Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan :[


  • This topic is locked This topic is locked

#1
Abdul Hanan

Abdul Hanan

    New Member

  • Member
  • Pip
  • 4 posts

ESET Smart Security 9 detects a trojan in memory after every 15-20mins.. 

I scanned the whole disk 3 to 4 times with ESET as well as Malware bytes.. but didnt find it. Please help.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Does ESET tell you the specific threat detected and it's file path and location



Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Abdul Hanan

Abdul Hanan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Sorry can't send you proper screen shot of ESET popup.. i waited last 20 25mins [not ingame] but didnt get it.

But I remember the name i.e KJIT.EXE

 

Here are the Scan results :- 

 

FRST :-

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016

Ran by Azure (administrator) on AZURE (01-10-2016 16:29:47)
Running from C:\Users\Azure\Desktop
Loaded Profiles: Azure & UpdatusUser (Available Profiles: Azure & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Logitech Inc.) C:\Program Files\Logicool Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16286840 2016-08-30] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-27] (Piriform Ltd)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameMinimizer.lnk [2016-09-24]
ShortcutTarget: GameMinimizer.lnk -> C:\Program Files (x86)\GameMinimizer\GameMinimizer.exe (Dead'Soul)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{13762083-9361-4420-A759-57F5640DA379}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1997B64E-F970-40E2-B4CB-E21058758D07}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1997B64E-F970-40E2-B4CB-E21058758D07}: [DhcpNameServer] 192.168.10.1
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3207581629-4176398510-663476205-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\New folder\bin\ssv.dll [2016-09-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\New folder\bin\jp2ssv.dll [2016-09-15] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\New folder\bin\dtplugin\npDeployJava1.dll [2016-09-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\New folder\bin\plugin2\npjp2.dll [2016-09-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Azure\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Azure\AppData\Roaming\IDM\idmmzcc5 [2016-10-01] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Profile 5 -> "hxxps://www.google.com.pk/"
CHR Profile: C:\Users\Azure\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-23] <==== ATTENTION
CHR Profile: C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-23]
CHR Profile: C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-09-23]
CHR Profile: C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-09-23]
CHR Profile: C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-10-01]
CHR Extension: (Google Docs) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-23]
CHR Extension: (Google Drive) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-23]
CHR Extension: (YouTube) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-23]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\libedajeiljdoodmokbppgapcfbignci [2016-09-23]
CHR Extension: (IDM Integration Module) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-23]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-23]
CHR Extension: (Gmail) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\Azure\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [nlbejmccbhkncgokjcmghpfloaajcffj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-14] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-07-14] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-07-14] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2710648 2016-08-24] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-08-24] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logicool Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-30] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-22] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-09-15] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-08-28] ()
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-12] (Microsoft Corporation)
S2 Arohary; C:\Program Files (x86)\Anagosh\PhuwleRpr.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-23] (AnchorFree Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-14] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-14] (Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-05-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-05-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-05-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-05-12] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2016-10-01] (ESET)
R2 LGCoreTemp; C:\Program Files\Logicool Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2016-08-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel Corporation)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-13] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-13] (Nuvoton Technology Corp.)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-06-15] (SteelSeries ApS)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-03-02] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2016-06-12] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-01 16:29 - 2016-10-01 16:30 - 00014913 _____ C:\Users\Azure\Desktop\FRST.txt
2016-10-01 16:29 - 2016-10-01 16:29 - 00000000 ____D C:\FRST
2016-10-01 16:28 - 2016-10-01 16:28 - 02404352 _____ (Farbar) C:\Users\Azure\Desktop\FRST64.exe
2016-10-01 02:46 - 2016-10-01 02:46 - 00069684 _____ C:\Users\Azure\Documents\cc_20161001_024643.reg
2016-10-01 02:46 - 2016-10-01 02:46 - 00000000 ____D C:\Users\Azure\AppData\Local\Lenovo
2016-10-01 02:46 - 2016-10-01 02:46 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-01 02:45 - 2016-10-01 02:45 - 00000597 _____ C:\Users\Azure\Desktop\New Text Document (2).txt
2016-10-01 02:45 - 2016-10-01 02:45 - 00000000 ____D C:\Users\Azure\Downloads\SHAREit
2016-10-01 02:45 - 2016-10-01 02:45 - 00000000 ____D C:\Users\Azure\AppData\Local\SHAREit
2016-10-01 02:44 - 2016-10-01 02:44 - 00001120 _____ C:\Users\Public\Desktop\SHAREit.lnk
2016-10-01 02:44 - 2016-10-01 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2016-10-01 02:44 - 2016-10-01 02:44 - 00000000 ____D C:\Program Files (x86)\SHAREit
2016-10-01 02:18 - 2016-10-01 02:18 - 00181160 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2016-09-29 17:13 - 2016-09-29 17:13 - 00002093 _____ C:\Users\Azure\Desktop\Minecraft.lnk
2016-09-29 17:13 - 2016-09-29 17:13 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-09-29 16:22 - 2016-09-29 16:25 - 00005120 _____ C:\Users\Azure\AppData\Local\file__0.localstorage
2016-09-29 16:22 - 2016-09-29 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel Extreme Trucker 2
2016-09-29 16:22 - 2016-09-29 16:22 - 00000000 ____D C:\Program Files (x86)\18 Wheels of Steel Extreme Trucker 2
2016-09-29 13:44 - 2016-09-29 15:21 - 00000000 ____D C:\Users\Azure\AppData\LocalLow\BitTorrent
2016-09-29 13:44 - 2016-09-29 13:44 - 00030017 _____ C:\Users\Azure\Downloads\18.Wheels.of.Steel.Extreme.Trucker.2.MULTi8-PROPHET.torrent
2016-09-29 13:44 - 2016-09-29 13:44 - 00015821 _____ C:\Users\Azure\Downloads\18.Wheels.of.Steel.Extreme.Trucker - RELOADED.torrent
2016-09-29 11:05 - 2016-09-29 16:25 - 00000000 ____D C:\Users\Azure\Documents\18 WoS Extreme Trucker 2
2016-09-29 11:05 - 2016-09-29 11:05 - 00000000 ____D C:\ProgramData\Trymedia
2016-09-29 11:02 - 2016-09-29 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker 2
2016-09-28 16:36 - 2016-09-29 10:21 - 00000000 ____D C:\Users\Azure\Documents\Bus Driver
2016-09-28 16:36 - 2016-09-28 16:36 - 00000618 _____ C:\Users\UpdatusUser\Desktop\Bus Driver.lnk
2016-09-28 16:36 - 2016-09-28 16:36 - 00000618 _____ C:\Users\Azure\Desktop\Bus Driver.lnk
2016-09-28 16:36 - 2016-09-28 16:36 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bus Driver
2016-09-28 16:36 - 2016-09-28 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Driver
2016-09-28 16:35 - 2016-09-28 16:35 - 00000000 ____D C:\Windows\Bus Driver
2016-09-28 16:00 - 2016-09-28 16:00 - 00000000 ____D C:\Users\Azure\Documents\European Bus Simulator 2012 Demo
2016-09-28 16:00 - 2016-09-28 16:00 - 00000000 ____D C:\Users\Azure\AppData\Local\European Bus Simulator 2012 Demo
2016-09-26 14:15 - 2016-09-26 14:15 - 00000000 ____D C:\ProgramData\LogiShrd
2016-09-26 14:12 - 2016-09-26 14:12 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-09-25 13:47 - 2005-06-07 19:59 - 14383616 _____ C:\Users\Azure\Desktop\gta_sa.exe
2016-09-24 15:56 - 2016-10-01 02:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-24 15:56 - 2016-09-24 16:13 - 00001103 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-24 15:56 - 2016-09-24 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-24 15:56 - 2016-09-24 15:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-24 15:56 - 2016-09-24 15:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-24 15:56 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-24 15:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-24 15:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-24 15:52 - 2016-09-24 15:53 - 22851472 _____ (Malwarebytes ) C:\Users\Azure\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-24 00:57 - 2016-09-24 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
2016-09-24 00:56 - 2016-09-24 00:56 - 00000524 _____ C:\Windows\QIII.INI
2016-09-24 00:56 - 2016-09-24 00:56 - 00000000 ____D C:\Program Files (x86)\Mplayer
2016-09-24 00:56 - 1999-10-09 17:30 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-09-23 20:20 - 2016-09-23 20:20 - 00008852 _____ C:\Windows\System32\Tasks\Ladacultferdoch Reports
2016-09-23 20:20 - 2016-09-23 20:20 - 00003422 _____ C:\Windows\System32\Tasks\e62dc6c6547f46bda862da2d05af6862
2016-09-23 20:20 - 2016-09-23 20:20 - 00000000 ____D C:\ProgramData\Avira
2016-09-23 20:20 - 2016-09-23 20:20 - 00000000 ____D C:\ProgramData\Avg
2016-09-23 20:20 - 2016-09-23 20:20 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-23 20:19 - 2016-10-01 16:16 - 00000000 ____D C:\Program Files (x86)\Anagosh
2016-09-23 20:19 - 2016-09-23 20:19 - 00000000 ____D C:\Users\Azure\AppData\Local\Pluqery
2016-09-23 20:11 - 2016-09-24 16:13 - 00002262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-23 20:11 - 2016-09-24 16:13 - 00002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-23 20:08 - 2016-10-01 16:17 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 20:08 - 2016-10-01 02:13 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-23 20:08 - 2016-09-23 20:08 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-23 20:08 - 2016-09-23 20:08 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-23 20:08 - 2016-09-23 20:08 - 00000000 ____D C:\Users\Azure\AppData\Local\Deployment
2016-09-23 20:08 - 2016-09-23 20:08 - 00000000 ____D C:\Users\Azure\AppData\Local\Apps\2.0
2016-09-23 20:02 - 2016-09-23 20:02 - 00000000 ____D C:\Program Files\McAfee
2016-09-23 16:58 - 2016-09-23 19:53 - 00000000 ____D C:\Users\Azure\AppData\Local\app
2016-09-23 16:56 - 2016-09-23 16:56 - 07175680 _____ C:\Users\Azure\AppData\Roaming\agent.dat
2016-09-23 16:56 - 2016-09-23 16:56 - 00140288 _____ C:\Users\Azure\AppData\Roaming\Installer.dat
2016-09-23 16:56 - 2016-09-23 16:56 - 00018432 _____ C:\Users\Azure\AppData\Roaming\Main.dat
2016-09-23 16:56 - 2016-09-23 16:56 - 00000000 ____D C:\Program Files (x86)\WeatherChickn
2016-09-23 16:39 - 2016-09-23 16:39 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-23 13:20 - 2016-09-23 13:33 - 00000000 ____D C:\Users\Azure\Documents\Motorm4x
2016-09-23 13:19 - 2016-09-23 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2016-09-23 11:02 - 2016-09-23 11:19 - 00000000 ____D C:\Users\Azure\AppData\Roaming\SpinTires
2016-09-23 11:01 - 2016-09-23 11:01 - 00000000 ____D C:\Program Files (x86)\Spintires
2016-09-23 10:57 - 2016-09-24 16:13 - 00001908 _____ C:\Users\Azure\Desktop\Spintires.lnk
2016-09-23 10:57 - 2016-09-23 11:01 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spintires
2016-09-23 10:41 - 2016-09-23 10:41 - 00000019 _____ C:\Users\Azure\Desktop\New Text Document.txt
2016-09-15 16:41 - 2016-09-29 17:13 - 00000000 ____D C:\Program Files\New folder
2016-09-15 16:41 - 2016-09-15 16:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-09-15 16:41 - 2016-09-15 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-14 18:55 - 2016-09-14 18:55 - 00000626 _____ C:\Users\Azure\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-09-14 17:04 - 2016-09-14 19:34 - 2014479545 _____ C:\Users\Azure\Downloads\iPhone7,2_9.3.5_13G36_Restore.ipsw
2016-09-12 21:19 - 2016-09-12 21:19 - 00000000 ____D C:\Windows\pss
2016-09-12 00:36 - 2016-10-01 02:53 - 00007593 _____ C:\Users\Azure\AppData\Local\Resmon.ResmonCfg
2016-09-10 19:58 - 2016-09-24 16:13 - 00001082 _____ C:\Users\Public\Desktop\Overwolf.lnk
2016-09-10 19:58 - 2016-09-10 19:58 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2016-09-10 19:58 - 2016-09-10 19:58 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-09-10 19:57 - 2016-09-23 13:58 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-09-10 19:57 - 2016-09-22 19:58 - 00000002 _____ C:\END
2016-09-10 19:57 - 2016-09-10 19:58 - 00000000 ____D C:\ProgramData\Overwolf
2016-09-10 19:54 - 2016-09-10 19:55 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-09-10 19:54 - 2016-09-10 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-09-10 19:53 - 2016-09-10 19:53 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Logitech
2016-09-10 19:47 - 2016-09-10 19:47 - 00000000 ____D C:\Users\Azure\AppData\Local\Logitech
2016-09-10 19:46 - 2016-09-12 21:18 - 00000000 ____D C:\Users\Azure\AppData\Local\Overwolf
2016-09-10 19:45 - 2016-09-10 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logicool
2016-09-10 19:44 - 2016-09-10 19:46 - 00000000 ____D C:\Program Files\Logicool Gaming Software
2016-09-10 19:43 - 2016-09-10 19:43 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Logishrd
2016-09-10 19:43 - 2016-09-10 19:43 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Logicool
2016-09-04 03:14 - 2016-09-04 03:15 - 00872448 _____ C:\Users\Azure\Downloads\quake3.132c.exe
2016-09-02 22:40 - 2016-10-01 02:52 - 00000000 ____D C:\Users\Azure\Downloads\Telegram Desktop
2016-09-02 22:08 - 2016-09-24 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
2016-09-02 22:08 - 2016-09-02 22:08 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quake III Arena
2016-09-02 22:08 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-01 16:30 - 2016-07-11 21:25 - 00000000 ____D C:\Users\Azure\AppData\Roaming\NetSpeedMonitor
2016-10-01 16:29 - 2016-07-27 01:33 - 00000000 ____D C:\Users\Azure\AppData\Roaming\DMCache
2016-10-01 16:24 - 2009-07-14 09:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-01 16:24 - 2009-07-14 09:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-01 16:17 - 2016-08-14 23:08 - 00000000 __SHD C:\Users\Azure\IntelGraphicsProfiles
2016-10-01 16:16 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-01 15:26 - 2016-08-13 11:57 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4773FFCF-9E7F-4E17-A566-11F8E501BC54}
2016-10-01 02:52 - 2016-07-27 01:33 - 00000000 ____D C:\Users\Azure\Downloads\Compressed
2016-10-01 02:45 - 2016-07-11 21:28 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-01 02:26 - 2016-07-15 18:43 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-01 02:05 - 2016-08-28 14:28 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-10-01 02:05 - 2016-08-28 11:59 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-10-01 00:44 - 2016-07-16 15:59 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Telegram Desktop
2016-10-01 00:30 - 2016-07-11 22:28 - 00000000 ____D C:\Users\Azure\AppData\Roaming\vlc
2016-10-01 00:23 - 2016-07-11 22:26 - 00000000 ____D C:\Users\Azure\AppData\Roaming\TS3Client
2016-09-30 22:50 - 2016-08-28 11:59 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-09-29 18:19 - 2016-07-11 21:20 - 00000000 ____D C:\Users\UpdatusUser
2016-09-29 17:16 - 2016-07-11 21:28 - 00000000 ____D C:\Users\Azure\AppData\Roaming\BitTorrent
2016-09-29 17:13 - 2016-07-25 16:54 - 00000000 ____D C:\Users\Azure\AppData\Roaming\.minecraft
2016-09-29 16:25 - 2016-07-11 20:57 - 00000000 ____D C:\Users\Azure
2016-09-29 16:22 - 2016-08-20 07:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-28 03:40 - 2016-07-19 03:05 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Mumble
2016-09-27 19:42 - 2016-08-21 10:53 - 00000000 ____D C:\ProgramData\TEMP
2016-09-26 14:12 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\inf
2016-09-25 16:42 - 2009-07-14 10:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-25 15:45 - 2009-07-14 10:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-24 16:14 - 2016-07-11 21:45 - 00001045 _____ C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2016-09-24 16:14 - 2016-07-11 20:58 - 00001389 _____ C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-24 16:13 - 2016-08-28 11:59 - 00000691 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
2016-09-24 16:13 - 2016-08-25 23:07 - 00002584 _____ C:\Users\Azure\Desktop\µTorrent.lnk
2016-09-24 16:13 - 2016-08-25 23:07 - 00002564 _____ C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-09-24 16:13 - 2016-08-14 23:06 - 00000694 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-09-24 16:13 - 2016-08-14 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV
2016-09-24 16:13 - 2016-08-12 23:51 - 00002645 _____ C:\Users\Azure\Desktop\Kinzu Configuration.lnk
2016-09-24 16:13 - 2016-08-07 17:50 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-24 16:13 - 2016-08-07 17:49 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-24 16:13 - 2016-08-07 17:38 - 00001120 _____ C:\Users\Azure\Desktop\Syncios.lnk
2016-09-24 16:13 - 2016-08-05 16:58 - 00001074 _____ C:\Users\Azure\Desktop\Format Factory.lnk
2016-09-24 16:13 - 2016-07-27 01:32 - 00001016 _____ C:\Users\Azure\Desktop\Internet Download Manager.lnk
2016-09-24 16:13 - 2016-07-24 18:39 - 00001049 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-09-24 16:13 - 2016-07-22 13:57 - 00001805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-09-24 16:13 - 2016-07-22 13:57 - 00001793 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-09-24 16:13 - 2016-07-20 18:42 - 00000601 _____ C:\Users\Azure\Desktop\CoD4MP.lnk
2016-09-24 16:13 - 2016-07-20 18:42 - 00000504 _____ C:\Users\Azure\Desktop\CoDMP.lnk
2016-09-24 16:13 - 2016-07-18 20:09 - 00001021 _____ C:\Users\Azure\Desktop\Mumble.lnk
2016-09-24 16:13 - 2016-07-18 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA San Andreas B-13 NFS 2011
2016-09-24 16:13 - 2016-07-16 16:00 - 00000956 _____ C:\Users\Azure\Desktop\Telegram.lnk
2016-09-24 16:13 - 2016-07-16 01:01 - 00000986 _____ C:\Users\Azure\Desktop\Origin.lnk
2016-09-24 16:13 - 2016-07-16 01:01 - 00000980 _____ C:\Users\Public\Desktop\Origin.lnk
2016-09-24 16:13 - 2016-07-15 18:43 - 00000964 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-24 16:13 - 2016-07-14 15:00 - 00000841 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-09-24 16:13 - 2016-07-11 22:28 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-24 16:13 - 2016-07-11 21:55 - 00002028 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-09-24 16:13 - 2016-07-11 21:45 - 00001039 _____ C:\Users\Azure\Desktop\GameRanger.lnk
2016-09-24 16:13 - 2016-07-11 21:29 - 00001093 _____ C:\Users\Azure\Desktop\MSI Afterburner.lnk
2016-09-24 16:13 - 2016-07-11 21:28 - 00002624 _____ C:\Users\Azure\Desktop\BitTorrent.lnk
2016-09-24 16:13 - 2016-07-11 21:28 - 00002604 _____ C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-09-24 16:13 - 2016-07-11 21:27 - 00001038 _____ C:\Users\Azure\Desktop\PhotoScape.lnk
2016-09-24 16:13 - 2016-07-11 21:27 - 00001012 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-24 16:13 - 2016-07-11 21:27 - 00000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-24 16:13 - 2016-07-11 21:26 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-24 16:13 - 2016-07-11 21:26 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-24 16:13 - 2016-07-11 21:26 - 00001032 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-09-24 16:13 - 2016-07-11 21:23 - 00001106 _____ C:\Users\Azure\Desktop\Cheat Engine.lnk
2016-09-24 16:13 - 2016-07-11 21:00 - 00001224 _____ C:\Users\Azure\Desktop\Paint.lnk
2016-09-24 16:13 - 2016-06-13 05:47 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-24 16:13 - 2016-06-13 05:47 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-24 16:13 - 2009-07-14 10:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-24 16:13 - 2009-07-14 10:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-24 16:13 - 2009-07-14 09:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-24 16:13 - 2009-07-14 09:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-24 16:13 - 2009-07-14 09:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-24 16:13 - 2009-07-14 09:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-24 16:13 - 2009-07-14 09:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-24 15:47 - 2016-07-11 21:40 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1468255222
2016-09-24 15:47 - 2016-07-11 21:39 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-24 01:06 - 2016-07-11 21:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-24 00:35 - 2016-07-22 13:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-09-23 23:54 - 2016-07-16 00:47 - 00000000 ____D C:\Users\Azure\Downloads\Sound Cloud
2016-09-23 20:54 - 2016-08-05 16:59 - 00000000 ____D C:\ProgramData\McAfee
2016-09-23 20:11 - 2016-07-11 21:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-23 16:57 - 2016-07-22 15:17 - 00000000 ____D C:\Users\Azure\AppData\Roaming\Mozilla
2016-09-21 00:24 - 2016-07-27 03:55 - 00000000 ____D C:\Users\Azure\AppData\Roaming\PhotoScape
2016-09-15 16:41 - 2016-07-25 16:52 - 00000000 ____D C:\Users\Azure\.oracle_jre_usage
2016-09-08 16:31 - 2016-08-12 23:47 - 00000000 ____D C:\Users\Azure\AppData\Roaming\steelseries-engine-3-client
2016-09-06 10:33 - 2016-07-18 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-09-03 04:30 - 2016-07-16 01:01 - 00000000 ____D C:\ProgramData\Origin
2016-09-02 22:44 - 2016-07-12 22:32 - 00000000 ____D C:\Users\Azure\AppData\Local\CallofDuty4MW
 
==================== Files in the root of some directories =======
 
2016-09-23 16:56 - 2016-09-23 16:56 - 7175680 _____ () C:\Users\Azure\AppData\Roaming\agent.dat
2016-09-14 18:55 - 2016-09-14 18:55 - 0000626 _____ () C:\Users\Azure\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-09-23 16:56 - 2016-09-23 16:56 - 0140288 _____ () C:\Users\Azure\AppData\Roaming\Installer.dat
2016-09-23 16:56 - 2016-09-23 16:56 - 0018432 _____ () C:\Users\Azure\AppData\Roaming\Main.dat
2016-09-29 16:22 - 2016-09-29 16:25 - 0005120 _____ () C:\Users\Azure\AppData\Local\file__0.localstorage
2016-09-12 00:36 - 2016-10-01 02:53 - 0007593 _____ () C:\Users\Azure\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Azure\AppData\Local\Temp\8929-2e01-cff0-8764.exe
C:\Users\Azure\AppData\Local\Temp\p11711.exe
C:\Users\Azure\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\Azure\AppData\Local\Temp\utils.dll
C:\Users\Azure\AppData\Local\Temp\xdelta3.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-27 19:07
 
==================== End of FRST.txt ============================
 
 
 
ADDITION :-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Azure (01-10-2016 16:30:39)
Running from C:\Users\Azure\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-11 15:57:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3207581629-4176398510-663476205-500 - Administrator - Disabled)
Azure (S-1-5-21-3207581629-4176398510-663476205-1000 - Administrator - Enabled) => C:\Users\Azure
Guest (S-1-5-21-3207581629-4176398510-663476205-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3207581629-4176398510-663476205-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel Extreme Trucker 2 (HKLM-x32\...\{A2B65355-E44A-4662-9533-AB5A4A3533ED}) (Version: 1.00.0000 - Valusoft)
18 WoS Extreme Trucker 2 (HKLM-x32\...\{2070D91D-5C3C-4E9C-BA77-EC0ADE0FE671}) (Version: 1.00.0000 - Valusoft)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BitTorrent (HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.40.6019 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bus Driver (HKLM-x32\...\Bus Driver) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 2.0.3 - DriverPack Solution)
ESET Smart Security (HKLM\...\{BA1050B5-E274-4693-8A67-CAF5576A07F1}) (Version: 9.0.381.0 - ESET, spol. s r.o.)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
GameMinimizer 1.1 (HKLM-x32\...\GameMinimizer) (Version: 1.1 - Dead'Soul)
GameRanger (HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GTA IV: San Andreas (HKLM-x32\...\{1148C9E2-F6F0-46EA-8D83-BFB5872737F8}) (Version: 0.5.4.0 - GTA IV: San Andreas Mod Team)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
Hotspot Shield 5.4.11 (HKLM-x32\...\HotspotShield) (Version: 5.4.11 - AnchorFree Inc.)
Hotspot Shield 5.4.11 Embedded (x32 Version: 5.4.11.9772 - Buildbot) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Logitech Gaming Software 8.87 (HKLM\...\Logitech Gaming Software) (Version: 8.87.116 - Logitech Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3154529) (HKLM\...\{5B71B4F6-A412-3C48-B332-0FA9B9958940}) (Version: 4.6.01081 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 40.0.2308.62 (HKLM-x32\...\Opera 40.0.2308.62) (Version: 40.0.2308.62 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.16.0 - Overwolf Ltd.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quake III Arena (HKLM-x32\...\Quake III Arena) (Version:  - )
Quake III Arena Point Release 1.32 (HKLM-x32\...\Quake III Arena Point Release 1.32) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spintires (HKLM-x32\...\SpintiresFinal) (Version: Final - Game Owl)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.3 - SteelSeries ApS)
SteelSeries Kinzu Optical Mouse (HKLM-x32\...\{A03E4302-F387-47F3-8136-6D9D9286CD3B}) (Version: 1.0.10 - Steelseries)
Syncios 5.0.7 (HKLM-x32\...\Syncios) (Version: 5.0.7 - Anvsoft)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telegram Desktop version 0.10.8 (HKU\S-1-5-21-3207581629-4176398510-663476205-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.8 - Telegram Messenger LLP)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3207581629-4176398510-663476205-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08D8DCE4-63BE-4D12-800B-A285EDBD026E} - System32\Tasks\{A08FC94F-1816-455B-8225-A8CB08A0ABC6} => D:\New folder\gta_sa.exe
Task: {08F67E25-22B9-4EC0-B286-B129FDFB69E3} - System32\Tasks\{9397D98D-0463-4AF7-86BD-CB79535D2735} => D:\New folder (2)\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {08F7F683-249D-445C-AE8B-3EA25ABE6726} - System32\Tasks\Opera scheduled Autoupdate 1468255222 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-21] (Opera Software)
Task: {0E465E4F-554C-4AC3-86F3-AB8E025B6EE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {3B9EF9FB-BC18-41DE-8C12-4DB2207781C6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-15] (Overwolf LTD)
Task: {592BA203-9112-4BA4-8C81-0B9ACC5B6E5B} - System32\Tasks\Ladacultferdoch Reports => C:\Program Files (x86)\Anagosh\kjit.exe [2016-09-23] (VideoLAN)
Task: {6394F12E-D9BA-4AC7-910D-730D42A9FEDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {66582998-D327-4F9A-B612-0705197AF6A1} - System32\Tasks\{82B1DE7D-76B5-4FBE-A2E3-9E50EE23DD87} => D:\New folder\gta_sa.exe
Task: {6BC3400E-E09C-42C7-8246-4C55BC2DF350} - System32\Tasks\{B0B22900-7543-433D-AA6D-097D3DA9AC4F} => D:\New folder\gta_sa.exe
Task: {6D98CF54-2F6B-4FE9-8DBE-EBFAED92726F} - System32\Tasks\e62dc6c6547f46bda862da2d05af6862 => Wscript.exe C:\PROGRA~2\w531wep0\n3fcx.js
Task: {71259606-11A4-462F-862E-CD2D73C31C57} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {8BACEFAA-812F-4FBB-B455-282FFCD3732E} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Azure => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2016-01-31] (H.D.S. Hungary)
Task: {97581E87-9311-4823-B4FD-CCDC93C3CEFA} - System32\Tasks\{5A82DC40-C9B3-4D9C-A674-C89B8E90EF70} => Z:\New folder\CoDMP.exe [2014-03-30] ()
Task: {9C1EC9A3-6ED4-46F4-87ED-F4435D64F0A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D0D3DAB7-D9BD-4E82-B221-4D3D1A5CD566} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
Task: {F3BBFC16-6127-4DC9-AF8D-5D0117741C4A} - System32\Tasks\{E1455E69-EE86-47E3-9D5A-E16B0388D950} => D:\codbot.exe [2004-01-25] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-11 21:20 - 2015-01-31 05:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-28 11:59 - 2016-08-28 15:59 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-07 05:07 - 2015-03-07 05:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-08-30 05:17 - 2016-08-30 05:17 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 05:07 - 2015-03-07 05:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-08-30 05:17 - 2016-08-30 05:17 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-09-23 20:11 - 2016-09-14 07:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-23 20:11 - 2016-09-14 07:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-08-24 04:04 - 2016-08-24 04:04 - 00166520 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Azure:gs5sys [2048]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [302]
AlternateDataStreams: C:\Users\Azure\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\Templates:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\AppData\Local\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Azure\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 02:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3207581629-4176398510-663476205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Azure\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Azure^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: Free Download Manager => "D:\New folder\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D3BF8153-3391-4AB9-96AB-C3349F0A4BD4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C04DE85C-1931-455C-B916-71C254B88BB9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7D1B1B3-AD0A-4F45-9FFC-8991020DD18B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A1CB9EB-E6F5-4B69-9830-D25829E32CF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1208AED4-0702-4BB0-B837-AE6D17DB55DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB8F6FB0-6B7B-4BA9-8096-D532B38068EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E4C69F3D-DA63-404A-9884-704BD38E47A8}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1B44235-DDAA-465B-9E33-67AB01C0DDB1}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{100B0099-C57C-414E-B4C0-8DF9EF3E42D3}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0C4B2D10-7285-407D-9A8A-A6890A820015}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F4743DBF-D0D7-4470-A857-E5CDC128DA90}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{17AE509E-C5FD-449C-B83D-521E4382C5F7}] => (Allow) C:\Users\Azure\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1BBAEFA0-2CD5-4222-AD0E-42F6EF9C93F6}Z:\new folder\codmp.exe] => (Allow) Z:\new folder\codmp.exe
FirewallRules: [UDP Query User{4829EBB8-7684-4BDC-9B38-F797E86CB128}Z:\new folder\codmp.exe] => (Allow) Z:\new folder\codmp.exe
FirewallRules: [TCP Query User{B7166358-4DCE-4B7A-AE89-9260399F4F29}D:\call of duty 4 modern warfare\iw3mp.exe] => (Allow) D:\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{46F83FB5-3CCB-4120-A455-1ECA1D44F332}D:\call of duty 4 modern warfare\iw3mp.exe] => (Allow) D:\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{2DE3F79E-58CD-4866-97BF-4D5FF59408FE}C:\users\azure\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azure\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{DAE6CC22-C842-4492-A9C5-82A7B4F812EA}C:\users\azure\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azure\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{1DB33DB1-1340-4460-8BD1-CDA74CA9D98F}D:\new folder (5)\codmp.exe] => (Allow) D:\new folder (5)\codmp.exe
FirewallRules: [UDP Query User{D3B5909A-255F-4340-8531-48786B69B6A2}D:\new folder (5)\codmp.exe] => (Allow) D:\new folder (5)\codmp.exe
FirewallRules: [{0692B921-55CE-4C9D-99BF-60C6E7D151C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB91729-2634-4676-A711-E12105843DB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3167BEA5-34C3-4CB5-B9DC-E76906D06D6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DC88257D-C63A-456E-A10F-2465C0499901}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C20772A1-E142-47AD-8929-7E85A84EA52C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0E711B52-1097-4802-9B8C-0E81E5F9FB3B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{84E28FCE-3496-4252-B02D-48D84C87AD32}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54B38607-CAFF-4D61-ADFC-6AA876057E4E}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17AB4213-7AE4-43AB-B2BF-AEC45B4FA2F3}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{06CC716D-6CB4-4D56-9DDB-CF6D7DA4352B}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F3CC05C5-D2F7-4383-9F8C-9A4555A0320B}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{6135ABF6-D109-40E6-89D0-D5283A9D53CF}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{B8CD11EB-9413-4B7E-9D9E-B790FC646A74}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{AF542821-DA3E-4E84-A4ED-5CD3456230D3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{18352B2B-8CCD-4D5E-AA74-850C22FFAE15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0338986C-56FB-40A6-9C55-C18EAF97A77B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7BA8E76-7EC5-46A6-AEA2-7F903B366984}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A107013-8B64-4243-B491-1D1D9CB27A7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71CEB633-2D91-4BC5-9E5E-83449B7D422F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{5D9318EB-E1A7-4470-8C11-B52A28026019}Z:\jump server\codmp.exe] => (Allow) Z:\jump server\codmp.exe
FirewallRules: [UDP Query User{E1D2917F-8B13-4015-8C4A-842AA5E9D5E8}Z:\jump server\codmp.exe] => (Allow) Z:\jump server\codmp.exe
FirewallRules: [TCP Query User{417B558E-7280-4819-9D06-8A744D92729A}D:\stronghold crusader\stronghold crusader extreme\stronghold crusader extreme (muhammadsamar.blogspot.com)\stronghold crusader.exe] => (Allow) D:\stronghold crusader\stronghold crusader extreme\stronghold crusader extreme (muhammadsamar.blogspot.com)\stronghold crusader.exe
FirewallRules: [UDP Query User{7584B90D-B356-4244-947C-42948748F9A8}D:\stronghold crusader\stronghold crusader extreme\stronghold crusader extreme (muhammadsamar.blogspot.com)\stronghold crusader.exe] => (Allow) D:\stronghold crusader\stronghold crusader extreme\stronghold crusader extreme (muhammadsamar.blogspot.com)\stronghold crusader.exe
FirewallRules: [TCP Query User{E0F7F0E4-0E3D-467F-A1E8-E10D77A74C72}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{390D14DD-95DD-4CEB-93A4-084EED9B49E6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{3AD8D157-4FBA-4073-A0ED-3702DB577C90}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36ADC506-85E4-4D32-AB3E-C1058E2FA35B}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0FD5A3A4-0495-4C2D-BD79-0E50BBEA81A4}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE5C5978-67B4-46F2-A2D1-DE42C48B0F2C}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA8C1C6E-5D44-404E-82BD-85C81D4C58E4}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78391AB6-1BAE-4856-BF11-7E362059C03E}] => (Allow) C:\Users\Azure\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B43D828-550C-44B1-8DA8-8F7FA7035181}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{49FAE6F5-B5A8-4D85-8EB9-9BB05C0775A1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2F02A792-2AD5-4233-A5FB-12D48D2E43F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9DD1C392-A321-4D4E-B4F4-2F7CDDAE6BE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{54C4677D-A679-486C-9455-F764708704E7}] => (Allow) D:\OriginLibrary\Battlefield 3\bf3.exe
FirewallRules: [{3A5504AE-3C29-479D-BED7-689C95C2D77B}] => (Allow) D:\OriginLibrary\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{43125D9E-C6D1-40CA-937A-18A88FBF9CE0}D:\call of duty\codmp.exe] => (Block) D:\call of duty\codmp.exe
FirewallRules: [UDP Query User{CAEE20F1-B138-404E-8B44-3C72B5320D01}D:\call of duty\codmp.exe] => (Block) D:\call of duty\codmp.exe
FirewallRules: [{F441C6C1-B0A9-405A-9861-41221EE927F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6C541856-FFA4-4DCD-960F-61F947070959}D:\quake iii full version (windows pc)\quake3.exe] => (Allow) D:\quake iii full version (windows pc)\quake3.exe
FirewallRules: [UDP Query User{0BF5614B-F9CA-49B0-AD6E-FD32875C46F1}D:\quake iii full version (windows pc)\quake3.exe] => (Allow) D:\quake iii full version (windows pc)\quake3.exe
FirewallRules: [TCP Query User{0412D270-C88C-43F8-ADF8-1FC53A7316FD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4FE48F31-532D-49CE-A11D-9F8D19424E80}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F82B2388-E79E-4707-9B4D-0FED1FB7F8F4}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C9F7B95B-775F-4DE9-A4F5-1456EC8AA933}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{562C98B9-1449-4238-B4F8-27430F992C9C}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{EFA48BA3-2313-4A6D-AAA0-7B873B6BBF4D}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
 
==================== Restore Points =========================
 
28-09-2016 18:50:19 Scheduled Checkpoint
29-09-2016 11:02:04 Installed 18 WoS Extreme Trucker 2
29-09-2016 11:03:18 Installed DirectX
29-09-2016 16:22:01 Installed 18 Wheels of Steel Extreme Trucker 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2016 04:18:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/01/2016 03:19:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/01/2016 02:37:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.19.0.5633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17c8
 
Start Time: 01d21b62af42248b
 
Termination Time: 0
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: 23905070-8756-11e6-a84e-f46d043352aa
 
Error: (10/01/2016 02:19:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: MsftEdit.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c7ed
Exception code: 0xc0000005
Fault offset: 0x000007fee6e53975
Faulting process id: 0x50c
Faulting application start time: 0x01d21b4f8522ae06
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: MsftEdit.dll
Report Id: 809cc948-8753-11e6-a84e-f46d043352aa
 
Error: (10/01/2016 12:18:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/30/2016 10:12:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/30/2016 09:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/30/2016 08:58:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/30/2016 03:24:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/30/2016 12:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (10/01/2016 04:16:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Arohary service terminated with the following error: 
The specified module could not be found.
 
Error: (10/01/2016 04:16:47 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/01/2016 03:18:11 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/01/2016 12:17:02 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (09/30/2016 10:10:35 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (09/30/2016 09:11:58 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (09/30/2016 09:11:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:05:06 PM on ‎9/‎30/‎2016 was unexpected.
 
Error: (09/30/2016 08:56:23 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (09/30/2016 03:22:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (09/30/2016 12:29:59 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 7896.88 MB
Available physical RAM: 5677.91 MB
Total Virtual: 15791.95 MB
Available Virtual: 13536.05 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:100 GB) (Free:36.93 GB) NTFS
Drive d: (Games) (Fixed) (Total:200 GB) (Free:73.06 GB) NTFS
Drive e: (Media) (Fixed) (Total:100 GB) (Free:95.26 GB) NTFS
Drive z: (Lab) (Fixed) (Total:65.66 GB) (Free:40.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43680805)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=100 GB) - (Type=42)
Partition 4: (Not Active) - (Size=365.7 GB) - (Type=42)
 
==================== End of Addition.txt ============================

  • 0

#4
Abdul Hanan

Abdul Hanan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Pop-up Screenshot.

http://imgur.com/N0ztLOo


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

These files in the log are they part of a game, do you know anything about them

Task: {592BA203-9112-4BA4-8C81-0B9ACC5B6E5B} - System32\Tasks\Ladacultferdoch Reports => C:\Program Files (x86)\Anagosh\kjit.exe [2016-09-23] (VideoLAN)

Arohary; C:\Program Files (x86)\Anagosh\PhuwleRpr.dll [X]

2016-09-23 20:19 - 2016-10-01 16:16 - 00000000 ____D C:\Program Files (x86)\Anagosh
  • 0

#6
Abdul Hanan

Abdul Hanan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I just reviewed my download history ..  these were installed by a crack installer.


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Is this your topic here

https://forums.malwa...rtana-not-sure/

I don't help with cracked software, nor do I discuss it.
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP