Proxy List VELOCI.txt
2014-12-10 17:12 - 2014-12-10 17:12 - 00024009 _____ () C:\Users\Fadod\Downloads\5731 SSL Proxy 10 Dec2014.rar
2014-12-10 17:10 - 2014-12-10 17:10 - 00041503 _____ () C:\Users\Fadod\Downloads\9.616   L1L2L3 Proxy 10 Dec 2014.rar
2014-12-10 17:09 - 2014-12-10 17:10 - 00057810 _____ () C:\Users\Fadod\Downloads\12-09-2014.zip
2014-12-10 17:09 - 2014-12-10 17:09 - 00056724 _____ () C:\Users\Fadod\Downloads\12-10-2014.zip
2014-12-09 17:15 - 2014-12-09 17:15 - 00019148 _____ () C:\Users\Fadod\Downloads\[kickass.so]best.collection.of.amateur.clips.and.homemade.video.torrent
2014-12-09 17:15 - 2014-12-09 17:15 - 00012888 _____ () C:\Users\Fadod\Downloads\[kickassunblock.eu]collection.10.real.homemade.amateur.sex.videos.torrent
2014-12-09 17:11 - 2014-12-09 17:11 - 00023517 _____ () C:\Users\Fadod\Downloads\90BA7B423B8372CDC86CEA1E0D8590E2345F6181.torrent
2014-12-09 17:11 - 2014-12-09 17:11 - 00019103 _____ () C:\Users\Fadod\Downloads\731403B4BBE3D3C115AB7EE548A4ECB99B2FC27E.torrent
2014-12-09 17:11 - 2014-12-09 17:11 - 00018586 _____ () C:\Users\Fadod\Downloads\33075F6CCFCA34FF1D991989FB01B3D57224A89D.torrent
2014-12-09 16:24 - 2014-12-09 16:24 - 00183042 _____ () C:\Users\Fadod\Downloads\SnapShots.rar
2014-12-08 17:23 - 2014-12-08 17:24 - 00038770 _____ () C:\Users\Fadod\Downloads\Addition.txt
2014-12-08 17:21 - 2014-12-12 01:42 - 00015170 _____ () C:\Users\Fadod\Downloads\FRST.txt
2014-12-08 17:21 - 2014-12-12 01:42 - 00000000 ____D () C:\FRST
2014-12-08 17:20 - 2014-12-08 17:20 - 02119680 _____ (Farbar) C:\Users\Fadod\Downloads\FRST64.exe
2014-12-07 22:53 - 2014-12-07 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\Fiddler2
2014-12-07 22:26 - 2014-12-07 22:26 - 00000718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2014-12-07 18:13 - 2014-12-07 18:13 - 00000000 ____D () C:\Users\Fadod\AppData\Local\AutoIt v3
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8977873.txt
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8975954.txt
2014-12-07 14:19 - 2014-12-07 14:19 - 00000000 ____D () C:\Users\Fadod\Documents\7 Days To Die
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41761.txt
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41153.txt
2014-12-07 08:52 - 2014-12-07 08:52 - 00000146 _____ () C:\Windows\system32\netcfg-4340041.txt
2014-12-06 22:17 - 2014-12-06 22:17 - 00001170 _____ () C:\Windows\system32\netcfg-3039617.txt
2014-12-06 22:16 - 2014-12-07 10:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Tunngle
2014-12-06 22:16 - 2014-12-06 22:16 - 00000000 ____D () C:\Users\Fadod\Documents\Tunngle
2014-12-06 22:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-12-05 23:02 - 2014-12-05 23:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Spitefulv2
2014-12-05 20:25 - 2014-12-05 20:25 - 00000000 ____D () C:\Users\Fadod\Documents\JoWooD
2014-12-03 17:59 - 2014-12-03 17:59 - 00000000 ____D () C:\ProgramData\Nexon
2014-12-03 07:19 - 2014-12-08 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-12-03 07:14 - 2014-12-05 13:28 - 00000000 ____D () C:\ProgramData\NexonEU
2014-12-02 17:37 - 2014-12-02 17:37 - 00000761 _____ () C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2014-12-02 17:35 - 2014-12-02 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-02 17:35 - 2014-12-02 17:35 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Gameforge4d
2014-12-02 17:06 - 2014-12-05 13:43 - 00000035 _____ () C:\Users\Fadod\Desktop\New Text Document.txt
2014-12-01 17:18 - 2014-12-01 17:18 - 00000156 _____ () C:\Windows\system32\netcfg-3215508.txt
2014-12-01 00:07 - 2014-12-01 00:07 - 00000040 ____H () C:\78E63017C9FB
2014-11-27 22:57 - 2014-11-27 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\My Games
2014-11-27 22:56 - 2014-11-27 22:57 - 00017533 _____ () C:\Windows\DirectX.log
2014-11-26 22:15 - 2014-11-26 22:15 - 00000209 _____ () C:\Users\Fadod\Desktop\BioShock Infinite.url
2014-11-26 18:24 - 2014-11-26 18:27 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\Users\Fadod\Documents\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\ProgramData\Clone2go
2014-11-26 18:13 - 2014-11-26 18:13 - 00013411 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel
2014-11-26 17:57 - 2014-11-26 17:57 - 00006823 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.BMS1PX
2014-11-26 17:16 - 2014-11-26 17:57 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\DVDVideoSoft
2014-11-22 17:02 - 2014-11-22 17:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\PunkBuster
2014-11-22 16:52 - 2014-11-22 16:52 - 00001101 _____ () C:\Users\Fadod\Desktop\Play COD4 MultiPlayer.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000971 _____ () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000947 _____ () C:\Users\Fadod\Desktop\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Pinger Inc
