Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My AV services won't run [Solved]


  • This topic is locked This topic is locked

#1
lonelygrimm

lonelygrimm

    New Member

  • Member
  • Pip
  • 8 posts

Hi ! Need Help ASAP !

 

My AV (Avira) services won't run, so i uninstall it for now, here's the log text :

 

==========FRST.txt==========

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by ACER (administrator) on ACER-PC on 30-06-2015 11:47:48
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available Profiles: ACER)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(INNORIX) C:\Windows\System32\innosvcd.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() D:\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
() C:\Program Files\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
(Skillbrains) C:\Users\ACER\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
() D:\Garena Plus\GarenaMessenger.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\ACER\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2013-09-28] ()
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [ACSW18EN] => C:\Program Files\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe [1470224 2014-09-17] (ACD Systems)
HKLM\...\Policies\Explorer\Run: [99016089] => C:\ProgramData\msrkbj.exe [94437376 2009-07-14] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3392920 2011-07-07] (Tonec Inc.)
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [LightShot] => C:\Users\ACER\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [ACDSeeCommander18] => C:\Program Files\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe [1964552 2014-09-20] ()
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [Dropbox Update] => C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [9981888 2015-06-17] ()
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {1a77d288-df2d-11e4-a9b4-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b62066b-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b6206cf-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec8e-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec9f-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ecaa-cdd8-11e4-909d-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1ec-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1fb-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea21d-4204-11e3-8b14-00262d81a167} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a61-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a65-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a79-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {912977b9-452f-11e3-a794-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013-10-01]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2011-05-30] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-137345057-628329502-1556354402-1000] => http=127.0.0.1:8888
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com...opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-07-06] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-09] (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-137345057-628329502-1556354402-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 acdid.acdsystems.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{26FB0689-60CF-4DA7-876D-AFC842AC7DB6}: [DhcpNameServer] 50.23.239.24 208.67.222.222
Tcpip\..\Interfaces\{437DB111-52F1-4DD9-97BD-3AD33B92EC69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F551EE0-19FF-4EAB-A839-F04500679B43}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\zbmnob2u.default
FF NetworkProxy: "backup.ftp", "66.35.68.146"
FF NetworkProxy: "backup.ftp_port", 3127
FF NetworkProxy: "backup.socks", "66.35.68.146"
FF NetworkProxy: "backup.socks_port", 3127
FF NetworkProxy: "backup.ssl", "66.35.68.146"
FF NetworkProxy: "backup.ssl_port", 3127
FF NetworkProxy: "ftp", "118.233.139.108"
FF NetworkProxy: "ftp_port", 8088
FF NetworkProxy: "gopher", "118.233.139.108"
FF NetworkProxy: "gopher_port", 8088
FF NetworkProxy: "http", "118.233.139.108"
FF NetworkProxy: "http_port", 8088
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "118.233.139.108"
FF NetworkProxy: "socks_port", 8088
FF NetworkProxy: "ssl", "118.233.139.108"
FF NetworkProxy: "ssl_port", 8088
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-05-27] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-137345057-628329502-1556354402-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-137345057-628329502-1556354402-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ACER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-22] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\zbmnob2u.default\Extensions\[email protected] [2015-04-09]
FF Extension: iMacros for Firefox - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\zbmnob2u.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-29]
FF Extension: Best Proxy Switcher - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\zbmnob2u.default\Extensions\[email protected] [2014-09-13]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\zbmnob2u.default\Extensions\[email protected] [2014-12-26]
FF HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\ACER\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ACER\AppData\Roaming\IDM\idmmzcc5 [2012-12-08]
FF HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ACER\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MEGA) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-14]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-12-29]
CHR Extension: (Authy) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2014-12-13]
CHR Extension: (Hola Better Internet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S3 npggsvc; C:\Windows\system32\GameMon.des [3431664 2014-08-18] (INCA Internet Co., Ltd.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 VSSS; C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101905984 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [X]
S2 Mobizen plugin; D:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus.sys [124928 2014-10-08] (SteelSeries Corporation) [File not signed]
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
S3 KProcessHacker2; C:\Program Files\kprocesshacker.sys [0 2015-06-29] () <==== ATTENTION (zero byte File/Folder)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [23552 2014-04-25] (The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2011-09-02] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2011-09-02] ()
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham.sys [35456 2014-10-08] (SteelSeries Corporation) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2014-03-12] (The OpenVPN Project)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-12-15] (TeamViewer GmbH)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-30 11:47 - 2015-06-30 11:49 - 00020188 _____ C:\Users\ACER\Desktop\FRST.txt
2015-06-30 11:47 - 2015-06-30 11:47 - 00000000 ____D C:\FRST
2015-06-30 11:46 - 2015-06-30 11:46 - 01636352 _____ (Farbar) C:\Users\ACER\Desktop\FRST.exe
2015-06-30 04:40 - 2015-06-30 04:40 - 00000698 _____ C:\Users\Public\Desktop\PointBlank Garena.lnk
2015-06-30 00:02 - 2015-06-30 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-06-30 00:02 - 2015-06-30 00:02 - 00000580 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-06-29 23:33 - 2015-06-29 23:46 - 76436560 _____ C:\Users\ACER\Desktop\Garena+_Install_id.exe
2015-06-29 19:07 - 2015-06-29 19:08 - 00000000 _____ C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-29 13:05 - 2015-06-29 23:34 - 00000000 ____D C:\Users\ACER\Desktop\PSD FILE
2015-06-28 15:45 - 2015-06-28 15:45 - 00000000 ___HD C:\Users\ACER\Desktop\[Originals]
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 01169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 01169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 01169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 01169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-25 04:31 - 2015-06-25 04:31 - 00000000 ____D C:\Users\ACER\Documents\BlackSquad
2015-06-23 19:14 - 2015-06-23 22:03 - 806237289 _____ C:\Users\ACER\Desktop\Samsung_Galaxy_Tab_2_7.0_3G_WiFi_GT-P3100_Stock_ROM_P3100XXCME2_XSE_Indonesia_4.1.2_Jelly_Bean_MrCrab.Net.zip
2015-06-23 18:31 - 2015-06-23 18:31 - 00000000 ____D C:\Users\ACER\Desktop\Odin_v3.07
2015-06-23 18:30 - 2015-06-23 18:31 - 00464968 _____ C:\Users\ACER\Desktop\Odin_v3.07.zip
2015-06-23 14:47 - 2015-06-23 14:47 - 01169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 01169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-22 11:10 - 2015-06-22 11:10 - 00146456 _____ C:\Windows\Minidump\062215-24070-01.dmp
2015-06-22 05:31 - 2015-06-30 00:06 - 00000000 ____D C:\Users\ACER\Desktop\psx
2015-06-22 05:21 - 2015-06-22 05:21 - 00000000 ____D C:\Users\ACER\AppData\Roaming\fltk.org
2015-06-22 05:18 - 2015-06-22 05:20 - 07918643 _____ C:\Users\ACER\Desktop\Epsxe1.90(bios and plugin include).rar
2015-06-21 23:17 - 2015-06-21 23:17 - 00000000 ____D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2015-06-21 23:17 - 2015-06-21 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskInternals
2015-06-21 23:17 - 2015-06-21 23:17 - 00000000 ____D C:\Program Files\DiskInternals
2015-06-21 23:04 - 1970-01-01 06:59 - 331767326 ____N C:\Users\ACER\Desktop\silent_hill_.zip
2015-06-20 16:55 - 2015-06-20 16:55 - 00000935 _____ C:\Users\Public\Desktop\WinRAR.lnk
2015-06-20 16:28 - 2015-06-20 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-06-20 16:28 - 2015-06-20 16:28 - 00000000 ____D C:\Program Files\7-Zip
2015-06-19 23:40 - 2015-06-19 23:40 - 00000000 ____D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 23:39 - 2015-06-30 11:44 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000UA.job
2015-06-19 23:39 - 2015-06-29 23:44 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000Core.job
2015-06-19 23:39 - 2015-06-19 23:39 - 00000000 ____D C:\Users\ACER\AppData\Local\Dropbox
2015-06-19 23:39 - 2015-06-19 23:39 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-05 20:33 - 2015-06-07 22:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 09:37 - 2015-06-02 09:37 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-30 11:42 - 2014-05-30 18:28 - 00000000 ___RD C:\Users\ACER\Dropbox
2015-06-30 11:41 - 2014-05-30 18:15 - 00000000 ____D C:\Users\ACER\AppData\Roaming\Dropbox
2015-06-30 11:38 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\tracing
2015-06-30 11:34 - 2014-05-06 15:40 - 00000000 ____D C:\Users\ACER\AppData\Roaming\GarenaPlus
2015-06-30 11:34 - 2014-05-06 14:19 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-06-30 11:33 - 2012-12-08 23:36 - 01198132 _____ C:\Windows\WindowsUpdate.log
2015-06-30 11:29 - 2014-03-09 17:22 - 00104760 _____ C:\Windows\setupact.log
2015-06-30 11:29 - 2014-01-01 20:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 11:29 - 2013-10-31 15:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-30 11:29 - 2013-09-28 22:30 - 00135712 _____ C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 11:29 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 11:29 - 2009-07-14 11:33 - 03887664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-30 11:28 - 2014-05-21 16:34 - 00385166 _____ C:\Windows\PFRO.log
2015-06-30 11:18 - 2015-01-04 15:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 10:56 - 2014-01-01 20:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 10:52 - 2012-12-08 09:24 - 00000000 ____D C:\Users\ACER\AppData\Roaming\DMCache
2015-06-30 10:24 - 2013-10-01 17:22 - 00000000 ____D C:\ProgramData\Avira
2015-06-30 10:24 - 2013-10-01 17:22 - 00000000 ____D C:\Program Files\Avira
2015-06-30 10:15 - 2013-10-01 18:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-30 10:12 - 2015-03-06 13:10 - 00000000 ____D C:\Users\ACER\AppData\Roaming\SteelSeries
2015-06-30 10:12 - 2015-03-06 13:10 - 00000000 ____D C:\Users\ACER\AppData\Local\SteelSeries_ApS
2015-06-30 10:12 - 2015-03-06 13:09 - 00000000 ____D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2015-06-30 10:12 - 2015-03-06 13:09 - 00000000 ____D C:\ProgramData\SteelSeries
2015-06-30 10:12 - 2015-03-06 13:08 - 00000000 ____D C:\Program Files\SteelSeries
2015-06-30 10:10 - 2013-10-31 15:44 - 00000000 ____D C:\ProgramData\DatacardService
2015-06-26 22:38 - 2012-12-08 09:08 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-06-26 21:51 - 2014-05-19 16:50 - 00000000 ____D C:\ProgramData\ProductData
2015-06-25 04:31 - 2013-10-01 21:14 - 00000000 ____D C:\Windows\system32\directx
2015-06-25 04:20 - 2014-02-09 11:25 - 00000000 ____D C:\Users\ACER\Downloads\Compressed
2015-06-24 18:21 - 2013-10-26 15:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 18:21 - 2012-12-08 09:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-24 00:14 - 2009-07-14 11:34 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 00:14 - 2009-07-14 11:34 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 15:02 - 2014-01-01 21:01 - 00002079 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 15:02 - 2012-12-08 08:59 - 00783728 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 11:10 - 2014-01-06 02:31 - 00000000 ____D C:\Windows\Minidump
2015-06-21 16:54 - 2012-12-08 09:05 - 00000000 ____D C:\Program Files\WinRAR
2015-06-20 17:08 - 2015-04-15 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QEON Interactive
2015-06-20 16:55 - 2012-12-08 09:05 - 00000000 ____D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-20 16:55 - 2012-12-08 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-16 00:02 - 2014-01-19 13:25 - 09364480 ___SH C:\Users\ACER\Documents\Thumbs.db
2015-06-09 10:59 - 2012-12-08 09:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 09:54 - 2014-01-01 20:54 - 00000000 ____D C:\Program Files\Google
 
==================== Files in the root of some directories =======
 
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 1169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 1169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-29 19:07 - 2015-06-29 19:08 - 0000000 _____ () C:\Program Files\kprocesshacker.sys
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 1169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 1169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 1169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 1169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2015-03-06 14:00 - 2015-03-06 14:00 - 0000132 _____ () C:\Users\ACER\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-01-13 20:00 - 2015-03-21 11:56 - 0018432 _____ () C:\Users\ACER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-03 14:17 - 2014-01-03 14:18 - 1065984 _____ () C:\Users\ACER\AppData\Local\file__0.localstorage
2013-12-31 15:21 - 2013-12-31 15:21 - 0000003 _____ () C:\Users\ACER\AppData\Local\updater.log
2013-12-31 15:21 - 2013-12-31 15:21 - 0000439 _____ () C:\Users\ACER\AppData\Local\UserProducts.xml
2009-07-14 06:31 - 2009-07-14 08:14 - 94437376 ___SH () C:\ProgramData\msrkbj.exe
 
Files to move or delete:
====================
C:\ProgramData\msrkbj.exe
 
 
Some files in TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\ACER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5rmk_b.dll
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE
C:\Users\ACER\AppData\Local\Temp\ochelper.exe
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 01:24
 
==================== End of log ============================
 
 
 
 
 
 
 
 
 
--------------------Addition.txt----------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by ACER at 2015-06-30 11:49:47
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
ACER (S-1-5-21-137345057-628329502-1556354402-1000 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-137345057-628329502-1556354402-500 - Administrator - Disabled)
Guest (S-1-5-21-137345057-628329502-1556354402-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-137345057-628329502-1556354402-1010 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM\...\7-Zip) (Version:  - )
ACDSee 10 Photo Manager (HKLM\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
ACDSee 18 (HKLM\...\{6D0F6DF4-553E-43CD-AA95-69AB3644A8FF}) (Version: 18.0.0.225 - ACD Systems International Inc.)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ASUS Flash Tool (HKLM\...\ASUS Flash Tool) (Version: 1.0.0.7 - ASUS)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Ayat (HKLM\...\sa.edu.ksa.ayat) (Version: 1.3.1 - UNKNOWN)
Ayat (Version: 1.3.1 - UNKNOWN) Hidden
Bloody5 (HKLM\...\Bloody3) (Version: 15.03.0012 - Bloody)
BlueStacks Notification Center (HKLM\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Boot Animation Factory (HKLM\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon MP230 series On-screen Manual (HKLM\...\Canon MP230 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Dropbox (HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Garena - PointBlank ID (HKLM\...\PBID) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HexEdit (HKLM\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 3.1.1.86 - Intel Corporation)
Internet Download Manager (HKLM\...\{9E60329C-A602-4C4C-9D47-C80D5807DAAD}) (Version: 6.7.1.1 - Tonec Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
IsoTools (HKLM\...\{E53520BA-ECDA-42A6-8971-E96CBDD8523D}) (Version: 1.34.34.0 - 3K3Y Team)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Codec Pack 6.5.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Acer Inc.)
lightshot-4.4.2.10 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 4.4.2.10 - Skillbrains)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.0 (HKLM\...\{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1) (Version:  - MiniTool Solution Ltd.)
MKVToolNix 7.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
ModooMarble (Remove only) (HKLM\...\{7B2562F1-02DC-415F-8960-446E64BE9BBE}_is1) (Version: 1.0 - PT.CJ Internet Indonesia)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Rainmeter (HKLM\...\Rainmeter) (Version: 3.2 beta r2318 - )
Real Poker (HKLM\...\RealPoker_is1) (Version: 1.0 - Media Contact LLC)
SketchUp 2015 (HKLM\...\{D0A0BE3D-8D66-4BE9-87C4-D30CA5AA93A3}) (Version: 15.3.330 - Trimble Navigation Limited)
SPSS Statistics 17.0 (HKLM\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{140216F8-F102-4454-9895-55AC15B1109A}) (Version: 6.1.1.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vegas Pro 11.0 (HKLM\...\{B5B98340-0296-11E2-8B8E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Winamp (HKLM\...\Winamp) (Version: 5.5  - Nullsoft, Inc)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ACER\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACER\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137345057-628329502-1556354402-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\ACER\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-06-2015 13:56:30 Scheduled Checkpoint
17-06-2015 23:32:04 Scheduled Checkpoint
25-06-2015 05:26:07 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:04 - 2015-02-23 18:19 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00A2B098-B8BC-455A-A47B-F33283DB1884} - System32\Tasks\{F04F1A09-8426-441D-9D4D-2D1C1DB66E01} => D:\Fear 2\FEAR2.exe
Task: {055EF623-2FD7-4FD4-86B1-F881A10915D7} - System32\Tasks\{5733727A-9887-42AE-9C83-81B943D28961} => D:\Fear 2\FEAR2.exe
Task: {0A379F3F-8A68-4F35-ACCB-BCDFE2711918} - System32\Tasks\Uninstaller_SkipUac_ACER => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {1562B2AB-8E80-40CA-BDFF-42642264BA6D} - System32\Tasks\{93192681-8DC3-4527-A385-672F97806AA0} => D:\game\PS3\PSN.PKG.Decryptor.&.Extractor.v1.74a-LMAN\PSNPKGDecryptor&Extractor.exe
Task: {168295A1-82BF-4D95-9342-4B0FB8173AD9} - System32\Tasks\{CE9ACC3B-9794-4B9D-978A-823E10A84A4A} => D:\Fear 2\FEAR2.exe
Task: {1779B923-E1DE-4BCB-8372-F97DBA1B3D7B} - System32\Tasks\{ABA375E3-D0B1-48BB-9F17-6C8BAF135BC6} => D:\Fear 2\FEAR2.exe
Task: {1B6DAB07-4974-45A4-981F-71EE8EBD9563} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000UA => C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {1CA3EED6-7C0E-493C-96DF-411983F0EF13} - System32\Tasks\Alarm => C:\Users\ACER\Documents\Alarm.mp3 [2015-02-24] ()
Task: {20312749-BBC5-4674-83D1-0E79A106C445} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {34568747-0008-44C1-B8BB-E4AE66833547} - System32\Tasks\{F8FF04D3-1BCB-44DF-8FDC-3020D73147E7} => D:\Fear 2\FEAR2.exe
Task: {45E33CAC-4CB4-457F-8773-F2BBE4FBC8D9} - System32\Tasks\{689EE1B2-718F-4A81-B379-CB564EC8C8A1} => pcalua.exe -a "D:\Left4Theft_V31\Left 4 Theft Setup V31.exe" -d D:\Left4Theft_V31
Task: {4AA573B1-6E49-4E40-96B4-CF1B06E0F4A6} - System32\Tasks\{D84334BA-80F6-44D1-B2B2-CDA37DADAE0B} => D:\Fear 2\FEAR2.exe
Task: {4BE9AA24-1591-480E-A708-EFE17D9BE609} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {5105898C-CEA5-46CC-B8DA-1BDCB23943D1} - System32\Tasks\{E0AB7928-CEC2-48EA-A517-160A1AD45E33} => D:\Fear 2\FEAR2.exe
Task: {5C125294-7F7B-4EC2-A22B-C129C3837FCE} - System32\Tasks\{6D571D1E-CCB8-4E63-9FCC-168B47FBA2F5} => pcalua.exe -a "D:\Left4Theft_V31\Left4Theft_MP1\Left 4 Theft MP1.exe" -d D:\Left4Theft_V31\Left4Theft_MP1
Task: {5C2FE2B5-2482-4F32-94F6-7ED255D39E7D} - System32\Tasks\{BA271178-F14D-4235-9AD1-F399F619179B} => pcalua.exe -a "D:\Cross Fire Indonesia\Uninstal.exe" -d "D:\Cross Fire Indonesia"
Task: {6BBE2BD7-E61C-49F9-8CC3-97E8E30DB2F3} - System32\Tasks\update-S-1-5-21-137345057-628329502-1556354402-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {6C989741-E665-4C23-8262-C7DCE6D96CC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {6D886FB6-F91C-4A11-A2DE-F2039A7ED771} - System32\Tasks\{6B72AD08-C3C2-42AA-8B7D-B94C30B71A50} => D:\Fear 2\FEAR2.exe
Task: {89958C84-A438-47FA-8149-32B1CB4BE354} - System32\Tasks\TunnelBear => C:\Program Files\TunnelBear\TBear.Client.exe
Task: {9444026E-343A-4143-9C14-707A24F0D0A1} - System32\Tasks\gg_uac_daemon_ACER => D:\Garena Plus\ggdllhost.exe [2015-06-17] ()
Task: {9E4E07A8-90BB-422D-AF28-C634FF03F186} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {A689DAC5-1D60-4D1C-A0F1-20AF30C6B5D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {BC8A43D6-980B-4BE6-B125-764409E71474} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {D8A0C37E-FC27-45FD-B478-56D574DCF286} - System32\Tasks\{26B36F2E-35B4-47A2-A8A3-457AAB8418BB} => pcalua.exe -a "D:\Left4Theft_V31\Left4Theft_MP2\Left 4 Theft MP2.exe" -d D:\Left4Theft_V31\Left4Theft_MP2
Task: {E49AF894-9C35-4D55-9748-27058EF3F953} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000Core => C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000Core.job => C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137345057-628329502-1556354402-1000UA.job => C:\Users\ACER\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-137345057-628329502-1556354402-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-03 03:30 - 2015-03-03 03:30 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-05-11 00:50 - 2007-05-11 00:50 - 00017024 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
2014-05-12 16:49 - 2014-05-12 16:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2012-12-08 09:13 - 2005-08-08 12:54 - 00167936 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2015-06-17 21:19 - 2015-06-17 21:19 - 00056256 _____ () D:\Garena Plus\ggdllhost.exe
2015-06-17 21:20 - 2015-06-17 21:20 - 00865728 _____ () D:\Garena Plus\ggspawn.dll
2013-09-28 23:08 - 2013-09-28 23:07 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-09-20 02:51 - 2014-09-20 02:51 - 01964552 _____ () C:\Program Files\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
2015-06-17 21:18 - 2015-06-17 21:18 - 09981888 _____ () D:\Garena Plus\GarenaMessenger.exe
2015-06-17 21:19 - 2015-06-17 21:19 - 00111552 _____ () D:\Garena Plus\CommonLib.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00040384 _____ () D:\Garena Plus\DibModule.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00034752 _____ () D:\Garena Plus\VersionModule.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00058304 _____ () D:\Garena Plus\FileLoader.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00094144 _____ () D:\Garena Plus\PluginKernel.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00494016 _____ () D:\Garena Plus\CxImage.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00032192 _____ () D:\Garena Plus\PluginModule.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00177600 _____ () D:\Garena Plus\lib\fs\YYFileSystem.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00380864 _____ () D:\Garena Plus\lib\Http.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00191424 _____ () D:\Garena Plus\lib\MP3Module.dll
2012-02-22 15:52 - 2012-02-22 15:52 - 00162304 _____ () D:\Garena Plus\lame_enc.DLL
2015-06-17 21:20 - 2015-06-17 21:20 - 00226752 _____ () D:\Garena Plus\lib\TaskManagerLib.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00113088 _____ () D:\Garena Plus\lib\UILayout.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00965056 _____ () D:\Garena Plus\lib\XLL.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00061888 _____ () D:\Garena Plus\lib\XmlUIModule.dll
2012-02-22 15:52 - 2012-02-22 15:52 - 00573100 _____ () D:\Garena Plus\sqlite3.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00231360 _____ () D:\Garena Plus\Plugins\StatsPlugin.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 01250752 _____ () D:\Garena Plus\Plugins\ggplugin.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00199616 _____ () D:\Garena Plus\ImageModule.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00162240 _____ () D:\Garena Plus\libmpg123.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 02948032 _____ () D:\Garena Plus\ggdownloader.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00072640 _____ () D:\Garena Plus\lib\delay_load\AudioMixerLib.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00023488 _____ () D:\Garena Plus\lib\delay_load\ClientTcp.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 01552320 _____ () D:\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 12:42 - 2013-02-01 12:42 - 00153088 _____ () D:\Garena Plus\libzmq.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00963008 _____ () D:\Garena Plus\lib\delay_load\GaFileTransfer.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00251840 _____ () D:\Garena Plus\lib\delay_load\MediaEngine.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00033216 _____ () D:\Garena Plus\ServerMemAlloc.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00523712 _____ () D:\Garena Plus\lib\delay_load\RSALib.dll
2015-06-17 21:20 - 2015-06-17 21:20 - 00075200 _____ () D:\Garena Plus\lib\delay_load\UdtLib.dll
2014-09-10 04:27 - 2014-09-10 04:27 - 00036024 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-09-10 04:27 - 2014-09-10 04:27 - 00608440 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-09-10 04:25 - 2014-09-10 04:25 - 00046080 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2015-04-09 14:30 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-09 14:30 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-09 14:30 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-06-23 15:02 - 2015-06-20 12:46 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 15:02 - 2015-06-20 12:46 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-23 15:02 - 2015-06-20 12:46 - 15003976 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
2015-06-30 11:41 - 2015-06-30 11:41 - 00043008 _____ () c:\users\acer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5rmk_b.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00750080 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00047616 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00865280 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00200704 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00010240 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00726016 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-05 04:45 - 2015-03-19 14:15 - 00010240 _____ () C:\Users\ACER\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: ShowBatteryBar => "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4AD307B1-61DE-4C53-9B49-72E07661AB08}] => (Allow) C:\Program Files\SPSSInc\Statistics17\statistics.exe
FirewallRules: [{AB5A4400-BF9C-4657-AD2A-0F13AA0BD805}] => (Allow) C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe
FirewallRules: [{4C9ABF03-1A4D-404E-AAAE-1C6A3C6FCA7D}] => (Allow) C:\Program Files\SPSSInc\Statistics17\statistics.com
FirewallRules: [{4CE4D118-093F-49EA-B8EE-D9E1664DF7CB}] => (Allow) C:\Program Files\SPSSInc\Statistics17\statistics.exe
FirewallRules: [{2720B406-74D1-42AE-9365-9D4F487240B0}] => (Allow) C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe
FirewallRules: [{16CBADA1-52B7-465A-8A16-5D69D3DE8C24}] => (Allow) C:\Program Files\SPSSInc\Statistics17\statistics.com
FirewallRules: [{234DBB76-E91E-4F81-B794-DB036489D7F9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B555A46D-6BD3-4D7E-8888-43C5E22BC97E}] => (Allow) LPort=8370
FirewallRules: [{FF6B75ED-BE86-4300-885D-FE4518935F81}] => (Allow) LPort=8370
FirewallRules: [{1A9D9CBB-968E-4279-8B2D-A3BF8AF7D1A8}] => (Allow) LPort=6949
FirewallRules: [{6B86A66F-7EBA-4D50-9E35-1873019B74E6}] => (Allow) LPort=6949
FirewallRules: [{62207388-97ED-43C1-96B7-E287F4D6C1E7}] => (Allow) C:\Users\ACER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C20A8ED-8561-478B-9B89-8199E4ECF600}] => (Allow) C:\Users\ACER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0FAB1AEA-D685-42D1-AB97-87AB0F977058}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{C2905966-CA9F-47D3-8395-8A5C809A1DC5}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{A0979A2F-9D60-4287-BE60-98DAE7A12D3F}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [{8C702C9A-CC86-43B5-B785-4C42BA749E59}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [TCP Query User{CCF86A0A-32FE-462B-9517-5B5566CCADD2}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{56D844D6-6660-414B-979E-6EAB8F8A22EA}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [{3E104455-1BD1-440E-B322-4A00420C9A41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87970848-2F13-49EE-8C27-E8E65BC5D07D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{968DF5E8-C033-4A4F-9C4A-D54FFFCD9F90}D:\game\download\win32\32\paycoin.exe] => (Allow) D:\game\download\win32\32\paycoin.exe
FirewallRules: [UDP Query User{612C984C-38C8-4CA7-BF42-812484A51CF3}D:\game\download\win32\32\paycoin.exe] => (Allow) D:\game\download\win32\32\paycoin.exe
FirewallRules: [TCP Query User{4CE70DF1-365C-424E-B3D7-C007F404A0DC}D:\program files\paycoin\paycoin.exe] => (Allow) D:\program files\paycoin\paycoin.exe
FirewallRules: [UDP Query User{2595C488-0D5B-4717-9A92-44EDA9643AB1}D:\program files\paycoin\paycoin.exe] => (Allow) D:\program files\paycoin\paycoin.exe
FirewallRules: [{D487BE74-3CF7-43B9-9876-BA706E3E3849}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E08B1569-3265-4A41-A066-5E4B973818BA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{D72DD692-77AF-43CA-8B7C-72A78CD2BE52}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{9A8E43CA-F8E6-4826-9A3E-E507B5A97762}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{CC91525F-6E1F-4979-A468-FB6F2DEF86AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B274C377-D69A-4181-B919-B7A903E21788}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F70A66FC-9067-4FFD-8A47-FCF6EC9EDB90}C:\program files\nvidia corporation\grid workspace\grid workspace.exe] => (Allow) C:\program files\nvidia corporation\grid workspace\grid workspace.exe
FirewallRules: [UDP Query User{4646B18F-9F57-4FE4-AF3D-774C54B70F86}C:\program files\nvidia corporation\grid workspace\grid workspace.exe] => (Allow) C:\program files\nvidia corporation\grid workspace\grid workspace.exe
FirewallRules: [TCP Query User{DF9EA34B-044D-40B7-BD19-A4AA417B2D4F}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{652C831E-00F4-4B67-921B-3C3F2B72A122}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{59FD93F3-9389-44AA-9301-821C560AA094}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2E178709-0984-4F55-A44B-5E8B0417CD56}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8E84E3CA-CEDA-4026-B0AF-F42545980E53}] => (Allow) D:\Program Files\QEON Play Launcher\QPlay.exe
FirewallRules: [{E5621807-E9A1-4F8F-9F90-874A679830E0}] => (Allow) D:\Program Files\QEON Play Launcher\QPlay.exe
FirewallRules: [{6BD0E145-C504-4747-B5CC-5D84080606C5}] => (Allow) D:\Program Files\QEON Play Launcher\QPlay.exe
FirewallRules: [{1206332F-1778-4D74-A5D5-CFA67D6111D2}] => (Allow) D:\Program Files\QEON Play Launcher\QPlay.exe
FirewallRules: [{FB4AD8B0-4B01-4681-B166-7FC5572F2C20}] => (Allow) C:\Program Files\ASUS\PC Link\pclinkservice.exe
FirewallRules: [{DE3F446A-13BE-481A-B9E8-233264DBBF6E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0E00FA52-9594-4C15-8682-487CABF3AE89}] => (Allow) D:\Gemscool\blacksquad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{E51188C4-4909-4C47-8E4D-9CA70DF789F9}] => (Allow) D:\Gemscool\blacksquad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{80FF4E5A-BD3D-47A7-9A21-C32B3358FB35}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{DC833659-FA3A-4601-ACCD-8269CF55CEA4}] => (Allow) D:\pbidInstaller.exe
FirewallRules: [{3FAFB311-F009-4A42-9457-5DD28F4D0EFC}] => (Allow) D:\pbidInstaller.exe
FirewallRules: [{44C57E81-9310-4479-9445-39CADB7740B7}] => (Allow) D:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{568066A1-371B-4821-A07B-31C57A7E4A5F}] => (Allow) D:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{C06F5B60-8D48-43C9-8A48-DA615F387FF8}] => (Allow) D:\Garena Plus\ggdllhost.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/30/2015 11:29:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (06/30/2015 10:24:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (06/29/2015 07:06:22 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (06/29/2015 01:14:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15787
 
Error: (06/29/2015 01:14:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15787
 
Error: (06/29/2015 01:14:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/28/2015 03:29:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (06/28/2015 03:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aeba271
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x6d0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (06/28/2015 03:15:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (06/27/2015 00:52:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
 
System errors:
=============
Error: (06/30/2015 11:29:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error: 
%%2
 
Error: (06/30/2015 11:29:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%2
 
Error: (06/30/2015 11:29:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Real-Time Protection service failed to start due to the following error: 
%%2
 
Error: (06/30/2015 11:29:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:04 AM on ‎6/‎30/‎2015 was unexpected.
 
Error: (06/30/2015 11:22:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Innosvcd service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/30/2015 11:22:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/30/2015 11:14:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/30/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (06/30/2015 10:52:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/30/2015 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-22 20:03:05.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:58:20.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:52:59.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:34:39.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:03:30.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 85%
Total physical RAM: 1976.93 MB
Available physical RAM: 290.58 MB
Total Pagefile: 7708.75 MB
Available Pagefile: 5482.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:50.78 GB) (Free:2.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:247.3 GB) (Free:96.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: F6C7F6C7)
Partition 1: (Active) - (Size=50.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.3 GB) - (Type=OF Extended)
 
==================== End of log ============================
 
 
Thank you so much !

Edited by lonelygrimm, 29 June 2015 - 11:08 PM.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

First >>>>
 
Please make sure that you select to Follow This Topic so you won't miss any reply here.  You can select this on the upper right hand corner of the topic thread or by selecting the option in Post Options when replying.
 
 
Second >>>>
 

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [99016089] => C:\ProgramData\msrkbj.exe [94437376 2009-07-14] ()
C:\ProgramData\msrkbj.exe
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {1a77d288-df2d-11e4-a9b4-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b62066b-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b6206cf-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec8e-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec9f-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ecaa-cdd8-11e4-909d-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1ec-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1fb-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea21d-4204-11e3-8b14-00262d81a167} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a61-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a65-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a79-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {912977b9-452f-11e3-a794-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ProxyServer: [S-1-5-21-137345057-628329502-1556354402-1000] => http=127.0.0.1:8888
Hosts:
CHR Extension: (Hola Better Internet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-20]
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
R3 VSSS; C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101905984 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
S3 KProcessHacker2; C:\Program Files\kprocesshacker.sys [0 2015-06-29] () <==== ATTENTION (zero byte File/Folder)
C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:08 - 00000000 _____ C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 01169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 01169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 01169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 01169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 01169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 01169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 1169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 1169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-29 19:07 - 2015-06-29 19:08 - 0000000 _____ () C:\Program Files\kprocesshacker.sys
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 1169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 1169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 1169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 1169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2009-07-14 06:31 - 2009-07-14 08:14 - 94437376 ___SH () C:\ProgramData\msrkbj.exe
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE
C:\Users\ACER\AppData\Local\Temp\ochelper.exe
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#3
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here's the fixlog.txt :

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by ACER at 2015-07-01 02:48:00 Run:1
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available Profiles: ACER)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [99016089] => C:\ProgramData\msrkbj.exe [94437376 2009-07-14] ()
C:\ProgramData\msrkbj.exe
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {1a77d288-df2d-11e4-a9b4-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b62066b-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b6206cf-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec8e-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec9f-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ecaa-cdd8-11e4-909d-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1ec-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1fb-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea21d-4204-11e3-8b14-00262d81a167} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a61-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a65-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a79-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {912977b9-452f-11e3-a794-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ProxyServer: [S-1-5-21-137345057-628329502-1556354402-1000] => http=127.0.0.1:8888
Hosts:
CHR Extension: (Hola Better Internet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-20]
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
R3 VSSS; C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101905984 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
S3 KProcessHacker2; C:\Program Files\kprocesshacker.sys [0 2015-06-29] () <==== ATTENTION (zero byte File/Folder)
C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:08 - 00000000 _____ C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 01169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 01169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 01169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 01169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 01169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 01169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 1169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 1169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-29 19:07 - 2015-06-29 19:08 - 0000000 _____ () C:\Program Files\kprocesshacker.sys
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 1169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 1169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 1169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 1169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2009-07-14 06:31 - 2009-07-14 08:14 - 94437376 ___SH () C:\ProgramData\msrkbj.exe
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE
C:\Users\ACER\AppData\Local\Temp\ochelper.exe
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\99016089 => value not found.
Could not move "C:\ProgramData\msrkbj.exe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully.
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully.
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a77d288-df2d-11e4-a9b4-00262d81a167}" => key removed successfully.
HKCR\CLSID\{1a77d288-df2d-11e4-a9b4-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b62066b-29da-11e3-8a8f-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b62066b-29da-11e3-8a8f-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b6206cf-29da-11e3-8a8f-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b6206cf-29da-11e3-8a8f-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ec8e-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ec8e-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ec9f-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ec9f-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ecaa-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ecaa-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea1ec-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea1ec-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea1fb-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea1fb-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea21d-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea21d-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a61-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a61-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a65-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a65-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a79-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a79-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{912977b9-452f-11e3-a794-00262d81a167}" => key removed successfully.
HKCR\CLSID\{912977b9-452f-11e3-a794-00262d81a167} => key not found. 
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully.
"C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => File/Folder not found.
VSSS => Service removed successfully.
C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
KProcessHacker2 => Service removed successfully.
C:\Program Files\kprocesshacker.sys => moved successfully.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
C:\Program Files\209IRPYO.exe => moved successfully.
C:\Program Files\0Y7GPNWM.exe => moved successfully.
C:\Program Files\X64DMVTU.exe => moved successfully.
C:\Program Files\W5ENLU37.exe => moved successfully.
C:\Program Files\NW5ECLUY.exe => moved successfully.
C:\Program Files\Y7GPNW59.exe => moved successfully.
C:\Program Files\IR097GPT.exe => moved successfully.
C:\Program Files\KZ8HFOX1.exe => moved successfully.
C:\Program Files\9IR0Y7X1.exe => moved successfully.
C:\Program Files\4DMVT2BF.exe => moved successfully.
C:\Program Files\LUS1A8HA.exe => moved successfully.
C:\Program Files\CLU31AJN.exe => moved successfully.
C:\Program Files\TMF81U71.exe => moved successfully.
C:\Program Files\VWX9ABCJ.exe => moved successfully.
"C:\Program Files\0Y7GPNWM.exe" => File/Folder not found.
"C:\Program Files\209IRPYO.exe" => File/Folder not found.
"C:\Program Files\4DMVT2BF.exe" => File/Folder not found.
"C:\Program Files\9IR0Y7X1.exe" => File/Folder not found.
"C:\Program Files\CLU31AJN.exe" => File/Folder not found.
"C:\Program Files\IR097GPT.exe" => File/Folder not found.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
"C:\Program Files\KZ8HFOX1.exe" => File/Folder not found.
"C:\Program Files\LUS1A8HA.exe" => File/Folder not found.
"C:\Program Files\NW5ECLUY.exe" => File/Folder not found.
"C:\Program Files\TMF81U71.exe" => File/Folder not found.
"C:\Program Files\VWX9ABCJ.exe" => File/Folder not found.
"C:\Program Files\W5ENLU37.exe" => File/Folder not found.
"C:\Program Files\X64DMVTU.exe" => File/Folder not found.
"C:\Program Files\Y7GPNW59.exe" => File/Folder not found.
Could not move "C:\ProgramData\msrkbj.exe" => Scheduled to move on reboot.
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\avgnt.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE => moved successfully.
C:\Users\ACER\AppData\Local\Temp\ochelper.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe => moved successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully..
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully..
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 4 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-01 02:56:28)<=
 
C:\ProgramData\msrkbj.exe => is moved successfully
C:\ProgramData\msrkbj.exe => is moved successfully
 
==== End of Fixlog 02:56:28 ====Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by ACER at 2015-07-01 02:48:00 Run:1
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available Profiles: ACER)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [99016089] => C:\ProgramData\msrkbj.exe [94437376 2009-07-14] ()
C:\ProgramData\msrkbj.exe
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {1a77d288-df2d-11e4-a9b4-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b62066b-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b6206cf-29da-11e3-8a8f-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec8e-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ec9f-cdd8-11e4-909d-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {3b85ecaa-cdd8-11e4-909d-00262d81a167} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1ec-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea1fb-4204-11e3-8b14-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {450ea21d-4204-11e3-8b14-00262d81a167} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a61-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a65-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {69078a79-e61c-11e4-8010-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\...\MountPoints2: {912977b9-452f-11e3-a794-00262d81a167} - F:\AutoRun.exe
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ProxyServer: [S-1-5-21-137345057-628329502-1556354402-1000] => http=127.0.0.1:8888
Hosts:
CHR Extension: (Hola Better Internet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-20]
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
R3 VSSS; C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101905984 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
S3 KProcessHacker2; C:\Program Files\kprocesshacker.sys [0 2015-06-29] () <==== ATTENTION (zero byte File/Folder)
C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:08 - 00000000 _____ C:\Program Files\kprocesshacker.sys
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 01169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 01169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 01169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 01169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 01169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 01169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 01169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 01169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 01169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\0Y7GPNWM.exe
2015-06-29 19:07 - 2015-06-29 19:07 - 1169408 _____ (wj32) C:\Program Files\209IRPYO.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\4DMVT2BF.exe
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-06-26 21:48 - 2015-06-26 21:48 - 1169408 _____ (wj32) C:\Program Files\CLU31AJN.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 1169408 _____ (wj32) C:\Program Files\IR097GPT.exe
2015-06-29 19:07 - 2015-06-29 19:08 - 0000000 _____ () C:\Program Files\kprocesshacker.sys
2015-06-26 21:50 - 2015-06-26 21:50 - 1169408 _____ (wj32) C:\Program Files\KZ8HFOX1.exe
2015-06-26 21:49 - 2015-06-26 21:49 - 1169408 _____ (wj32) C:\Program Files\LUS1A8HA.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\NW5ECLUY.exe
2015-06-23 14:47 - 2015-06-23 14:47 - 1169408 _____ (wj32) C:\Program Files\TMF81U71.exe
2015-06-23 14:46 - 2015-06-23 14:46 - 1169408 _____ (wj32) C:\Program Files\VWX9ABCJ.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\W5ENLU37.exe
2015-06-28 15:30 - 2015-06-28 15:30 - 1169408 _____ (wj32) C:\Program Files\X64DMVTU.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 1169408 _____ (wj32) C:\Program Files\Y7GPNW59.exe
2009-07-14 06:31 - 2009-07-14 08:14 - 94437376 ___SH () C:\ProgramData\msrkbj.exe
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE
C:\Users\ACER\AppData\Local\Temp\ochelper.exe
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\99016089 => value not found.
Could not move "C:\ProgramData\msrkbj.exe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully.
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully.
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a77d288-df2d-11e4-a9b4-00262d81a167}" => key removed successfully.
HKCR\CLSID\{1a77d288-df2d-11e4-a9b4-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b62066b-29da-11e3-8a8f-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b62066b-29da-11e3-8a8f-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b6206cf-29da-11e3-8a8f-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b6206cf-29da-11e3-8a8f-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ec8e-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ec8e-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ec9f-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ec9f-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b85ecaa-cdd8-11e4-909d-00262d81a167}" => key removed successfully.
HKCR\CLSID\{3b85ecaa-cdd8-11e4-909d-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea1ec-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea1ec-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea1fb-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea1fb-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{450ea21d-4204-11e3-8b14-00262d81a167}" => key removed successfully.
HKCR\CLSID\{450ea21d-4204-11e3-8b14-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a61-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a61-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a65-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a65-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69078a79-e61c-11e4-8010-00262d81a167}" => key removed successfully.
HKCR\CLSID\{69078a79-e61c-11e4-8010-00262d81a167} => key not found. 
"HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{912977b9-452f-11e3-a794-00262d81a167}" => key removed successfully.
HKCR\CLSID\{912977b9-452f-11e3-a794-00262d81a167} => key not found. 
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully.
"C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => File/Folder not found.
VSSS => Service removed successfully.
C:\Users\ACER\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
KProcessHacker2 => Service removed successfully.
C:\Program Files\kprocesshacker.sys => moved successfully.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
C:\Program Files\209IRPYO.exe => moved successfully.
C:\Program Files\0Y7GPNWM.exe => moved successfully.
C:\Program Files\X64DMVTU.exe => moved successfully.
C:\Program Files\W5ENLU37.exe => moved successfully.
C:\Program Files\NW5ECLUY.exe => moved successfully.
C:\Program Files\Y7GPNW59.exe => moved successfully.
C:\Program Files\IR097GPT.exe => moved successfully.
C:\Program Files\KZ8HFOX1.exe => moved successfully.
C:\Program Files\9IR0Y7X1.exe => moved successfully.
C:\Program Files\4DMVT2BF.exe => moved successfully.
C:\Program Files\LUS1A8HA.exe => moved successfully.
C:\Program Files\CLU31AJN.exe => moved successfully.
C:\Program Files\TMF81U71.exe => moved successfully.
C:\Program Files\VWX9ABCJ.exe => moved successfully.
"C:\Program Files\0Y7GPNWM.exe" => File/Folder not found.
"C:\Program Files\209IRPYO.exe" => File/Folder not found.
"C:\Program Files\4DMVT2BF.exe" => File/Folder not found.
"C:\Program Files\9IR0Y7X1.exe" => File/Folder not found.
"C:\Program Files\CLU31AJN.exe" => File/Folder not found.
"C:\Program Files\IR097GPT.exe" => File/Folder not found.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
"C:\Program Files\KZ8HFOX1.exe" => File/Folder not found.
"C:\Program Files\LUS1A8HA.exe" => File/Folder not found.
"C:\Program Files\NW5ECLUY.exe" => File/Folder not found.
"C:\Program Files\TMF81U71.exe" => File/Folder not found.
"C:\Program Files\VWX9ABCJ.exe" => File/Folder not found.
"C:\Program Files\W5ENLU37.exe" => File/Folder not found.
"C:\Program Files\X64DMVTU.exe" => File/Folder not found.
"C:\Program Files\Y7GPNW59.exe" => File/Folder not found.
Could not move "C:\ProgramData\msrkbj.exe" => Scheduled to move on reboot.
C:\Users\ACER\AppData\Local\Temp\82b08d187185e515ee0c604d58974f4f.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\avgnt.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\AviraSetup1038202.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\AviraSetup1217416.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo1712827442.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo199742513.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo2646658657.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo3397087437.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo3442417807.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo397786333.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cdo4036022095.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\cihYClUrnxVroERadnRE.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\DataCard_Setup.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer32.2.7.1.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\JExplorer64.2.7.1.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\lcHKlajrqLqBqGpWAVdW.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\MSETUP4.EXE => moved successfully.
C:\Users\ACER\AppData\Local\Temp\ochelper.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\ResetDevice.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8251649217104690228.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\SRLDetectionLibrary8908630880232439233.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\suYlugyAfLtOcWlzulvi.DLL => moved successfully.
C:\Users\ACER\AppData\Local\Temp\Uninstall.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\x2blapi.dll => moved successfully.
C:\Users\ACER\AppData\Local\Temp\xdelta3-3.0.8.x86-32.exe => moved successfully.
C:\Users\ACER\AppData\Local\Temp\xmlUpdater.exe => moved successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully..
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully..
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-137345057-628329502-1556354402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 4 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-01 02:56:28)<=
 
C:\ProgramData\msrkbj.exe => is moved successfully
C:\ProgramData\msrkbj.exe => is moved successfully
 
==== End of Fixlog 02:56:28 ====

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

How is your system now?
 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#5
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

still same like before, i installed avira and then try to turn on real time protection but it won't run35k7oux.png


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

Along with the AdwCleaner log, can you please scan and post the log from the service scanner?
 

Please download Farbar Service Scanner to your desktop and double click on the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#7
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

ADWCleaner LOG

# AdwCleaner v4.207 - Logfile created 02/07/2015 at 06:06:18

# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Ultimate  (x86)
# Username : ACER - ACER-PC
# Running from : C:\Users\ACER\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk
 
***** [ Scheduled tasks ] *****
 
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-137345057-628329502-1556354402-1000
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
[zbmnob2u.default\prefs.js] - Line Deleted : user_pref("extensions.defaulttab.installdate", 1383627927);
[zbmnob2u.default\prefs.js] - Line Deleted : user_pref("extensions.defaulttab.useNewTabWhiteList", false);
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3479 bytes] - [02/07/2015 06:03:59]
AdwCleaner[S0].txt - [3364 bytes] - [02/07/2015 06:06:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3423  bytes] ##########
 
 
 
 
 
 
FSS.txt
Farbar Service Scanner Version: 17-01-2015
Ran by ACER (administrator) on 02-07-2015 at 06:21:31
Running from "C:\Users\ACER\Desktop"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Devices [ Only Problems ]
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


  • 0

#9
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MiniToolBox by Farbar  Version: 01-07-2015
Ran by ACER (administrator) on 02-07-2015 at 11:04:04
Running from "C:\Users\ACER\Desktop"
Microsoft Windows 7 Ultimate   (X86)
Model: Aspire 4732Z Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.backup.ftp", "66.35.68.146"
"network.proxy.backup.ftp_port", 3127
"network.proxy.backup.socks", "66.35.68.146"
"network.proxy.backup.socks_port", 3127
"network.proxy.backup.ssl", "66.35.68.146"
"network.proxy.backup.ssl_port", 3127
"network.proxy.ftp", "118.233.139.108"
"network.proxy.ftp_port", 8088
"network.proxy.gopher", "118.233.139.108"
"network.proxy.gopher_port", 8088
"network.proxy.http", "118.233.139.108"
"network.proxy.http_port", 8088
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "118.233.139.108"
"network.proxy.socks_port", 8088
"network.proxy.ssl", "118.233.139.108"
"network.proxy.ssl_port", 8088
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= IP Configuration: ================================
 
Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ACER-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-2D-81-A1-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
   Physical Address. . . . . . . . . : C4-17-FE-5E-80-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fd23:acaf:70f1:ebc8%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 02, 2015 6:08:29 AM
   Lease Expires . . . . . . . . . . : Sunday, July 05, 2015 11:00:51 AM
   Default Gateway . . . . . . . . . : fe80::da74:95ff:fef7:726c%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 331618302
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-55-24-AD-00-1D-92-DE-53-2B
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Reusable Microsoft 6To4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9F551EE0-19FF-4EAB-A839-F04500679B43}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 15:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 16:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Reusable ISATAP Interface {020987A4-486E-485E-B674-A5AA71B25668}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 22:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:7662:6097:1cbb:2304:3f57:fefc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cbb:2304:3f57:fefc%33(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  254.1.168.192.in-addr.arpa
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2404:6800:4003:804::200e
 74.125.28.113
 74.125.28.102
 74.125.28.100
 74.125.28.139
 74.125.28.138
 74.125.28.101
 
 
Pinging google.com [74.125.28.113] with 32 bytes of data:
Reply from 74.125.28.113: bytes=32 time=213ms TTL=41
Reply from 74.125.28.113: bytes=32 time=216ms TTL=41
 
Ping statistics for 74.125.28.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 213ms, Maximum = 216ms, Average = 214ms
Server:  254.1.168.192.in-addr.arpa
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=301ms TTL=50
Reply from 98.138.253.109: bytes=32 time=304ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 301ms, Maximum = 304ms, Average = 302ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...00 26 2d 81 a1 67 ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
 13...c4 17 fe 5e 80 b8 ......Atheros AR5B93 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
 17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
 23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
 34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 33...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 33     58 ::/0                     On-link
 13    276 ::/0                     fe80::da74:95ff:fef7:726c
  1    306 ::1/128                  On-link
 33     58 2001::/32                On-link
 33    306 2001:0:7662:6097:1cbb:2304:3f57:fefc/128
                                    On-link
 13    276 fe80::/64                On-link
 33    306 fe80::/64                On-link
 33    306 fe80::1cbb:2304:3f57:fefc/128
                                    On-link
 13    276 fe80::fd23:acaf:70f1:ebc8/128
                                    On-link
  1    306 ff00::/8                 On-link
 33    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/02/2015 11:00:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15977701
 
Error: (07/02/2015 11:00:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15977701
 
Error: (07/02/2015 11:00:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/02/2015 06:34:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11529
 
Error: (07/02/2015 06:34:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11529
 
Error: (07/02/2015 06:34:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/02/2015 06:34:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10530
 
Error: (07/02/2015 06:34:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10530
 
Error: (07/02/2015 06:34:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/02/2015 06:34:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9532
 
 
System errors:
=============
Error: (07/02/2015 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%2
 
Error: (07/02/2015 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: The Mobizen plugin service failed to start due to the following error: 
%%2
 
Error: (07/02/2015 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%2
 
Error: (07/02/2015 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service failed to start due to the following error: 
%%2
 
Error: (07/02/2015 06:07:20 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error: 
%%1069
 
Error: (07/02/2015 06:07:20 AM) (Source: Service Control Manager) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (07/02/2015 06:07:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (07/02/2015 06:06:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/02/2015 06:06:20 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/02/2015 06:06:20 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-22 20:03:05.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:58:20.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:52:59.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:34:39.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-22 19:03:30.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.
 
 
========================= Devices: ================================
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B3ED96A&0&01
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 46%
Total physical RAM: 1976.93 MB
Available physical RAM: 1059.89 MB
Total Virtual: 7953.86 MB
Available Virtual: 6469.96 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:50.78 GB) (Free:8.01 GB) NTFS
2 Drive d: () (Fixed) (Total:247.3 GB) (Free:95.21 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ACER-PC
 
ACER                     Administrator            Guest                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\020615-25521-01.dmp
C:\Windows\Minidump\032015-22947-01.dmp
C:\Windows\Minidump\051114-24726-01.dmp
C:\Windows\Minidump\062215-24070-01.dmp
C:\Windows\Minidump\062514-21590-01.dmp
C:\Windows\Minidump\062914-25147-01.dmp
C:\Windows\Minidump\091114-25272-01.dmp
========================= Restore Points ==================================
 
24-06-2015 22:26:07 Scheduled Checkpoint
30-06-2015 19:48:10 Restore Point Created by FRST
 
**** End of log ****
 

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

Before we tackle the services / Avira issue, I would like to see if Malwarebytes' Antimalware finds / removes anything else.  Also, is the Date and Time on your system correct?
 

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here . The version you have is outdated and this will update it.

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


  • 0

Advertisements


#11
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Okay i will try it, my date and time is correct because my time zone utc+07:00


  • 0

#12
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/2/2015
Scan Time: 3:12 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.02.01
Rootkit Database: v2015.07.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: ACER
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331918
Time Elapsed: 27 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

Good.  Thanks for the time zone information; I just thought that some of the scanner update times and log run times didn't quite jive.
 
Movin on ....  The Malwarebytes' Antimalware scan shows that AV/AM scanners are not blocked so let's see if a clean reset and install of Avira works.
 

 
(Note: You may want to download the Clean Up Tool and Install files first before starting the proceedure.)

Notice that these are for English (US/Canada) versions.  You may have to get others for your location / language.


  • 0

#14
lonelygrimm

lonelygrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank you so much, now my avira working like it was, i'm so appreciate your help  :spoton:

21bjfok.png


  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,215 posts

If your system is running fine and there are no more problems, then we need to clean off our tools and get you on your way.
 

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time.  You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor  -  installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP