Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not run certain software on my computer. [Closed]

Started by erik9631 , May 24 2015 03:42 AM

This topic is locked

#1
erik9631

Posted 24 May 2015 - 03:42 AM

Member

Member
10 posts

Hello. Recently I got badly infected with Hijackers Crossrunners and a lot of adware. I used AdwareRemove, Malwarebytes, Eset nod 32 8 and finally HItmanPro to remove these files.

After numerous restarts and fixes I assume the files were removed because the programs are no longer picking up suspicious files however one issue still persists.

Durring the scans I noticed that I could not open CCleaner and AdwareRemove. I kept clicking on the icon and nothing happened. However RENAMING the files to something like fred, john... or something suddenly launched them and made them work. After all the scans this issue still persists
It makes me believe there is still something in my computer that is scanning for keywords in file names and forbidding them to launch or something.

I would greatly appreciate any support because this issue is driving me crazy.
Thank you for your time.
Respectfully Erik.

Also before you tell me to download certain programs and save the logs, I would appreciate if you told me where I can find these logs. Thank you.

UPDATE:
AdwRemove installation can be launched now without renaming but the CCleaner issue still persists.
Also when doing scans with hitmanPro I noticed that random cookies like xiti.com or yadro.ru are found despite never visiting these sites.
Could this be related to Utorrent running in the background?

Thank you.

UPDATE2:

After browsing the web I noticed that a lot of people had similar issue with CCleaner not opening and changing the name fixed it for them as well. It makes me believe that it might be an issue with CCleaner itself rather than a virus, but I am not so sure after all these infections.

I would still like to hear your opinion on this.

Edited by erik9631, 24 May 2015 - 04:05 AM.

#2
emeraldnzl

Posted 25 May 2015 - 02:51 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello erik9631,

Sorry for the delay.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#3
erik9631

Posted 27 May 2015 - 02:35 PM

Member

Topic Starter
Member
10 posts

Had issues opening the software. Had to rename it.

#####

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Erik at 2015-05-27 22:34:11
Running from D:\Erik\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3802499866-1786034092-504280767-500 - Administrator - Disabled)
Erik (S-1-5-21-3802499866-1786034092-504280767-1000 - Administrator - Enabled) => C:\Users\Erik
Guest (S-1-5-21-3802499866-1786034092-504280767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3802499866-1786034092-504280767-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
60 Seconds! (HKLM-x32\...\NjBTZWNvbmRz_is1) (Version: 1 - )
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Aurora 3D Text & Logo Maker version 12.09.26 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.09.26 - Aurora3D Software)
AutoHotkey 1.1.22.00 (HKLM\...\AutoHotkey) (Version: 1.1.22.00 - Lexikos)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.05.0002 - Bloody)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Car Mechanic Simulator 2015 (HKLM-x32\...\Car Mechanic Simulator 2015_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CertificationKits IP Subnet Calculator (HKLM-x32\...\{838689FE-AB35-49CC-A099-C00088C6E393}) (Version: 1.0.3 - CertificationKits)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version: - Cisco Systems, Inc.)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: - )
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
CodeBlocks (HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.1.0.0 - Ubisoft)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{D6885DDE-4632-4640-A3BB-13C9F02CE81C}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Far Cry 4 - Gold Edition version Far Cry 4 - Gold Edition (HKLM-x32\...\Far Cry 4 - Gold Edition_is1) (Version: Far Cry 4 - Gold Edition - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)
GameMaker-Studio (HKLM-x32\...\{6628277A-F051-4647-96D7-E829FD86C7B9}) (Version: 1.2.1130 - YoYo Games Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV v1.0 / RePack by Baracuda (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}_is1) (Version: - )
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Mercenaries 2: World in Flames™ (HKLM-x32\...\{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}) (Version: 2.0.1.0 - Electronic Arts)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 cs)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Ovladač 3D Vision 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 352.86 (Version: 352.86 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.9 - Portforward, LLC)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpinTires (04.02.15) (HKLM-x32\...\SpinTires (04.02.15)04.02.15) (Version: 04.02.15 - Friends in War)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.27d - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.02 - Релиз от R.G. Steamgames)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Ultimate Tic-Tac-Toe (HKLM-x32\...\Steam App 360870) (Version: - Tigerish Games)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplink (remove only) (HKLM-x32\...\Uplink) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3802499866-1786034092-504280767-1000_Classes\CLSID\{993C8B61-2DB8-29E2-B13C-C0FAB3C92553}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

24-05-2015 11:09:48 Bod obnovy HitmanPro
24-05-2015 11:10:24 Bod obnovy HitmanPro
26-05-2015 15:17:57 Nainstalováno: MSVCRT Redists
26-05-2015 15:18:45 Installed Vegas Pro 13.0 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D743276-4C2A-4524-AF83-A3C8751BB4E0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {12B005B3-8041-44DC-AC57-4C84E806F3BD} - \SPBIW_UpdateTask_Time_333536353230333734302d2d55506c2a5a55576c412334 No Task File <==== ATTENTION
Task: {151E506E-C241-47F5-A90A-B6D1065CA6F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {291C65BF-42FF-4C8C-BE43-8340C43EC154} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-23] (Google Inc.)
Task: {4E03143B-519B-4BE5-B48F-F8CDD3D13C85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {66536B2D-A294-4EBC-BE81-1769014324E9} - System32\Tasks\IEEQFX => C:\Users\Erik\AppData\Roaming\IEEQFX.exe <==== ATTENTION
Task: {6D67298B-77C4-48C9-AE74-AAB1895AB434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-23] (Google Inc.)
Task: {6E5E7A49-1D9E-4B70-9103-6205BDCD8637} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-18] ()
Task: {7595DD9E-CB2C-41D9-B9FB-D2EF1515199F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\crap.exe [2015-04-23] (Piriform Ltd)
Task: {DB7BBE2B-7057-47C6-A402-0144225D7ED0} - System32\Tasks\LPSQD => C:\Users\Erik\AppData\Roaming\LPSQD.exe <==== ATTENTION
Task: {E4A6B2C2-4189-4920-A3DE-75E3E798C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IEEQFX.job => C:\Users\Erik\AppData\Roaming\IEEQFX.exe <==== ATTENTION
Task: C:\Windows\Tasks\LPSQD.job => C:\Users\Erik\AppData\Roaming\LPSQD.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-02-18 13:05 - 2015-05-12 05:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-10 20:31 - 2013-07-10 20:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Erik\Programy\Installed\Notepad++\NppShell_06.dll
2015-02-18 13:24 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-02-18 12:54 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-02-18 12:54 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-02-18 13:24 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-02-18 13:28 - 2015-04-16 19:40 - 00776192 _____ () D:\Erik\Hry\Steam\SDL2.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 04962816 _____ () D:\Erik\Hry\Steam\v8.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 01556992 _____ () D:\Erik\Hry\Steam\icui18n.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 01187840 _____ () D:\Erik\Hry\Steam\icuuc.dll
2015-02-18 13:28 - 2015-05-15 03:58 - 02396352 _____ () D:\Erik\Hry\Steam\video.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 02396672 _____ () D:\Erik\Hry\Steam\libavcodec-56.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00442880 _____ () D:\Erik\Hry\Steam\libavutil-54.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00479744 _____ () D:\Erik\Hry\Steam\libavformat-56.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00332800 _____ () D:\Erik\Hry\Steam\libavresample-2.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00485888 _____ () D:\Erik\Hry\Steam\libswscale-3.dll
2015-02-18 13:28 - 2015-05-15 03:57 - 00703168 _____ () D:\Erik\Hry\Steam\bin\chromehtml.DLL
2013-07-10 20:31 - 2013-07-10 20:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-18 13:28 - 2015-05-11 21:01 - 36302728 _____ () D:\Erik\Hry\Steam\bin\libcef.dll
2015-05-14 08:42 - 2015-05-11 21:01 - 08958344 _____ () D:\Erik\Hry\Steam\bin\pdf.dll
2015-04-14 19:34 - 2015-04-14 19:34 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3802499866-1786034092-504280767-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Bloody2 => "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
MSCONFIG\startupreg: Bonus.SSR.FR11 => "D:\Erik\Programy\Installed\Fine Reader Pro\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\crap.exe" /MONITOR
MSCONFIG\startupreg: GoobzoYouTubeAccelerator => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CA12B1B7-F616-4B93-BA96-BE0D224668F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3F7A61B-DF89-4731-9EE2-D1ED898E596B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFA06314-34ED-4407-91DF-2656D9E478E9}] => (Allow) D:\Erik\Hry\Steam\Steam.exe
FirewallRules: [{4BEF79A2-1B0F-4627-A056-561607381E6D}] => (Allow) D:\Erik\Hry\Steam\Steam.exe
FirewallRules: [{7C8ED55D-1A4A-4C80-99FE-53F1E0A1F850}] => (Allow) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
FirewallRules: [{51A9903F-92BD-4F91-9B32-46946589CCFF}] => (Allow) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
FirewallRules: [{C141DEA8-990A-40C0-AB93-CB051DC081C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{18640EC9-B67F-4C6B-888B-FDE1BC56C3CD}] => (Allow) C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62BCF729-E711-4F89-A002-D8B0E35BA468}] => (Allow) C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D34363D1-4411-48AC-90CE-E8FA16708EC8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CF71E798-2476-45FC-8E91-5B397E32C581}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C5B6E077-927E-4A4E-92E0-EFE9569EA7FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BC7B0D9D-CF2A-4E73-9145-0D865788B85A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B8659CD4-C1E1-43EA-AC40-3CE818CE709C}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A35F8301-252B-4D97-AC63-FA26A7BC79BF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{57411679-171D-49C0-A958-272E4305B2F8}] => (Allow) D:\Erik\Programy\Installed\Visual Studio\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{C8CEACC8-DEEC-498C-94D0-28582DCBF27E}D:\erik\programy\installed\gamemaker studio\runner.exe] => (Allow) D:\erik\programy\installed\gamemaker studio\runner.exe
FirewallRules: [UDP Query User{0BFA8CF9-C165-4E89-BB02-A205AF92C47C}D:\erik\programy\installed\gamemaker studio\runner.exe] => (Allow) D:\erik\programy\installed\gamemaker studio\runner.exe
FirewallRules: [TCP Query User{F88543D9-74A2-4E2F-BEEC-C07B83129C58}D:\erik\hry\grand theft auto iv\gtaiv.exe] => (Block) D:\erik\hry\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{D5322029-8DBC-49D6-94B8-506DB07D61F9}D:\erik\hry\grand theft auto iv\gtaiv.exe] => (Block) D:\erik\hry\grand theft auto iv\gtaiv.exe
FirewallRules: [TCP Query User{95AEF8D4-DCFA-4035-966E-577ED8D701E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5B8508DD-CB4C-47EB-8DA8-3AB5BC6D85CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3776C1D6-E03B-41C6-8CBE-D57419847E66}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Block) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{B44CA65E-E3A9-41AD-8907-90D34203416F}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Block) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [TCP Query User{121D58D3-B398-410D-88E2-7E0AD9DDA070}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Allow) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{2E14FB96-5D93-4C23-8C50-4490FB1A870C}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Allow) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [{08EB5C13-19F3-4848-8208-3C15A7239604}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4C34D8DC-9B89-4B04-9D4A-4F0CD9FC1ED2}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{15F1A29C-01A2-4135-A63A-28032F14E87E}D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{532B6690-1040-42FD-A8DA-FBA5AFCC9D89}D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [TCP Query User{241B34CF-ADD7-42C9-88B3-8A93151797E5}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Allow) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [UDP Query User{BC01B2AD-10E8-424E-920A-9F321BDE8DEF}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Allow) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [TCP Query User{C98B4F96-0BAC-4F8B-8DAD-E7AAD77500C3}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Block) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [UDP Query User{190AD386-0576-4640-AFB9-C32723F3766A}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Block) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [{1F64955C-D283-44C8-8171-37CF0387B12A}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8D2C2A01-E219-4150-97A0-DDF41A9F8FD6}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09D8C9FD-BAE7-47F6-B364-3D2B503613BC}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{ADBEDEEF-47C2-41C6-82F6-6A45EF042EB2}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{B19CA855-AC76-4AD1-A25E-07E4D48D9C08}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{BBE1DFD1-6866-4B98-872F-F05C0944C8E8}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{9AD982C8-021B-4192-BBA2-DB25B744979E}D:\erik\programy\installed\openportchecker\pfportchecker.exe] => (Allow) D:\erik\programy\installed\openportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{E855449C-41B3-4089-859A-F2132872ADBE}D:\erik\programy\installed\openportchecker\pfportchecker.exe] => (Allow) D:\erik\programy\installed\openportchecker\pfportchecker.exe
FirewallRules: [{F7EE2567-0154-43DE-B117-E190F333C65C}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{F02A02AC-9D36-4676-AD50-9609D2099ADF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{58C7A2AB-D785-47E1-AE73-5E79DC5B2029}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{C8E22C9B-0D4D-42FE-9934-EAD7831CBC83}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{4A24BAB2-5D63-497D-8407-DA3C50E1F23A}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{6F19E833-087C-4DB4-8E27-01C966964164}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{8DA68C07-FC51-4E8F-8882-FEDD1E968AC3}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{5B1175AB-B2C3-428B-9C71-BC6426BBE181}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{339BD121-B84A-4BBD-840C-6FF14EEF5E35}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{ACC2D7B4-275F-4E35-A2D9-661F07FE4569}D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{137C3771-703B-448D-95CE-3768403C33CD}D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{67792771-0FFE-442B-9493-6E5BFF3F6854}D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe] => (Allow) D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe
FirewallRules: [UDP Query User{7B686806-B456-4874-86C2-3F6A0FD9E163}D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe] => (Allow) D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe
FirewallRules: [{62603F1B-3CDA-41F5-B647-06049D392013}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [{4BEBBA31-60D6-4641-A57E-3BB25B291088}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [TCP Query User{E1BEEDFF-8A97-48D2-957A-6ADB4C9ADA83}D:\erik\hry\grand theft auto v\gta5.exe] => (Allow) D:\erik\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DECE68AA-E088-425D-A3BD-43D33E496A5F}D:\erik\hry\grand theft auto v\gta5.exe] => (Allow) D:\erik\hry\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{383A0062-633A-4A09-94BA-CD9249FC972B}D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe] => (Allow) D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe
FirewallRules: [UDP Query User{B65A40DD-7DC7-4F31-BFB4-A56E4193BBE3}D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe] => (Allow) D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe
FirewallRules: [{3642D034-36D2-4CA2-9EA6-D36708D78E7E}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{0E63E296-20BC-4967-8158-C8E7B3CB5FEF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{ADD599E5-46FA-4DE4-8431-76B55958FD3D}D:\erik\programy\portable\appache\apache24\bin\httpd.exe] => (Allow) D:\erik\programy\portable\appache\apache24\bin\httpd.exe
FirewallRules: [UDP Query User{E9AE7FFA-8987-4C8D-8CAF-6E9A89A6AD63}D:\erik\programy\portable\appache\apache24\bin\httpd.exe] => (Allow) D:\erik\programy\portable\appache\apache24\bin\httpd.exe
FirewallRules: [TCP Query User{11DDA5CC-16A6-474C-B22F-2A05745B9F16}D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{6B6796D6-D6E0-4554-9FD8-218BF8576F87}D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{94E921D7-F380-456A-A54C-466F420DC425}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F988F01-FF36-48C9-BE88-FCC1FF6CB2B0}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{CE4555EE-A547-4283-A9B8-72AF275B6A98}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 07:55:18 PM) (Source: KF-PID5084) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 03:00:07 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:43:12 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:36:49 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:08:02 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 01:44:59 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000308,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000034EEEC0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000acc,(null),0,REG_BINARY,0000000006CEE3B0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Název modulu pro zápis: MSSearch Service Writer
   ID instance modulu pro zápis: {d8e6498f-8eb7-4bd1-a977-c6bef5b14f3b}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000334E900.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Název modulu pro zápis: Registry Writer
   ID instance modulu pro zápis: {7b47946f-cc0b-434a-bb88-6396af25d06a}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000a9c,(null),0,REG_BINARY,0000000001E1E290.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Název modulu pro zápis: WMI Writer
   ID instance modulu pro zápis: {b69e4f42-fa26-4dab-b3bb-8be6fb327a72}

System errors:
=============
Error: (05/27/2015 05:39:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/26/2015 00:57:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/25/2015 02:13:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/24/2015 11:13:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/24/2015 11:12:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) ukončena s chybou %%0, specifickou pro službu.

Error: (05/24/2015 10:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/24/2015 10:57:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (05/24/2015 10:57:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (05/24/2015 10:57:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/24/2015 10:57:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Microsoft Office:
=========================
Error: (05/25/2015 07:55:18 PM) (Source: KF-PID5084) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 03:00:07 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:43:12 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:36:49 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:08:02 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 01:44:59 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000308,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000034EEEC0.72)0x80070005, Přístup byl odepřen.

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000acc,(null),0,REG_BINARY,0000000006CEE3B0.72)0x80070005, Přístup byl odepřen.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Název modulu pro zápis: MSSearch Service Writer
   ID instance modulu pro zápis: {d8e6498f-8eb7-4bd1-a977-c6bef5b14f3b}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000334E900.72)0x80070005, Přístup byl odepřen.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Název modulu pro zápis: Registry Writer
   ID instance modulu pro zápis: {7b47946f-cc0b-434a-bb88-6396af25d06a}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a9c,(null),0,REG_BINARY,0000000001E1E290.72)0x80070005, Přístup byl odepřen.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Název modulu pro zápis: WMI Writer
   ID instance modulu pro zápis: {b69e4f42-fa26-4dab-b3bb-8be6fb327a72}

==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 44%
Total physical RAM: 8171.55 MB
Available physical RAM: 4544.57 MB
Total Pagefile: 16341.3 MB
Available Pagefile: 13154.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.18 GB) (Free:92.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:784.33 GB) (Free:514.41 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:623.3 GB) NTFS
Drive h: (60 Seconds!) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8E5D0FF0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C6D8CBD5)
Partition 1: (Active) - (Size=147.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=784.3 GB) - (Type=07 NTFS)

==================== End of log ============================

#####

FIRT.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Erik (administrator) on ERIK-PC on 27-05-2015 22:33:27
Running from D:\Erik\Downloads
Loaded Profiles: Erik (Available Profiles: Erik)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Ellora Assets Corp.) D:\Erik\Programy\Installed\Freemake\CaptureLib\CaptureLibService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) D:\Erik\Hry\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Valve Corporation) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Farbar) D:\Erik\Downloads\crapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\Run: [Steam] => D:\Erik\Hry\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\Run: [uTorrent] => C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\Run: [DAEMON Tools Lite] => D:\Erik\Programy\Installed\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\MountPoints2: {f037b5bc-b75f-11e4-a0ef-94de802fb0e6} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-18] (Microsoft Corporation)
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\cj3od4cy.default
FF Homepage: www.google.sk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\cj3od4cy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-24]

Chrome:
=======
CHR Profile: C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-23]
CHR Extension: (Google Docs) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-23]
CHR Extension: (Google Drive) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-23]
CHR Extension: (YouTube) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-23]
CHR Extension: (Google Search) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-23]
CHR Extension: (Google Sheets) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-23]
CHR Extension: (Hola Better Internet) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-04-12]
CHR Extension: (Bookmark Manager) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-23]
CHR Extension: (Gmail) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-03-28] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 FreemakeVideoCapture; D:\Erik\Programy\Installed\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-05-06] (Ellora Assets Corp.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 MBAMService; D:\Erik\Programy\Installed\MalwareBytes\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Survarium-Steam Update Service; D:\Erik\Hry\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [76408 2015-04-03] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-18] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:33 - 2015-05-27 22:33 - 00000000 ____D () C:\FRST
2015-05-27 17:37 - 2015-05-27 17:37 - 00000888 _____ () C:\Windows\PFRO.log
2015-05-26 16:29 - 2015-05-26 16:29 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Sony Creative Software Inc
2015-05-26 15:41 - 2015-05-26 15:41 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Publish Providers
2015-05-26 15:40 - 2015-05-26 17:32 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Sony
2015-05-26 15:25 - 2015-05-26 15:25 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-05-26 15:25 - 2015-05-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-05-26 15:19 - 2015-05-26 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-26 15:18 - 2015-05-26 15:40 - 00000000 ____D () C:\Users\Erik\AppData\Local\Sony
2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\Sony
2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\Sony
2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-25 14:46 - 2015-05-25 16:16 - 00000000 ____D () C:\Users\Erik\Cisco Packet Tracer 6.2sv
2015-05-25 14:46 - 2015-05-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student
2015-05-25 14:38 - 2015-05-25 14:39 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\PicPick
2015-05-25 14:38 - 2015-05-25 14:38 - 00000000 ____D () C:\ProgramData\PicPick
2015-05-25 14:12 - 2015-05-27 17:38 - 00000168 _____ () C:\Windows\setupact.log
2015-05-25 14:12 - 2015-05-25 14:12 - 00501120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-25 14:12 - 2015-05-25 14:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-24 13:10 - 2015-05-24 13:10 - 00132328 _____ () C:\Users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 11:30 - 2015-05-24 11:30 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-24 11:29 - 2015-05-24 11:47 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-24 11:10 - 2015-05-24 11:10 - 00009318 _____ () C:\Windows\system32\.crusader
2015-05-24 11:04 - 2015-05-24 11:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-24 10:56 - 2015-05-24 10:57 - 00000000 ____D () C:\AdwCleaner
2015-05-24 10:38 - 2015-05-24 11:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 10:37 - 2015-05-24 10:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 10:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 10:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 10:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 17:25 - 2015-05-21 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
2015-05-20 17:44 - 2015-05-20 17:51 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Dropbox
2015-05-20 15:00 - 2015-05-20 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-20 14:59 - 2015-05-12 04:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-20 14:57 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-20 14:57 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-20 14:57 - 2015-05-12 08:27 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-20 14:57 - 2015-05-12 08:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-20 14:57 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-20 14:57 - 2014-11-22 12:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-20 14:57 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-20 08:32 - 2015-05-27 17:40 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-19 18:04 - 2015-05-23 12:25 - 00000000 ____D () C:\Users\Erik\Documents\The Witcher 3
2015-05-16 13:13 - 2015-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-05-16 13:10 - 2015-05-16 13:10 - 00000000 ____D () C:\Program Files\Speccy
2015-05-15 17:42 - 2015-05-15 17:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 15:16 - 2015-05-10 05:11 - 00025373 _____ () C:\Users\Erik\Documents\dispatch.meta
2015-05-10 13:03 - 2015-05-10 13:03 - 00008288 ____H () C:\Users\Erik\AppData\Local\Plugin.dat
2015-05-09 23:01 - 2015-05-09 23:01 - 00000000 ____D () C:\ProgramData\Socialclub
2015-05-09 22:14 - 2015-05-10 13:08 - 00000000 ____D () C:\Users\Erik\AppData\Local\GVSE
2015-05-09 22:08 - 2015-05-09 22:08 - 00000000 ____D () C:\Users\Erik\AppData\Local\Spoon
2015-05-05 19:26 - 2015-05-05 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-05 19:26 - 2015-05-05 19:26 - 00000000 ____D () C:\ProgramData\ESET
2015-05-05 19:26 - 2015-05-05 19:26 - 00000000 ____D () C:\Program Files\ESET
2015-05-03 13:55 - 2015-05-03 13:56 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\ABBYY
2015-05-03 13:53 - 2015-05-03 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
2015-05-03 13:51 - 2015-05-03 13:56 - 00000000 ____D () C:\Users\Erik\AppData\Local\ABBYY
2015-05-03 13:51 - 2015-05-03 13:51 - 00000000 ____D () C:\ProgramData\ABBYY
2015-05-02 19:06 - 2015-05-02 19:33 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Exanima
2015-05-01 19:13 - 2015-05-24 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
2015-04-29 19:50 - 2015-05-07 18:19 - 00000080 _____ () C:\Users\Erik\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-27 19:59 - 2015-04-27 19:59 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:34 - 2015-02-18 16:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 22:34 - 2015-02-18 13:55 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\uTorrent
2015-05-27 22:30 - 2015-02-18 13:41 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Skype
2015-05-27 22:29 - 2015-03-04 17:27 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\TeamViewer
2015-05-27 21:54 - 2015-02-23 22:37 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 20:44 - 2015-02-18 13:34 - 00000000 ____D () C:\Users\Erik\Games
2015-05-27 18:37 - 2015-03-04 13:19 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\vlc
2015-05-27 17:46 - 2015-02-18 12:48 - 01259801 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 17:45 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 17:45 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 17:38 - 2015-02-23 22:37 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 17:38 - 2015-02-18 14:50 - 00001332 _____ () C:\Windows\Tasks\LPSQD.job
2015-05-27 17:38 - 2015-02-18 13:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-27 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 21:25 - 2015-02-26 17:09 - 00000000 ____D () C:\ProgramData\Steam
2015-05-26 20:34 - 2015-04-10 20:24 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Audacity
2015-05-26 19:38 - 2015-02-18 14:11 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\DAEMON Tools Lite
2015-05-26 15:27 - 2015-02-18 13:34 - 00000000 ____D () C:\Users\Erik\Applications
2015-05-26 15:26 - 2015-03-14 22:45 - 00000000 ____D () C:\ProgramData\Freemake
2015-05-25 16:09 - 2015-03-09 16:27 - 00000392 _____ () C:\Users\Erik\.packettracer
2015-05-25 14:46 - 2015-02-18 12:49 - 00000000 ____D () C:\Users\Erik
2015-05-24 11:35 - 2015-04-10 14:28 - 00000000 ____D () C:\Users\Erik\AppData\Local\CrashDumps
2015-05-24 11:35 - 2015-04-07 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subnautica
2015-05-24 11:35 - 2015-03-16 22:07 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3D Číńňđóęňîđ çčěŕ
2015-05-24 11:35 - 2015-02-28 13:00 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2015-05-24 11:20 - 2015-02-18 12:49 - 00000000 ____D () C:\Users\Erik\AppData\Local\VirtualStore
2015-05-24 10:55 - 2015-02-22 16:05 - 00000000 ____D () C:\Users\Erik\Documents\Visual Studio 2013
2015-05-24 10:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-21 20:09 - 2015-03-24 22:34 - 00000000 ____D () C:\Users\Erik\.zenmap
2015-05-21 18:14 - 2009-07-14 17:37 - 00000000 ____D () C:\Windows\ShellNew
2015-05-21 17:24 - 2015-03-21 23:06 - 00000000 ____D () C:\Program Files (x86)\Bloody5
2015-05-20 15:02 - 2015-04-13 17:15 - 00000000 ____D () C:\Users\Erik\AppData\Local\NVIDIA Corporation
2015-05-20 15:02 - 2015-02-18 13:05 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-20 15:02 - 2015-02-18 13:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-20 15:02 - 2015-02-18 13:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-19 08:32 - 2015-02-18 13:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-16 13:09 - 2015-02-22 17:14 - 00007597 _____ () C:\Users\Erik\AppData\Local\Resmon.ResmonCfg
2015-05-16 09:36 - 2015-02-18 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-15 10:49 - 2015-02-23 22:37 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:49 - 2015-02-23 22:37 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 08:58 - 2015-02-18 12:39 - 00000000 ____D () C:\Windows\Panther
2015-05-13 08:52 - 2015-02-18 13:05 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-12 14:05 - 2015-03-09 16:27 - 00000000 ____D () C:\Users\Erik\Cisco Packet Tracer 6.1.1sv
2015-05-12 08:27 - 2015-02-18 13:05 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-12 08:27 - 2015-02-18 13:05 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-12 05:30 - 2015-02-18 13:05 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-12 05:30 - 2015-02-18 13:05 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-12 05:30 - 2015-02-18 13:05 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-12 05:30 - 2015-02-18 13:05 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-12 05:30 - 2015-02-18 13:05 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-12 05:30 - 2015-02-18 13:05 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-11 19:01 - 2015-02-18 13:05 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-11 12:44 - 2009-07-14 17:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-10 13:22 - 2015-02-19 14:29 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2015-05-08 23:33 - 2009-07-14 17:18 - 00660758 _____ () C:\Windows\system32\perfh005.dat
2015-05-08 23:33 - 2009-07-14 17:18 - 00141408 _____ () C:\Windows\system32\perfc005.dat
2015-05-08 23:33 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-07 22:22 - 2015-02-26 17:09 - 00000000 ____D () C:\Users\Erik\Documents\My Games
2015-05-03 13:56 - 2015-02-18 16:57 - 00000000 ____D () C:\Users\Erik\AppData\Local\Adobe
2015-04-30 16:33 - 2015-02-22 15:46 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-04-10 20:57 - 2015-04-12 22:11 - 0000020 _____ () C:\Users\Erik\AppData\Roaming\appdataFr3.bin
2015-05-10 13:03 - 2015-05-10 13:03 - 0008288 ____H () C:\Users\Erik\AppData\Local\Plugin.dat
2015-02-22 17:14 - 2015-05-16 13:09 - 0007597 _____ () C:\Users\Erik\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Erik\AppData\Local\Temp\exe2pin.exe
C:\Users\Erik\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-24 16:00

==================== End of log ============================

#4
emeraldnzl

Posted 27 May 2015 - 06:32 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello erik9631,

Please run the MGA Diagnostic Tool and post back the report it produces:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

After that

Download CKScanner from here

Important : Save it to your desktop.

Doubleclick (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

When you return please post

MGA Diagnostic Report
CKFiles.txt

#5
erik9631

Posted 28 May 2015 - 06:30 AM

Member

Topic Starter
Member
10 posts

Thank you for your support so far. I greatelly appreciate it.

Here is the MGA diagnostic report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {14FEE16F-2BA5-4656-84F4-5E99C7B6C6B0}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{14FEE16F-2BA5-4656-84F4-5E99C7B6C6B0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-3802499866-1786034092-504280767</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>FD</Version><SMBIOSVersion major="2" minor="7"/><Date>20130125000000.000000+000</Date></BIOS><HWID>7B293407018400F2</HWID><UserLCID>041B</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Verze služby SLS (Software Licensing Service): 6.1.7601.17514

Název: Windows® 7, Professional edition
Popis: Windows Operating System - Windows® 7, OEM_SLP channel
ID aktivace: 50e329f7-a5fa-46b2-85fd-f224e5da7764
ID aplikace: 55c92734-d682-4d71-983e-d6ec3f16059f
Rozšířené PID: 00371-00178-926-700004-02-1029-7600.0000-0492015
ID instalace: 020362447786426391178910284381371282501812689350439556
Adresa URL certifikátu procesoru:   http://go.microsoft....k/?LinkID=88338
Adresa URL certifikátu počítače:     http://go.microsoft....k/?LinkID=88339
Adresa URL licence k použití:             http://go.microsoft....k/?LinkID=88341
Adresa URL certifikátu kódu Product Key: http://go.microsoft....k/?LinkID=88340
Část kódu Product Key: 7TP9F
Stav licence: Licencováno
Zbývající počet obnovení aktivačního období Windows: 4
Důvěryhodný čas: 28. 5. 2015 14:24:50

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAIABAABAAEAAAACAAAAAQABAAEAln1Kg5a9dxbc39wVVPIQM2hWRiu+u363An92Mg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ALASKA       A M I
FACP           ALASKA       A M I
HPET           ALASKA       A M I
MCFG           ALASKA       A M I
FPDT           ALASKA       A M I
MATS           ALASKA       A M I
BGRT           ALASKA       A M I
SLIC           ACRSYS       ACRPRDCT

#########
CKScanner

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\autokms\autokms.exe
scanner sequence 3.AP.11.MRNAUZ
----- EOF -----

#6
emeraldnzl

Posted 28 May 2015 - 04:34 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello erik9631,

Download the attached fixlist.txt file.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

So when you return please post

Fixlog.txt
JRT.txt

Attached Files

fixlist.txt 2.66KB 744 downloads

#7
erik9631

Posted 29 May 2015 - 06:22 AM

Member

Topic Starter
Member
10 posts

###########

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Erik at 2015-05-29 14:09:57 Run:1
Running from D:\Erik\FRST
Loaded Profiles: Erik (Available Profiles: Erik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
C:\Users\Erik\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-10 20:57 - 2015-04-12 22:11 - 0000020 _____ () C:\Users\Erik\AppData\Roaming\appdataFr3.bin
C:\Users\Erik\AppData\Local\Temp\exe2pin.exe
C:\Users\Erik\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
Task: {12B005B3-8041-44DC-AC57-4C84E806F3BD} - \SPBIW_UpdateTask_Time_333536353230333734302d2d55506c2a5a55576c412334 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\IEEQFX.job => C:\Users\Erik\AppData\Roaming\IEEQFX.exe <==== ATTENTION
Task: C:\Windows\Tasks\LPSQD.job => C:\Users\Erik\AppData\Roaming\LPSQD.exe <==== ATTENTION
Task: {66536B2D-A294-4EBC-BE81-1769014324E9} - System32\Tasks\IEEQFX => C:\Users\Erik\AppData\Roaming\IEEQFX.exe <==== ATTENTION
Task: {DB7BBE2B-7057-47C6-A402-0144225D7ED0} - System32\Tasks\LPSQD => C:\Users\Erik\AppData\Roaming\LPSQD.exe <==== ATTENTION
C:\Users\Erik\AppData\Roaming\IEEQFX.exe
C:\Users\Erik\AppData\Roaming\LPSQD.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\Erik\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => Moved successfully.
C:\Users\Erik\AppData\Roaming\appdataFr3.bin => Moved successfully.
C:\Users\Erik\AppData\Local\Temp\exe2pin.exe => Moved successfully.
C:\Users\Erik\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12B005B3-8041-44DC-AC57-4C84E806F3BD}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B005B3-8041-44DC-AC57-4C84E806F3BD}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333536353230333734302d2d55506c2a5a55576c412334" => key Removed successfully
C:\Windows\Tasks\IEEQFX.job => Moved successfully.
C:\Windows\Tasks\LPSQD.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66536B2D-A294-4EBC-BE81-1769014324E9}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66536B2D-A294-4EBC-BE81-1769014324E9}" => key Removed successfully
C:\Windows\System32\Tasks\IEEQFX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEEQFX" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB7BBE2B-7057-47C6-A402-0144225D7ED0}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB7BBE2B-7057-47C6-A402-0144225D7ED0}" => key Removed successfully
C:\Windows\System32\Tasks\LPSQD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LPSQD" => key Removed successfully
"C:\Users\Erik\AppData\Roaming\IEEQFX.exe" => File/Folder not found.
"C:\Users\Erik\AppData\Roaming\LPSQD.exe" => File/Folder not found.

========= ipconfig /flushdns =========

Konfigurace protokolu IP syst�mu Windows

Mezipam؜ p�ekl�d�n� DNS byla �sp��n� vypr�zdn�na.

========= End of CMD: =========

EmptyTemp: => Removed 641.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:10:30 ====

###########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Professional x64
Ran by Erik on pi 29. 05. 2015 at 14:16:27,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Users\Erik\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Erik\appdata\local\installer
Successfully deleted: [Folder] C:\ProgramData\D0661E59D4138465A3050DDA1EB00C14

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Erik\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

[C:\Users\Erik\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Erik\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gkojfkhlekighikafcpjkiklfbnlmeio

[C:\Users\Erik\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Erik\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gkojfkhlekighikafcpjkiklfbnlmeio
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 29. 05. 2015 at 14:19:21,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will also uninstal deamon tools. That is what caused all this pain and all these issues. The free installation is full of malware, even if you decide not to install the additional things you get infected.

This is a message to everyone who wants to use this tool. Avoid it at all costs.

Edited by erik9631, 29 May 2015 - 06:29 AM.

#8
emeraldnzl

Posted 29 May 2015 - 01:28 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello erik9631,

It makes me believe that it might be an issue with CCleaner itself rather than a virus, but I am not so sure after all these infections.

Why don't you uninstall it then?

Moving on

Download RogueKiller to your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled.

Quit all running programs
For Vista and above, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
Click on Scan (top of panel right hand side)
Wait for the scan to finish.
Click the report button, right hand panel.
Do not click on any other buttons

Please copy and paste the contents of all the RKreport in your next Reply.

After that

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

So when you return please post

RKreport
FRST.txt
Addition.txt

#9
erik9631

Posted 30 May 2015 - 02:47 AM

Member

Topic Starter
Member
10 posts

##############

ROGUE KILLER.

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Erik [Administrator]
Started from : D:\Erik\Downloads\RogueKiller.exe
Mode : Scan -- Date : 05/30/2015 10:37:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3802499866-1786034092-504280767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00L4HB0 ATA Device +++++
--- User ---
[MBR] cee4eff4b7faf4b71f422fddc78ac143
[BSP] f4c7c112aa33a3e7ac249e233224e854 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1003FZEX-00MK2A0 ATA Device +++++
--- User ---
[MBR] 628e7db015f47aadda6f51656bc9c762
[BSP] 0f3e8240a3bf7590ec05c895b68a0c4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 150711 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 308658176 | Size: 803157 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

##############

ADDITIONAL.TXT

LastRegBack: 2015-05-24 16:00

==================== End of log ============================

##############

FRST.TXT

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Erik at 2015-05-30 10:43:56
Running from D:\Erik\Programy\Portable\FRST
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3802499866-1786034092-504280767-500 - Administrator - Disabled)
Erik (S-1-5-21-3802499866-1786034092-504280767-1000 - Administrator - Enabled) => C:\Users\Erik
Guest (S-1-5-21-3802499866-1786034092-504280767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3802499866-1786034092-504280767-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
60 Seconds! (HKLM-x32\...\NjBTZWNvbmRz_is1) (Version: 1 - )
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Aurora 3D Text & Logo Maker version 12.09.26 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.09.26 - Aurora3D Software)
AutoHotkey 1.1.22.00 (HKLM\...\AutoHotkey) (Version: 1.1.22.00 - Lexikos)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.05.0002 - Bloody)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Car Mechanic Simulator 2015 (HKLM-x32\...\Car Mechanic Simulator 2015_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CertificationKits IP Subnet Calculator (HKLM-x32\...\{838689FE-AB35-49CC-A099-C00088C6E393}) (Version: 1.0.3 - CertificationKits)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version: - Cisco Systems, Inc.)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: - )
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
CodeBlocks (HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.1.0.0 - Ubisoft)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{D6885DDE-4632-4640-A3BB-13C9F02CE81C}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Far Cry 4 - Gold Edition version Far Cry 4 - Gold Edition (HKLM-x32\...\Far Cry 4 - Gold Edition_is1) (Version: Far Cry 4 - Gold Edition - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)
GameMaker-Studio (HKLM-x32\...\{6628277A-F051-4647-96D7-E829FD86C7B9}) (Version: 1.2.1130 - YoYo Games Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV v1.0 / RePack by Baracuda (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}_is1) (Version: - )
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Mercenaries 2: World in Flames™ (HKLM-x32\...\{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}) (Version: 2.0.1.0 - Electronic Arts)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 cs)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Ovladač 3D Vision 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 352.86 (Version: 352.86 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.9 - Portforward, LLC)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpinTires (04.02.15) (HKLM-x32\...\SpinTires (04.02.15)04.02.15) (Version: 04.02.15 - Friends in War)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.27d - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.02 - Релиз от R.G. Steamgames)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Ultimate Tic-Tac-Toe (HKLM-x32\...\Steam App 360870) (Version: - Tigerish Games)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplink (remove only) (HKLM-x32\...\Uplink) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3802499866-1786034092-504280767-1000_Classes\CLSID\{993C8B61-2DB8-29E2-B13C-C0FAB3C92553}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

26-05-2015 15:17:57 Nainstalováno: MSVCRT Redists
26-05-2015 15:18:45 Installed Vegas Pro 13.0 (64-bit)
29-05-2015 14:30:31 Instalace balíčku ovladače zařízení: SysProgs.org Řadiče paměťových zařízení

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D743276-4C2A-4524-AF83-A3C8751BB4E0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {151E506E-C241-47F5-A90A-B6D1065CA6F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {291C65BF-42FF-4C8C-BE43-8340C43EC154} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-23] (Google Inc.)
Task: {4E03143B-519B-4BE5-B48F-F8CDD3D13C85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {59DA1026-FCB1-4350-A011-A2E51160BA78} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-18] ()
Task: {6D67298B-77C4-48C9-AE74-AAB1895AB434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-23] (Google Inc.)
Task: {7595DD9E-CB2C-41D9-B9FB-D2EF1515199F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\crap.exe [2015-04-23] (Piriform Ltd)
Task: {E4A6B2C2-4189-4920-A3DE-75E3E798C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-18 13:05 - 2015-05-12 05:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-10 20:31 - 2013-07-10 20:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-18 13:24 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-02-18 12:54 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-02-18 12:54 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-05-30 10:33 - 2015-05-30 10:33 - 17023576 _____ () D:\Erik\Downloads\RogueKiller.exe
2015-02-18 13:24 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-02-18 13:28 - 2015-04-16 19:40 - 00776192 _____ () D:\Erik\Hry\Steam\SDL2.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 04962816 _____ () D:\Erik\Hry\Steam\v8.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 01556992 _____ () D:\Erik\Hry\Steam\icui18n.dll
2015-02-18 13:28 - 2015-04-23 04:16 - 01187840 _____ () D:\Erik\Hry\Steam\icuuc.dll
2015-02-18 13:28 - 2015-05-15 03:58 - 02396352 _____ () D:\Erik\Hry\Steam\video.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 02396672 _____ () D:\Erik\Hry\Steam\libavcodec-56.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00442880 _____ () D:\Erik\Hry\Steam\libavutil-54.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00479744 _____ () D:\Erik\Hry\Steam\libavformat-56.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00332800 _____ () D:\Erik\Hry\Steam\libavresample-2.dll
2015-02-18 13:28 - 2014-12-01 23:31 - 00485888 _____ () D:\Erik\Hry\Steam\libswscale-3.dll
2015-02-18 13:28 - 2015-05-15 03:57 - 00703168 _____ () D:\Erik\Hry\Steam\bin\chromehtml.DLL
2013-07-10 20:31 - 2013-07-10 20:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-18 13:28 - 2015-05-11 21:01 - 36302728 _____ () D:\Erik\Hry\Steam\bin\libcef.dll
2015-05-14 08:42 - 2015-05-11 21:01 - 08958344 _____ () D:\Erik\Hry\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3802499866-1786034092-504280767-1000\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3802499866-1786034092-504280767-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Bloody2 => "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
MSCONFIG\startupreg: Bonus.SSR.FR11 => "D:\Erik\Programy\Installed\Fine Reader Pro\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\crap.exe" /MONITOR
MSCONFIG\startupreg: GoobzoYouTubeAccelerator => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CA12B1B7-F616-4B93-BA96-BE0D224668F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3F7A61B-DF89-4731-9EE2-D1ED898E596B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFA06314-34ED-4407-91DF-2656D9E478E9}] => (Allow) D:\Erik\Hry\Steam\Steam.exe
FirewallRules: [{4BEF79A2-1B0F-4627-A056-561607381E6D}] => (Allow) D:\Erik\Hry\Steam\Steam.exe
FirewallRules: [{7C8ED55D-1A4A-4C80-99FE-53F1E0A1F850}] => (Allow) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
FirewallRules: [{51A9903F-92BD-4F91-9B32-46946589CCFF}] => (Allow) D:\Erik\Hry\Steam\bin\steamwebhelper.exe
FirewallRules: [{C141DEA8-990A-40C0-AB93-CB051DC081C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{18640EC9-B67F-4C6B-888B-FDE1BC56C3CD}] => (Allow) C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62BCF729-E711-4F89-A002-D8B0E35BA468}] => (Allow) C:\Users\Erik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D34363D1-4411-48AC-90CE-E8FA16708EC8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CF71E798-2476-45FC-8E91-5B397E32C581}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C5B6E077-927E-4A4E-92E0-EFE9569EA7FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BC7B0D9D-CF2A-4E73-9145-0D865788B85A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B8659CD4-C1E1-43EA-AC40-3CE818CE709C}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A35F8301-252B-4D97-AC63-FA26A7BC79BF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{57411679-171D-49C0-A958-272E4305B2F8}] => (Allow) D:\Erik\Programy\Installed\Visual Studio\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{C8CEACC8-DEEC-498C-94D0-28582DCBF27E}D:\erik\programy\installed\gamemaker studio\runner.exe] => (Allow) D:\erik\programy\installed\gamemaker studio\runner.exe
FirewallRules: [UDP Query User{0BFA8CF9-C165-4E89-BB02-A205AF92C47C}D:\erik\programy\installed\gamemaker studio\runner.exe] => (Allow) D:\erik\programy\installed\gamemaker studio\runner.exe
FirewallRules: [TCP Query User{F88543D9-74A2-4E2F-BEEC-C07B83129C58}D:\erik\hry\grand theft auto iv\gtaiv.exe] => (Block) D:\erik\hry\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{D5322029-8DBC-49D6-94B8-506DB07D61F9}D:\erik\hry\grand theft auto iv\gtaiv.exe] => (Block) D:\erik\hry\grand theft auto iv\gtaiv.exe
FirewallRules: [TCP Query User{95AEF8D4-DCFA-4035-966E-577ED8D701E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5B8508DD-CB4C-47EB-8DA8-3AB5BC6D85CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3776C1D6-E03B-41C6-8CBE-D57419847E66}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Block) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{B44CA65E-E3A9-41AD-8907-90D34203416F}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Block) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [TCP Query User{121D58D3-B398-410D-88E2-7E0AD9DDA070}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Allow) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{2E14FB96-5D93-4C23-8C50-4490FB1A870C}D:\erik\hry\city car driving\bin\win32\starter.exe] => (Allow) D:\erik\hry\city car driving\bin\win32\starter.exe
FirewallRules: [{08EB5C13-19F3-4848-8208-3C15A7239604}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4C34D8DC-9B89-4B04-9D4A-4F0CD9FC1ED2}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{15F1A29C-01A2-4135-A63A-28032F14E87E}D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{532B6690-1040-42FD-A8DA-FBA5AFCC9D89}D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [TCP Query User{241B34CF-ADD7-42C9-88B3-8A93151797E5}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Allow) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [UDP Query User{BC01B2AD-10E8-424E-920A-9F321BDE8DEF}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Allow) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [TCP Query User{C98B4F96-0BAC-4F8B-8DAD-E7AAD77500C3}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Block) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [UDP Query User{190AD386-0576-4640-AFB9-C32723F3766A}D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe] => (Block) D:\erik\hry\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [{1F64955C-D283-44C8-8171-37CF0387B12A}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8D2C2A01-E219-4150-97A0-DDF41A9F8FD6}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09D8C9FD-BAE7-47F6-B364-3D2B503613BC}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{ADBEDEEF-47C2-41C6-82F6-6A45EF042EB2}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{B19CA855-AC76-4AD1-A25E-07E4D48D9C08}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{BBE1DFD1-6866-4B98-872F-F05C0944C8E8}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{9AD982C8-021B-4192-BBA2-DB25B744979E}D:\erik\programy\installed\openportchecker\pfportchecker.exe] => (Allow) D:\erik\programy\installed\openportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{E855449C-41B3-4089-859A-F2132872ADBE}D:\erik\programy\installed\openportchecker\pfportchecker.exe] => (Allow) D:\erik\programy\installed\openportchecker\pfportchecker.exe
FirewallRules: [{F7EE2567-0154-43DE-B117-E190F333C65C}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{F02A02AC-9D36-4676-AD50-9609D2099ADF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{58C7A2AB-D785-47E1-AE73-5E79DC5B2029}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{C8E22C9B-0D4D-42FE-9934-EAD7831CBC83}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{4A24BAB2-5D63-497D-8407-DA3C50E1F23A}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{6F19E833-087C-4DB4-8E27-01C966964164}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{8DA68C07-FC51-4E8F-8882-FEDD1E968AC3}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{5B1175AB-B2C3-428B-9C71-BC6426BBE181}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{339BD121-B84A-4BBD-840C-6FF14EEF5E35}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{ACC2D7B4-275F-4E35-A2D9-661F07FE4569}D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{137C3771-703B-448D-95CE-3768403C33CD}D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\erik\hry\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{67792771-0FFE-442B-9493-6E5BFF3F6854}D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe] => (Allow) D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe
FirewallRules: [UDP Query User{7B686806-B456-4874-86C2-3F6A0FD9E163}D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe] => (Allow) D:\erik\hry\running.with.rifles.v1.0\rwr_game.exe
FirewallRules: [{62603F1B-3CDA-41F5-B647-06049D392013}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [{4BEBBA31-60D6-4641-A57E-3BB25B291088}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [TCP Query User{E1BEEDFF-8A97-48D2-957A-6ADB4C9ADA83}D:\erik\hry\grand theft auto v\gta5.exe] => (Allow) D:\erik\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DECE68AA-E088-425D-A3BD-43D33E496A5F}D:\erik\hry\grand theft auto v\gta5.exe] => (Allow) D:\erik\hry\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{383A0062-633A-4A09-94BA-CD9249FC972B}D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe] => (Allow) D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe
FirewallRules: [UDP Query User{B65A40DD-7DC7-4F31-BFB4-A56E4193BBE3}D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe] => (Allow) D:\erik\programy\portable\steamcmd\steamapps\common\killingfloor2\binaries\win64\kfserver.exe
FirewallRules: [{3642D034-36D2-4CA2-9EA6-D36708D78E7E}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{0E63E296-20BC-4967-8158-C8E7B3CB5FEF}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{ADD599E5-46FA-4DE4-8431-76B55958FD3D}D:\erik\programy\portable\appache\apache24\bin\httpd.exe] => (Allow) D:\erik\programy\portable\appache\apache24\bin\httpd.exe
FirewallRules: [UDP Query User{E9AE7FFA-8987-4C8D-8CAF-6E9A89A6AD63}D:\erik\programy\portable\appache\apache24\bin\httpd.exe] => (Allow) D:\erik\programy\portable\appache\apache24\bin\httpd.exe
FirewallRules: [TCP Query User{11DDA5CC-16A6-474C-B22F-2A05745B9F16}D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{6B6796D6-D6E0-4554-9FD8-218BF8576F87}D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) D:\erik\programy\installed\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{94E921D7-F380-456A-A54C-466F420DC425}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F988F01-FF36-48C9-BE88-FCC1FF6CB2B0}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{CE4555EE-A547-4283-A9B8-72AF275B6A98}] => (Allow) D:\Erik\Hry\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 02:27:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program CKScanner.exe verze 2.5.1.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 139c

Čas spuštění: 01d09941b1fb3a3f

Čas ukončení: 1

Cesta k aplikaci: C:\Users\Erik\Desktop\CKScanner.exe

ID hlášení: f5b217bd-0534-11e5-8f29-94de802fb0e6

Error: (05/25/2015 07:55:18 PM) (Source: KF-PID5084) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 03:00:07 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:43:12 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:36:49 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:08:02 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 01:44:59 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000308,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000034EEEC0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000acc,(null),0,REG_BINARY,0000000006CEE3B0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Název modulu pro zápis: MSSearch Service Writer
   ID instance modulu pro zápis: {d8e6498f-8eb7-4bd1-a977-c6bef5b14f3b}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000334E900.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Název modulu pro zápis: Registry Writer
   ID instance modulu pro zápis: {7b47946f-cc0b-434a-bb88-6396af25d06a}

System errors:
=============
Error: (05/30/2015 10:34:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\Windows\System32\drivers\TrueSight.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (05/30/2015 10:18:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (05/29/2015 11:17:37 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Výchozí správce prostředků transakcí na svazku G: zaznamenal neopakovatelnou chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error: (05/29/2015 02:16:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (05/29/2015 02:16:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/29/2015 02:16:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (05/29/2015 02:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/29/2015 02:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SQL Server VSS Writer byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/29/2015 02:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FreemakeVideoCapture byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/29/2015 02:16:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Microsoft Office:
=========================
Error: (05/28/2015 02:27:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CKScanner.exe2.5.1.1139c01d09941b1fb3a3f1C:\Users\Erik\Desktop\CKScanner.exef5b217bd-0534-11e5-8f29-94de802fb0e6

Error: (05/25/2015 07:55:18 PM) (Source: KF-PID5084) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 03:00:07 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:43:12 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:36:49 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 02:08:02 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 01:44:59 PM) (Source: KF-PID4512) (EventID: 1) (User: )
Description: Can't start an online game in state 3

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000308,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000034EEEC0.72)0x80070005, Přístup byl odepřen.

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000acc,(null),0,REG_BINARY,0000000006CEE3B0.72)0x80070005, Přístup byl odepřen.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Název modulu pro zápis: MSSearch Service Writer
   ID instance modulu pro zápis: {d8e6498f-8eb7-4bd1-a977-c6bef5b14f3b}

Error: (05/24/2015 11:10:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000334E900.72)0x80070005, Přístup byl odepřen.

Operace:
   Událost BackupShutdown

Kontext:
   Kontext spuštění: Writer
   ID třídy modulu pro zápis: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Název modulu pro zápis: Registry Writer
   ID instance modulu pro zápis: {7b47946f-cc0b-434a-bb88-6396af25d06a}

==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 8171.55 MB
Available physical RAM: 4392.84 MB
Total Pagefile: 16341.3 MB
Available Pagefile: 13687.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.18 GB) (Free:93.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:784.33 GB) (Free:512.99 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:623.3 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

Reinstalling CCleaner did not fix anything. I am still unable to run certain software such as FRST without having to rename it. It almost feels like If I had some sort of malware that is blacklisting applications with certain names, or it maybe has rewritten something in the system and therefore it is not possible to detect.

I would say it is a defect in the system but that would render all exe files unable to be used, right now when I give exefiles certain names such as CCleaner, adremoverinstall, FRST.... then I am unable to run them, so I highly doubt it is error in the system. I have not found more names that do not work so I am not sure.

Edited by erik9631, 30 May 2015 - 02:48 AM.

#10
emeraldnzl

Posted 30 May 2015 - 01:55 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello

Can I see the FRST.txt log please?

Reinstalling CCleaner did not fix anything.

Do you use the CCleaner registry cleaner?

#11
erik9631

Posted 01 June 2015 - 07:13 AM

Member

Topic Starter
Member
10 posts

Hello

Can I see the FRST.txt log please?

Reinstalling CCleaner did not fix anything.

Do you use the CCleaner registry cleaner?

The FRST.txt log was included in the post above under

####

FRST.txt

and Yes I use the CCleaner registry cleaner.

#12
emeraldnzl

Posted 01 June 2015 - 05:19 PM

GeekU Instructor

GeekU Moderator
20,051 posts

The FRST.txt log was included in the post above under

####

FRST.txt

Oh, I saw the Addition.txt heading and missed the heading below. Thanks for the heads up. :thumbsup:

and Yes I use the CCleaner registry cleaner

That may be part of your problem.

Registry cleaners are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly.

Actually, except in exceptional circumstances it is not necessary to clean your registry.

If you are looking for something to optimize your registry then NTREGOPT would be a way to go.

Now

Please download Farbar Service Scanner and run.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

Press Scan
A log (FSS.txt) will be created in the same directory the tool is run.
Copy and paste the log back here.

#13
erik9631

Posted 02 June 2015 - 12:25 PM

Member

Topic Starter
Member
10 posts

Farbar Service Scanner Version: 17-01-2015
Ran by Erik (administrator) on 02-06-2015 at 20:23:58
Running from "D:\Erik\crap"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ***

Don't mind the crap folder :upset: . I made a quick folder with no idea how to name it :laughing:

Also. I could believe it is a registry, but a registry issue can also prevent files with CERTAIN names not to RUN properly? That does not really make sense to me....

Edited by erik9631, 02 June 2015 - 12:27 PM.

#14
emeraldnzl

Posted 02 June 2015 - 03:19 PM

GeekU Instructor

GeekU Moderator
20,051 posts

but a registry issue can also prevent files with CERTAIN names not to RUN properly?

It might, if for example the registry entry for the program in question was corrupted it might not point the exe file it should. A number of other things might also be the culprit. Reason we ran FSS was to see if it was one of the services but things look okay there.

Also you appear to have some conflict going on but that might also be because of corruption somewhere.

Moving on

Download SFCFix.exe by niemiro and click on it to run.
A black panel will open.
Follow the prompts pressing the requisite keys to continue
Wait completion, the tool will take a little time (runtime is approximately 15 minutes)
When finished, follow the prompt to create a summary of results you will see notification of the result. If there are no corruptions please tell me. If there are some problems please copy and paste back here the complete logfile which will open on completion.
Simply copy (Ctrl-A, Ctrl-C) and paste (Ctrl-V) the entire logfile.

#15
erik9631

Posted 03 June 2015 - 10:23 AM

Member

Topic Starter
Member
10 posts

No corruptions were found.

Here is the log as a proof

SFCFix version 2.4.4.0 by niemiro.
Start time: 2015-06-03 18:21:35.918
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 2.4.4.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-06-03 18:23:04.054
----------------------EOF-----------------------

The runtime did not take 15 minutes but 15 seconds......Is that an issue?

It might, if for example the registry entry for the program in question was corrupted it might not point the exe file it should. A number of other things might also be the culprit. Reason we ran FSS was to see if it was one of the services but things look okay there.

I do not want to make any conclusions but would not moving the file to another folder in this case... fix the issue?

Edited by erik9631, 03 June 2015 - 10:25 AM.