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\pinger.com
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Caphyon
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Pinger
2014-11-12 17:39 - 2014-11-12 17:39 - 00001760 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.MGBIPX
2014-11-12 17:39 - 2014-11-12 17:39 - 00001248 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.U4N5OX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 01:35 - 2014-04-17 13:55 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 01:29 - 2014-10-26 21:06 - 00006382 _____ () C:\Windows\PFRO.log
2014-12-12 01:29 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 07:25 - 2014-04-25 20:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 07:25 - 2014-04-17 13:55 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 07:06 - 2014-11-09 09:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 06:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-11 00:59 - 2014-01-09 06:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Skype
2014-12-11 00:59 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-11 00:45 - 2014-07-22 21:31 - 00002198 ____H () C:\Users\Fadod\Documents\Default.rdp
2014-12-10 22:37 - 2014-10-18 19:26 - 00147958 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 03:20 - 2014-01-18 20:36 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\uTorrent
2014-12-09 20:06 - 2014-11-09 09:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 18:06 - 2014-01-07 07:11 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3315983353-3425692480-1218410527-1001
2014-12-08 01:20 - 2014-05-03 17:51 - 00000000 ____D () C:\ProgramData\Temp
2014-12-07 18:55 - 2014-10-20 21:49 - 00296360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 18:53 - 2014-01-07 07:05 - 00000000 ____D () C:\Users\Fadod
2014-12-05 13:04 - 2014-10-24 12:34 - 00000721 _____ () C:\Windows\setupact.log
2014-11-30 16:32 - 2014-05-01 01:30 - 00000000 ____D () C:\ProgramData\Origin
2014-11-30 16:30 - 2014-05-01 03:10 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Origin
2014-11-26 21:29 - 2014-04-17 14:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 16:46 - 2014-03-25 16:05 - 00000000 _RSHD () C:\Users\Fadod\AppData\Local\Start
2014-11-24 16:31 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 20:46 - 2012-07-26 10:14 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 18:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-23 09:45 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 00:58 - 2014-08-13 23:46 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Dxtory Software
2014-11-21 18:51 - 2014-05-02 12:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-21 17:24 - 2014-06-07 11:21 - 00000000 ____D () C:\Users\Fadod\Documents\Visual Studio 2013
2014-11-21 12:32 - 2014-11-04 16:48 - 00000437 _____ () C:\Users\Fadod\AppData\Local\UserProducts.xml
2014-11-21 12:32 - 2014-11-04 16:48 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-11-21 06:14 - 2014-06-15 19:38 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-06-15 19:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-06-15 19:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\wc
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\AppData\Roaming\wyUpdate AU
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Molura
2014-11-20 00:26 - 2014-04-17 14:17 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Xfire
2014-11-20 00:19 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\Xfire
2014-11-14 19:20 - 2014-04-17 13:55 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:20 - 2014-04-17 13:55 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 16:35 - 2014-04-24 18:09 - 00821268 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00470256 _____ () C:\Windows\system32\perfh001.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00166716 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00082000 _____ () C:\Windows\system32\perfc001.dat
2014-11-14 16:35 - 2012-07-26 09:28 - 02433440 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\Fadod\AppData\Local\Temp\9066824e9baf8ff23d5243520120485e.dll
C:\Users\Fadod\AppData\Local\Temp\NGMDll.dll
C:\Users\Fadod\AppData\Local\Temp\NGMResource.dll
C:\Users\Fadod\AppData\Local\Temp\NGMSetup.exe
C:\Users\Fadod\AppData\Local\Temp\Quarantine.exe
C:\Users\Fadod\AppData\Local\Temp\sqlite3.dll
C:\Users\Fadod\AppData\Local\Temp\tmpBEDB.exe
C:\Users\Fadod\AppData\Local\Temp\unicows.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 14:20
 
==================== End Of Log ============================

  • 0

#10
Machiavelli
Posted 12 December 2014 - 07:23 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


  • 0

Advertisements

#11
Gatt
Posted 12 December 2014 - 09:39 AM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Fadod at 2014-12-12 17:29:44 Run:1
Running from C:\Users\Fadod\Desktop\New folder
Loaded Profile: Fadod (Available profiles: Fadod)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: H - "H:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {93702667-f67d-11e3-bece-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {968a05f6-ebfb-11e3-beb6-485b3976fdd0} - "F:\Windows/Install.exe" 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: {cfab77f5-7758-11e3-be66-485b3976fdd0} - "H:\Windows/Install.exe" 
ProxyServer: [S-1-5-21-3315983353-3425692480-1218410527-1001] => socks=187.94.99.197:1080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
EmptyTemp:
*****************
 
"HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3315983353-3425692480-1218410527-1001" => Key not found.
"HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93702667-f67d-11e3-bece-485b3976fdd0}" => Key deleted successfully.
"HKCR\CLSID\{93702667-f67d-11e3-bece-485b3976fdd0}" => Key not found.
"HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{968a05f6-ebfb-11e3-beb6-485b3976fdd0}" => Key deleted successfully.
"HKCR\CLSID\{968a05f6-ebfb-11e3-beb6-485b3976fdd0}" => Key not found.
"HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfab77f5-7758-11e3-be66-485b3976fdd0}" => Key deleted successfully.
"HKCR\CLSID\{cfab77f5-7758-11e3-be66-485b3976fdd0}" => Key not found.
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 904.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#12
Gatt
Posted 12 December 2014 - 09:42 AM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Fadod (administrator) on FADY on 12-12-2014 17:40:45
Running from C:\Users\Fadod\Desktop\New folder
Loaded Profile: Fadod (Available profiles: Fadod)
Platform: Windows 8 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Malwarebytes Corporation) D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Skillbrains) C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [DAEMON Tools Lite] => D:\Programs\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\Run: [LightShot] => C:\Users\Fadod\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\...\MountPoints2: H - "H:\Windows/Install.exe" 
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.eg/
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com...EG&dcc=EG&opt=0
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A7DAD09395ECF01
HKU\S-1-5-21-3315983353-3425692480-1218410527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ar-EG;q=0.5,ar;q=0.3
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> D:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{04FC5572-248E-495D-9BF8-53E12CF7D1BC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{FC42E50B-47EB-487A-96F2-B3AFBF4600D9}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Link Gopher - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\[email protected] [2014-10-02]
FF Extension: Adblock Plus - C:\Users\Fadod\AppData\Roaming\Mozilla\Firefox\Profiles\nplx9b8a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Programs\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Programs\Fiddler2\FiddlerHook [2014-12-07]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-12]
CHR Extension: (Google Docs) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (AdBlock) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-26]
CHR Extension: (FVD Downloader) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\Fadod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2012-07-26] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; D:\Programs\Origin\OriginClientService.exe [1900400 2014-11-30] (Electronic Arts)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-24] (Realtek                                            )
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-04] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187B; \SystemRoot\system32\DRIVERS\RTL8187B.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 17:29 - 2014-12-12 17:29 - 00000964 _____ () C:\Users\Fadod\Downloads\fixlist.txt
2014-12-12 17:28 - 2014-12-12 17:40 - 00000000 ____D () C:\FRST
2014-12-12 17:24 - 2014-12-12 17:40 - 00000000 ____D () C:\Users\Fadod\Desktop\New folder
2014-12-12 13:32 - 2014-12-12 13:32 - 00001095 _____ () C:\Windows\system32\netcfg-2422399.txt
2014-12-12 01:37 - 2014-12-12 01:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-07 22:53 - 2014-12-07 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\Fiddler2
2014-12-07 22:26 - 2014-12-07 22:26 - 00000718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2014-12-07 18:13 - 2014-12-07 18:13 - 00000000 ____D () C:\Users\Fadod\AppData\Local\AutoIt v3
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8977873.txt
2014-12-07 16:51 - 2014-12-07 16:51 - 00000146 _____ () C:\Windows\system32\netcfg-8975954.txt
2014-12-07 14:19 - 2014-12-07 14:19 - 00000000 ____D () C:\Users\Fadod\Documents\7 Days To Die
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41761.txt
2014-12-07 10:27 - 2014-12-07 10:27 - 00001086 _____ () C:\Windows\system32\netcfg-41153.txt
2014-12-07 08:52 - 2014-12-07 08:52 - 00000146 _____ () C:\Windows\system32\netcfg-4340041.txt
2014-12-06 22:17 - 2014-12-06 22:17 - 00001170 _____ () C:\Windows\system32\netcfg-3039617.txt
2014-12-06 22:16 - 2014-12-07 10:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Tunngle
2014-12-06 22:16 - 2014-12-06 22:16 - 00000000 ____D () C:\Users\Fadod\Documents\Tunngle
2014-12-06 22:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-12-05 23:02 - 2014-12-05 23:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Spitefulv2
2014-12-05 20:25 - 2014-12-05 20:25 - 00000000 ____D () C:\Users\Fadod\Documents\JoWooD
2014-12-03 17:59 - 2014-12-03 17:59 - 00000000 ____D () C:\ProgramData\Nexon
2014-12-03 07:19 - 2014-12-08 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-12-03 07:14 - 2014-12-05 13:28 - 00000000 ____D () C:\ProgramData\NexonEU
2014-12-02 17:37 - 2014-12-02 17:37 - 00000761 _____ () C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2014-12-02 17:35 - 2014-12-02 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-02 17:35 - 2014-12-02 17:35 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Gameforge4d
2014-12-02 17:06 - 2014-12-05 13:43 - 00000035 _____ () C:\Users\Fadod\Desktop\New Text Document.txt
2014-12-01 17:18 - 2014-12-01 17:18 - 00000156 _____ () C:\Windows\system32\netcfg-3215508.txt
2014-12-01 00:07 - 2014-12-01 00:07 - 00000040 ____H () C:\78E63017C9FB
2014-11-27 22:57 - 2014-11-27 22:57 - 00000000 ____D () C:\Users\Fadod\Documents\My Games
2014-11-27 22:56 - 2014-11-27 22:57 - 00017533 _____ () C:\Windows\DirectX.log
2014-11-26 22:15 - 2014-11-26 22:15 - 00000209 _____ () C:\Users\Fadod\Desktop\BioShock Infinite.url
2014-11-26 18:24 - 2014-11-26 18:27 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\Users\Fadod\Documents\Clone2Go Video Converter Professional
2014-11-26 18:24 - 2014-11-26 18:24 - 00000000 ____D () C:\ProgramData\Clone2go
2014-11-26 18:13 - 2014-11-26 18:13 - 00013411 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel
2014-11-26 17:57 - 2014-11-26 17:57 - 00006823 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.BMS1PX
2014-11-26 17:16 - 2014-11-26 17:57 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\DVDVideoSoft
2014-11-22 17:02 - 2014-11-22 17:02 - 00000000 ____D () C:\Users\Fadod\AppData\Local\PunkBuster
2014-11-22 16:52 - 2014-11-22 16:52 - 00001101 _____ () C:\Users\Fadod\Desktop\Play COD4 MultiPlayer.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000971 _____ () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000947 _____ () C:\Users\Fadod\Desktop\Pinger.lnk
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Pinger Inc
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\pinger.com
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Caphyon
2014-11-21 22:31 - 2014-11-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Pinger
2014-11-12 17:39 - 2014-11-12 17:39 - 00001760 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.MGBIPX
2014-11-12 17:39 - 2014-11-12 17:39 - 00001248 _____ () C:\Users\Fadod\AppData\Local\recently-used.xbel.U4N5OX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 17:33 - 2014-04-17 13:55 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 17:32 - 2014-10-26 21:06 - 00007130 _____ () C:\Windows\PFRO.log
2014-12-12 17:32 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 17:25 - 2014-04-17 13:55 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-12 17:23 - 2014-04-25 20:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 14:08 - 2014-07-22 21:31 - 00002198 ____H () C:\Users\Fadod\Documents\Default.rdp
2014-12-12 14:06 - 2014-11-09 09:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-12 14:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-12 13:57 - 2014-01-09 06:51 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Skype
2014-12-11 00:59 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-10 22:37 - 2014-10-18 19:26 - 00147958 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 03:20 - 2014-01-18 20:36 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\uTorrent
2014-12-09 20:06 - 2014-11-09 09:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 18:06 - 2014-01-07 07:11 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3315983353-3425692480-1218410527-1001
2014-12-08 01:20 - 2014-05-03 17:51 - 00000000 ____D () C:\ProgramData\Temp
2014-12-07 18:55 - 2014-10-20 21:49 - 00296360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 18:53 - 2014-01-07 07:05 - 00000000 ____D () C:\Users\Fadod
2014-12-05 13:04 - 2014-10-24 12:34 - 00000721 _____ () C:\Windows\setupact.log
2014-11-30 16:32 - 2014-05-01 01:30 - 00000000 ____D () C:\ProgramData\Origin
2014-11-30 16:30 - 2014-05-01 03:10 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Origin
2014-11-26 21:29 - 2014-04-17 14:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 16:46 - 2014-03-25 16:05 - 00000000 _RSHD () C:\Users\Fadod\AppData\Local\Start
2014-11-24 16:31 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 20:46 - 2012-07-26 10:14 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 18:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-23 09:45 - 2014-10-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 00:58 - 2014-08-13 23:46 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Dxtory Software
2014-11-21 18:51 - 2014-05-02 12:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-21 17:24 - 2014-06-07 11:21 - 00000000 ____D () C:\Users\Fadod\Documents\Visual Studio 2013
2014-11-21 12:32 - 2014-11-04 16:48 - 00000437 _____ () C:\Users\Fadod\AppData\Local\UserProducts.xml
2014-11-21 12:32 - 2014-11-04 16:48 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-11-21 06:14 - 2014-06-15 19:38 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-06-15 19:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-06-15 19:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\wc
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 __SHD () C:\Users\Fadod\AppData\Roaming\wyUpdate AU
2014-11-20 03:34 - 2014-11-07 12:27 - 00000000 ____D () C:\Users\Fadod\AppData\Local\Molura
2014-11-20 00:26 - 2014-04-17 14:17 - 00000000 ____D () C:\Users\Fadod\AppData\Roaming\Xfire
2014-11-20 00:19 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\Xfire
2014-11-14 19:20 - 2014-04-17 13:55 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:20 - 2014-04-17 13:55 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 16:35 - 2014-04-24 18:09 - 00821268 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00470256 _____ () C:\Windows\system32\perfh001.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00166716 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 16:35 - 2014-04-24 18:09 - 00082000 _____ () C:\Windows\system32\perfc001.dat
2014-11-14 16:35 - 2012-07-26 09:28 - 02433440 _____ () C:\Windows\system32\PerfStringBackup.INI
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 14:20
 
==================== End Of Log ============================

  • 0

#13
Machiavelli
Posted 12 December 2014 - 11:21 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Step 3 & 4 are missing.


  • 0

#14
Gatt
Posted 12 December 2014 - 11:34 AM

Gatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

D:\Programs\AddonSetup.exe a variant of MSIL/Packed.NetSeal.A potentially unwanted application deleted - quarantined

 

 

Well the PC is running without any problems i think now thank you for helping me :) 


  • 0

#15
Machiavelli
Posted 12 December 2014 - 11:45 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP