Jump to content

MalwareBytes Unable to connect to Proxy

bursticool
 Share

Recommended Posts

bursticool

bursticool

Posted
Posted

Hi, My name is Christopher and I am requesting help for a recent problem issue that has happened on my computer.

 

Yesterday night, I ran a scan to clear malware off my computer as it was infested with ads, after the scan it kept popping up Malcious website blocks, which I ignored.

 

Today as I tried to access the internet, I was unable to connect to google due to the error "Unable to connect to Proxy Server".

 

I'm confused because I am able to talk to friends through steam chat (A platform of PC games) but unable to download updates and play online, same goes for Chrome and Internet Explorer.

 

I have tried: Restarting my computer

                    System Restore (Restored to yesterday)

                    Disconnecting to the router/Reconnecting

                    Uninstalling Malware Bytes and current anti-virus Avast!

                    Disabling Firewalls and Avast! Shields and itself

                    Connecting to the Router Through LAN

                    

 

If someone could detect and help me fix this problem, it would mean the world to me :)

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted

Alright Kevin, this is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by User (administrator) on USER-PC on 31-05-2014 21:03:53
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-21] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-21] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-07] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-24] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2127809028-18669728-1403974004-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-30] (Valve Corporation)
HKU\S-1-5-21-2127809028-18669728-1403974004-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts)
HKU\S-1-5-21-2127809028-18669728-1403974004-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2127809028-18669728-1403974004-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [148528 2014-02-09] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\User\AppData\Local\Roblox\Versions\version-77cb13cdf4414374\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-26]
 
Chrome: 
=======
CHR HomePage: hxxp://www.v9.com/?type=hp&ts=1400664578&from=irs&uid=3219913727_132775_4098815B&i=psd&t=342dc7415
CHR StartupUrls: "hxxp://www.v9.com/?type=hp&ts=1400664578&from=irs&uid=3219913727_132775_4098815B&i=psd&t=342dc7415"
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-27]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-27]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-27]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-27]
CHR HKLM-x32\...\Chrome\Extension: [bjgglmlkdploojalfbafjcjekegbhnnp] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta383\ch\VideoPlayerV3beta383.crx [2013-05-27]
CHR HKLM-x32\...\Chrome\Extension: [cjghblamigilmnljeglhdjiclkdkkioh] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha195\ch\MediaViewV1alpha195.crx [2013-05-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pmjmkdehijlakmlfpknbaigdpigeblom] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home263\ch\MediaWatchV1home263.crx [2013-05-06]
 
==================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [281032 2014-05-31] ()
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswFsBlk; No ImagePath
S0 aswRvrt; No ImagePath
S1 aswSnx; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S0 aswVmm; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R0 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [86768 2014-04-24] (Dataram, Inc.)
R1 {345422e3-72fa-447a-9550-97803edfacf3}Gw64; C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}Gw64.sys [61120 2014-04-24] (StdLib)
S2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\System32\Drivers\aswrdr2.sys [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-31 21:01 - 2014-05-31 21:03 - 00000000 ____D () C:\FRST
2014-05-31 17:34 - 2014-05-31 17:34 - 00030430 _____ () C:\ComboFix.txt
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\SOC DOTA\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 16:50 - 2014-05-31 17:34 - 00000000 ____D () C:\ComboFix
2014-05-31 14:36 - 2014-05-31 17:34 - 00000000 ____D () C:\Qoobox
2014-05-31 14:36 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-31 14:36 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-31 14:36 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-31 14:36 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-31 14:36 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-31 14:36 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-31 14:36 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-31 14:36 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-31 14:35 - 2014-05-31 14:57 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 14:33 - 2014-05-29 19:18 - 05203398 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-31 13:43 - 2014-05-31 13:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 13:43 - 2014-05-31 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 10:05 - 2014-05-31 10:05 - 00000000 _____ () C:\Windows\SysWOW64\shoDD55.tmp
2014-05-30 19:33 - 2014-05-30 19:33 - 00000222 _____ () C:\Users\User\Desktop\Fistful of Frags.url
2014-05-30 16:18 - 2014-05-31 18:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 16:18 - 2014-05-31 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 16:18 - 2014-05-31 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 16:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 16:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 16:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 16:16 - 2014-05-30 16:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-21 19:31 - 2014-05-30 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\SupTab
2014-05-21 19:30 - 2014-05-30 18:26 - 00000000 ____D () C:\ProgramData\WPM
2014-05-21 19:30 - 2014-05-21 19:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\v9
2014-05-18 12:11 - 2014-05-18 12:12 - 30803176 _____ () C:\Users\User\Downloads\bioshock_anim.swf
2014-05-18 12:08 - 2014-05-18 12:08 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-18 12:08 - 2014-05-18 12:08 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-18 12:06 - 2014-05-18 12:07 - 38388241 _____ () C:\Users\User\Downloads\bioshock_anim1.1.0.swf
2014-05-18 12:04 - 2014-05-18 12:05 - 02271768 _____ () C:\Users\User\Downloads\Zone Archive - Update #6.1- Elizabeth (Bioshock Infinite) (1).exe
2014-05-18 12:00 - 2014-05-31 10:03 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-18 11:58 - 2014-05-18 11:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\wi_upd
2014-05-18 11:57 - 2014-05-18 11:58 - 02271768 _____ () C:\Users\User\Downloads\Zone Archive - Update #6.1- Elizabeth (Bioshock Infinite).exe
2014-05-18 11:42 - 2014-05-18 11:43 - 31129989 ____R () C:\Users\User\Downloads\[ZONE]Biocock Intimate.7z
2014-05-18 11:42 - 2014-05-18 11:42 - 00019255 _____ () C:\Users\User\Downloads\[ZONE]Biocock Intimate.torrent
2014-05-18 11:28 - 2014-05-31 10:03 - 00000000 ____D () C:\temp
2014-05-18 11:27 - 2014-05-26 16:24 - 00000000 ____D () C:\Program Files\003
2014-05-17 03:08 - 2014-05-06 14:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 03:08 - 2014-05-06 14:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 03:08 - 2014-05-06 13:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 03:08 - 2014-05-06 13:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 03:08 - 2014-05-06 13:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 03:08 - 2014-05-06 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:35 - 2014-05-15 18:35 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 18:08 - 2014-05-09 16:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 18:08 - 2014-05-09 16:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 18:08 - 2014-03-25 12:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:08 - 2014-03-25 12:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 18:07 - 2014-04-12 12:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 18:07 - 2014-03-04 19:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 18:07 - 2014-03-04 19:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 18:07 - 2014-03-04 19:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 18:07 - 2014-03-04 19:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 18:07 - 2014-03-04 19:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 18:07 - 2014-03-04 19:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:07 - 2014-03-04 19:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:07 - 2014-03-04 19:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 18:07 - 2014-03-04 19:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 18:06 - 2014-04-12 12:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:06 - 2014-04-12 12:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 18:06 - 2014-04-12 12:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 18:06 - 2014-04-12 12:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 18:06 - 2014-04-12 12:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 18:06 - 2014-04-12 12:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 18:06 - 2014-04-12 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 18:06 - 2014-04-12 12:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 18:06 - 2014-03-04 19:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 18:06 - 2014-03-04 19:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 18:06 - 2014-03-04 19:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 18:06 - 2014-03-04 19:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 18:06 - 2014-03-04 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 18:06 - 2014-03-04 19:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 18:06 - 2014-03-04 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 18:06 - 2014-03-04 19:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 22:44 - 2014-05-14 22:45 - 00262144 _____ () C:\Windows\Minidump\051414-29796-01.dmp
2014-05-14 22:44 - 2014-05-14 22:44 - 420484430 _____ () C:\Windows\MEMORY.DMP
2014-05-04 14:32 - 2014-05-04 14:47 - 00000000 ____D () C:\Textures Backup
2014-05-04 14:31 - 2014-05-04 14:48 - 00000000 ____D () C:\Users\User\Documents\compressor
2014-05-04 14:24 - 2014-05-04 14:24 - 00421824 _____ () C:\Users\User\Downloads\Optimizer Texures 083-12801-0-8-3.rar
2014-05-01 11:44 - 2014-05-17 03:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
==================== One Month Modified Files and Folders =======
 
2014-05-31 21:03 - 2014-05-31 21:01 - 00000000 ____D () C:\FRST
2014-05-31 21:03 - 2014-01-24 14:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-05-31 21:03 - 2013-05-23 11:01 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-05-31 21:02 - 2013-05-27 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-05-31 20:51 - 2013-05-24 02:46 - 01466878 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 20:48 - 2013-05-30 16:53 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-31 20:48 - 2013-05-28 18:32 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-31 20:48 - 2013-05-27 15:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 20:37 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 20:37 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 20:36 - 2013-05-27 17:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-31 20:35 - 2013-08-13 17:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 18:23 - 2014-05-30 16:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 18:10 - 2009-07-14 14:51 - 00167662 _____ () C:\Windows\setupact.log
2014-05-31 17:34 - 2014-05-31 17:34 - 00030430 _____ () C:\ComboFix.txt
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\SOC DOTA\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 17:34 - 2014-05-31 16:50 - 00000000 ____D () C:\ComboFix
2014-05-31 17:34 - 2014-05-31 14:36 - 00000000 ____D () C:\Qoobox
2014-05-31 17:31 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-31 15:00 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2014-05-31 14:57 - 2014-05-31 14:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 14:35 - 2009-07-14 15:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 14:33 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-31 13:58 - 2013-05-28 08:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-31 13:43 - 2014-05-31 13:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 13:43 - 2014-05-31 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 13:43 - 2014-05-30 16:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 13:43 - 2013-05-23 11:07 - 00000000 ____D () C:\ProgramData\clear.fi
2014-05-31 13:40 - 2013-05-27 17:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 13:40 - 2013-05-24 03:06 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-05-31 13:40 - 2013-05-24 03:06 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-31 13:39 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 13:38 - 2014-05-30 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 13:38 - 2014-03-31 09:11 - 00000000 ____D () C:\Users\SOC DOTA
2014-05-31 13:38 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
2014-05-31 12:59 - 2013-08-31 22:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-31 10:28 - 2013-05-24 02:43 - 00476130 _____ () C:\Windows\PFRO.log
2014-05-31 10:05 - 2014-05-31 10:05 - 00000000 _____ () C:\Windows\SysWOW64\shoDD55.tmp
2014-05-31 10:03 - 2014-05-18 12:00 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-31 10:03 - 2014-05-18 11:28 - 00000000 ____D () C:\temp
2014-05-31 01:03 - 2013-10-11 22:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mumble
2014-05-30 22:43 - 2013-05-27 15:08 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-05-30 19:33 - 2014-05-30 19:33 - 00000222 _____ () C:\Users\User\Desktop\Fistful of Frags.url
2014-05-30 18:56 - 2013-05-28 08:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 18:26 - 2014-05-21 19:30 - 00000000 ____D () C:\ProgramData\WPM
2014-05-30 18:26 - 2009-07-14 15:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-30 18:22 - 2014-05-21 19:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\SupTab
2014-05-30 18:22 - 2014-01-10 19:55 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-05-30 16:17 - 2014-05-30 16:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 00:10 - 2013-05-28 18:32 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-29 23:51 - 2013-05-27 14:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-29 23:51 - 2013-05-27 14:43 - 00000000 ____D () C:\ProgramData\Skype
2014-05-29 19:18 - 2014-05-31 14:33 - 05203398 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-26 23:17 - 2013-08-14 17:31 - 00000000 ____D () C:\Users\User\AppData\Local\Warframe
2014-05-26 16:24 - 2014-05-18 11:27 - 00000000 ____D () C:\Program Files\003
2014-05-26 16:24 - 2013-12-15 21:58 - 00000000 ____D () C:\Users\User\AppData\Local\genienext
2014-05-26 16:24 - 2013-12-15 21:58 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-05-23 23:34 - 2013-05-27 18:46 - 00000000 ____D () C:\Users\User\AppData\Local\ArmA 2 OA
2014-05-23 16:59 - 2013-05-27 17:45 - 00002385 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 19:30 - 2014-05-21 19:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\v9
2014-05-21 19:29 - 2013-05-23 11:03 - 00001627 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 14:36 - 2011-02-22 23:19 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-05-18 14:35 - 2011-02-22 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-05-18 14:35 - 2009-07-14 15:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 12:12 - 2014-05-18 12:11 - 30803176 _____ () C:\Users\User\Downloads\bioshock_anim.swf
2014-05-18 12:08 - 2014-05-18 12:08 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-18 12:08 - 2014-05-18 12:08 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-18 12:07 - 2014-05-18 12:06 - 38388241 _____ () C:\Users\User\Downloads\bioshock_anim1.1.0.swf
2014-05-18 12:05 - 2014-05-18 12:04 - 02271768 _____ () C:\Users\User\Downloads\Zone Archive - Update #6.1- Elizabeth (Bioshock Infinite) (1).exe
2014-05-18 11:58 - 2014-05-18 11:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\wi_upd
2014-05-18 11:58 - 2014-05-18 11:57 - 02271768 _____ () C:\Users\User\Downloads\Zone Archive - Update #6.1- Elizabeth (Bioshock Infinite).exe
2014-05-18 11:43 - 2014-05-18 11:42 - 31129989 ____R () C:\Users\User\Downloads\[ZONE]Biocock Intimate.7z
2014-05-18 11:42 - 2014-05-18 11:42 - 00019255 _____ () C:\Users\User\Downloads\[ZONE]Biocock Intimate.torrent
2014-05-18 11:32 - 2013-05-24 03:11 - 00000000 ____D () C:\ProgramData\Temp
2014-05-17 14:29 - 2013-05-28 18:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-17 03:30 - 2013-05-23 11:03 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 03:30 - 2013-05-23 11:03 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 03:25 - 2014-05-01 11:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 03:07 - 2013-08-16 00:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 03:03 - 2013-05-23 15:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 18:35 - 2014-05-15 18:35 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 18:35 - 2013-08-13 17:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 18:35 - 2013-08-13 17:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 18:35 - 2013-08-13 17:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 22:45 - 2014-05-14 22:44 - 00262144 _____ () C:\Windows\Minidump\051414-29796-01.dmp
2014-05-14 22:44 - 2014-05-14 22:44 - 420484430 _____ () C:\Windows\MEMORY.DMP
2014-05-14 22:44 - 2013-11-03 12:16 - 00000000 ____D () C:\Windows\Minidump
2014-05-12 07:26 - 2014-05-30 16:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 16:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 16:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 13:01 - 2009-07-14 15:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-09 16:14 - 2014-05-15 18:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 16:11 - 2014-05-15 18:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:31 - 2013-05-27 17:44 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:31 - 2013-05-27 17:44 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 14:40 - 2014-05-17 03:08 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 14:17 - 2014-05-17 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 13:25 - 2014-05-17 03:08 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 13:07 - 2014-05-17 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 13:00 - 2014-05-17 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 12:10 - 2014-05-17 03:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 14:48 - 2014-05-04 14:31 - 00000000 ____D () C:\Users\User\Documents\compressor
2014-05-04 14:47 - 2014-05-04 14:32 - 00000000 ____D () C:\Textures Backup
2014-05-04 14:41 - 2014-04-24 23:22 - 3145824048 ____C () C:\RAMDisk.img
2014-05-04 14:24 - 2014-05-04 14:24 - 00421824 _____ () C:\Users\User\Downloads\Optimizer Texures 083-12801-0-8-3.rar
2014-05-03 15:00 - 2014-02-22 09:16 - 00000000 ____D () C:\Users\User\AppData\Local\DayZ
2014-05-03 12:03 - 2014-04-30 15:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-03 03:03 - 2014-04-24 23:22 - 3145824048 ____C () C:\RAMDisk.img.bak
2014-05-02 01:02 - 2013-05-24 03:08 - 00556997 _____ () C:\Windows\DirectX.log
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-31 20:28
 
==================== End Of Log ============================
 
 
 
 
 
This is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by User at 2014-05-31 21:01:51
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battleground Europe (HKLM-x32\...\Battleground Europe) (Version:  - Playnet Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{5B75991B-CCBA-4908-ACFF-3FF60A624D5E}) (Version: 0.92.83 - Dotjosh Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Free to Play (HKLM-x32\...\Steam App 245550) (Version:  - Valve)
Frhed 1.6.0 (HKLM-x32\...\Frhed) (Version: 1.6.0 - Raihan Kibria)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.3 - Acer Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Watch (HKLM-x32\...\MediaWatchV1home263) (Version: 1.1 - Media Watch) <==== ATTENTION
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RAMDisk (HKLM-x32\...\{BA624CEA-0B42-4CFA-BFC2-09BEB5A55A46}) (Version: 4.4.0.31 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
ROBLOX Player for User (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
v9 uninstaller (HKLM-x32\...\v9 uninstaller) (Version:  - v9)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2012 Gaijin Entertainment Corporation)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 12:34 - 2014-05-31 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {40296B7F-3651-4D7B-9215-6258E924EDB2} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {468FAEF2-6683-4761-8993-286AEF6FB6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60999981-3F77-4C3D-BBA2-B6B6CFA48DED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: {B28367E1-AC18-48B7-BDF7-DF3EB1FD2104} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-30] (CyberLink)
Task: {C3AD03E9-DAA0-44FC-BA59-94E13D7971F8} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-30] (Acer Incorporated)
Task: {CC281060-F615-4AF4-891C-7DFE6032AF6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {DB18E583-2A7F-4E51-B001-B0B816C42B04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: {E64047C9-5D58-4090-BE73-E7920372C7C2} - System32\Tasks\{E76C5C1C-8000-498B-9916-482C2FBFA1B9} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
Task: {F09CC197-7E92-4F94-9069-15497A10DA2E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-30] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-20 15:30 - 2014-02-09 04:34 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-20 16:02 - 2014-02-09 03:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-28 18:32 - 2014-05-17 14:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-03 21:52 - 2011-01-28 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-13 12:37 - 2013-02-13 12:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-28 18:32 - 2014-05-31 20:48 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-20 15:30 - 2014-02-09 04:34 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2010-11-12 11:22 - 2010-11-12 11:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 11:22 - 2010-11-12 11:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 11:22 - 2010-11-12 11:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-30 07:56 - 2010-12-30 07:56 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-05-18 12:05 - 2014-04-30 10:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 07:47 - 2014-04-30 10:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-18 12:05 - 2014-04-30 10:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-10 11:39 - 2014-04-30 10:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-04-23 18:30 - 2014-05-17 11:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-18 12:06 - 2014-05-30 03:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-18 12:05 - 2014-04-29 10:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-05-03 15:35 - 2014-05-30 03:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-05-02 09:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 09:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 09:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 09:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-05-03 15:35 - 2014-05-30 03:36 - 00131264 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2012-09-07 15:37 - 2013-06-15 09:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2013-07-11 11:30 - 2013-06-15 09:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2013-02-13 12:38 - 2013-02-13 12:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-14 17:25 - 2014-02-14 17:25 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-02-22 23:10 - 2010-09-14 12:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRdr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswSP
Description: aswSP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2014 01:35:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 01:14:33 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070003.
 
Error: (05/31/2014 01:08:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 11:02:16 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070003.
 
Error: (05/31/2014 10:28:26 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 10:04:53 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16458
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16458
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 04:21:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15382
 
 
System errors:
=============
Error: (05/31/2014 08:59:56 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MAC0014512431DC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{270D5AA2-8710-4326-81D3-DDF8C131237E}.
The master browser is stopping or an election is being forced.
 
Error: (05/31/2014 07:41:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MAC0014512431DC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{270D5AA2-8710-4326-81D3-DDF8C131237E}.
The master browser is stopping or an election is being forced.
 
Error: (05/31/2014 05:31:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/31/2014 05:21:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/31/2014 04:55:27 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (05/31/2014 04:50:51 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (05/31/2014 03:23:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/31/2014 03:18:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/31/2014 02:55:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/31/2014 02:53:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (05/31/2014 01:35:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 01:14:33 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070003
 
Error: (05/31/2014 01:08:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 11:02:16 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070003
 
Error: (05/31/2014 10:28:26 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 10:04:53 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16458
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16458
 
Error: (05/31/2014 04:21:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 04:21:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15382
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-31 14:53:40.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-31 14:53:39.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 71%
Total physical RAM: 8043.86 MB
Available physical RAM: 2279.09 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 9743.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:188.02 GB) NTFS
Drive e: (CMW) (Fixed) (Total:3.99 GB) (Free:3.99 GB) FAT32
Drive f: () (Removable) (Total:15.1 GB) (Free:13.64 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 4 GB) (Disk ID: D969BE86)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 7E67CD20)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================
 
 
This is the FSS.txt
 
 
Farbar Service Scanner Version: 21-05-2014
Ran by User (administrator) on 31-05-2014 at 21:12:13
Running from "F:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
Hopefully you can find the source
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Do you recognize or know of or trust the following proxy server that is on your system :-

 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118

 

One other point, why did you uninstall Avast, do you intend to reinstall?

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted

I recognise the proxy server i use, its my Uncles router and i have been over to his house many times.

 

I uninstalled avast! because it has been nothing but trouble in the past and my personal opinion is that its not worth it compared to the other free anti-virus

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Post those logs...

 

fixlist.txt

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted

Alright, here is the fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by User at 2014-06-01 12:11:25 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
C:\Program Files\AVAST Software
S2 aswFsBlk; No ImagePath
S0 aswRvrt; No ImagePath
S1 aswSnx; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S0 aswVmm; No ImagePath
S2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\System32\Drivers\aswrdr2.sys [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Task: {40296B7F-3651-4D7B-9215-6258E924EDB2} - \avast! Emergency Update No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
End
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
avast! Antivirus => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
aswFsBlk => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40296B7F-3651-4D7B-9215-6258E924EDB2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40296B7F-3651-4D7B-9215-6258E924EDB2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
And this is the Application Log
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/06/2014
Scan Time: 12:24:29 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.01.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308958
Time Elapsed: 9 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bjgglmlkdploojalfbafjcjekegbhnnp, Quarantined, [0441c4af08734bebcba21e707d85cd33], 
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjghblamigilmnljeglhdjiclkdkkioh, Quarantined, [6ed72f442259a2949ad43a54de241ae6], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmjmkdehijlakmlfpknbaigdpigeblom, Quarantined, [23229dd6ec8f6bcb98d72c6259a915eb], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.V9.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.v9.com/web/?type=dspp&ts=1400911864&from=irs&uid=3219913727_132775_4098815B&i=psd&t=343022fb4&q={searchTerms}",), Replaced,[2f16fe757407fd392858bcd0bd47837d]
PUP.Optional.V9.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.v9.com/?type=hp&ts=1400664578&from=irs&uid=3219913727_132775_4098815B&i=psd&t=342dc7415",), Replaced,[261fec87c5b64fe77042ef9ebc48867a]
PUP.Optional.V9.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.v9.com/?type=hp&ts=1400664578&from=irs&uid=3219913727_132775_4098815B&i=psd&t=342dc7415" ],), Replaced,[d66f5e156219ac8a5a8b74197a8a37c9]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Hopefully you figure it out
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Let me see those logs, also give an update on any remaining issues or concerns...
     
     
    Kevin
Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted
file://localhost/Volumes/LUCIA%20USB/AdwCleaner%5BS0%5D.txtfile://localhost/Volumes/LUCIA%20USB/RKreport_SCN_06012014_222108.logfile://localhost/Volumes/LUCIA%20USB/RKreport_SCN_06012014_222108.logfile://localhost/Volumes/LUCIA%20USB/JRT.txtfile://localhost/Volumes/LUCIA%20USB/JRT.txt

 

There you go kevin

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted
# AdwCleaner v3.211 - Report created 01/06/2014 at 21:49:40

# Updated 26/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : User - USER-PC

# Running from : C:\Users\User\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\WPM

Folder Deleted : C:\Program Files (x86)\Mobogenie

Folder Deleted : C:\Program Files (x86)\MSR

Folder Deleted : C:\Program Files (x86)\SecretSauce

Folder Deleted : C:\Program Files (x86)\VideoPlayerV3

Folder Deleted : C:\Program Files\003

Folder Deleted : C:\Program Files\Uninstaller

Folder Deleted : C:\Users\User\AppData\Local\genienext

Folder Deleted : C:\Users\User\AppData\Local\Mobogenie

Folder Deleted : C:\Users\User\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\User\AppData\Roaming\SupTab

Folder Deleted : C:\Users\User\AppData\Roaming\v9

Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Deleted : C:\Users\User\Documents\Mobogenie

File Deleted : C:\Users\User\daemonprocess.txt

File Deleted : C:\Users\User\Desktop\TornTV.lnk

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\MediaViewV1

Key Deleted : HKLM\Software\MediaWatchV1

Key Deleted : HKLM\Software\SupTab

Key Deleted : HKLM\Software\supWPM

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\V9Software

Key Deleted : HKLM\Software\Wpm

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\v9 uninstaller

Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

 

*************************

 

AdwCleaner[R0].txt - [7873 octets] - [01/06/2014 21:48:49]

AdwCleaner[s0].txt - [7075 octets] - [01/06/2014 21:49:40]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7135 octets] ##########

 

 

Thats the ADWARE

 

 

This is JRT

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by User on Sun 01/06/2014 at 21:58:21.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho6113.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho9A64.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoA84F.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoDB57.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoDD55.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\boost_interprocess"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/06/2014 at 22:05:05.19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

And this is Rogue

 

 


RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Scan -- Date : 06/01/2014  22:21:08

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 26 ¤¤¤

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] be4c91603da601c79490ed07cee8bce6

[bSP] 8959d8120d88dd96332e99c0f7508d0a : Unknown MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 4091 MB

Error reading LL1 MBR! ([1] Incorrect function. )

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive1: TOSHIBA MK7559GSXP +++++

--- User ---

[MBR] 54fcac12789d03f1198099835339d8b1

[bSP] 2868f8b70c57eaf3d5b45bb628d8e0e8 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 MB

User = LL1 ... OK

User = LL2 ... OK

 

There u go Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Quit all programs that you may have started.

  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7/8, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[?].txt on your Desktop



Next,

Click on ProxyFix, when finished Click on Report and copy/paste the content of the notepad to next reply.

 

Re-boot when completed, any improvement?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Apologies Christopher, RogueKiller is changed, changes I was not aware of...

 

Run RK one more time, select scan and let it complete. Select the registry tab, checkmark the following entries, ignore all others:

 

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
 
Select the Delete tab, select report when complete and post to your reply.
 
Next,
 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs in your next reply, Also do we see any improvement?

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted

Ran the Rogue Killer And I'm pretty sure i deleted all the Registry files you told me to delete, Maybe a bit more but no improvement, Still can't access Internet Sites. I tried to download the ESET thing but the only thing i could download was SmartScanner and even after i moved that over to my computer, i was unable to run it due to another Proxy Error.

 

 

Anyway here is the RogueKiller Logs

 

 

RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 06/02/2014  17:07:20
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 48 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1120-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1120-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1120-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1120-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118  -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2127809028-18669728-1403974004-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 126 ¤¤¤
[EAT:Addr] (explorer.exe) COMDLG32.dll - AsyncGetClassBits : C:\Windows\system32\urlmon.dll @ 0x7fefe9270b0
[EAT:Addr] (explorer.exe) COMDLG32.dll - AsyncInstallDistributionUnit : C:\Windows\system32\urlmon.dll @ 0x7fefe927210
[EAT:Addr] (explorer.exe) COMDLG32.dll - BindAsyncMoniker : C:\Windows\system32\urlmon.dll @ 0x7fefe911f90
[EAT:Addr] (explorer.exe) COMDLG32.dll - CDLGetLongPathNameA : C:\Windows\system32\urlmon.dll @ 0x7fefe9278d0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CDLGetLongPathNameW : C:\Windows\system32\urlmon.dll @ 0x7fefe9278e8
[EAT:Addr] (explorer.exe) COMDLG32.dll - CORPolicyProvider : C:\Windows\system32\urlmon.dll @ 0x7fefe911674
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoGetClassObjectFromURL : C:\Windows\system32\urlmon.dll @ 0x7fefe9273fc
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInstall : C:\Windows\system32\urlmon.dll @ 0x7fefe927460
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCanonicalizeIUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8d5660
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCombineIUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8d80a0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCombineUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe8c46a4
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCombineUrlEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8c43c0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCompareUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe915280
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCreateSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7fefe891ee0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetCreateZoneManager : C:\Windows\system32\urlmon.dll @ 0x7fefe8a0810
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetFeatureSettingsChanged : C:\Windows\system32\urlmon.dll @ 0x7fefe950284
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetGetProtocolFlags : C:\Windows\system32\urlmon.dll @ 0x7fefe91537c
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetGetSecurityUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe9153d0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetGetSecurityUrlEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8d9cd0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetGetSession : C:\Windows\system32\urlmon.dll @ 0x7fefe892460
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetIsFeatureEnabled : C:\Windows\system32\urlmon.dll @ 0x7fefe8d8dc0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetIsFeatureEnabledForIUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8d51b8
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetIsFeatureEnabledForUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe8d1820
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetIsFeatureZoneElevationEnabled : C:\Windows\system32\urlmon.dll @ 0x7fefe91586c
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetParseIUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8c56a8
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetParseUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe8a1490
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetQueryInfo : C:\Windows\system32\urlmon.dll @ 0x7fefe8d7c50
[EAT:Addr] (explorer.exe) COMDLG32.dll - CoInternetSetFeatureEnabled : C:\Windows\system32\urlmon.dll @ 0x7fefe915af4
[EAT:Addr] (explorer.exe) COMDLG32.dll - CompareSecurityIds : C:\Windows\system32\urlmon.dll @ 0x7fefe8ad1a4
[EAT:Addr] (explorer.exe) COMDLG32.dll - CompatFlagsFromClsid : C:\Windows\system32\urlmon.dll @ 0x7fefe8d4044
[EAT:Addr] (explorer.exe) COMDLG32.dll - CopyBindInfo : C:\Windows\system32\urlmon.dll @ 0x7fefe923020
[EAT:Addr] (explorer.exe) COMDLG32.dll - CopyStgMedium : C:\Windows\system32\urlmon.dll @ 0x7fefe89ba0c
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateAsyncBindCtx : C:\Windows\system32\urlmon.dll @ 0x7fefe8e86c0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateAsyncBindCtxEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8d3d14
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7fefe8b68e0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateIUriBuilder : C:\Windows\system32\urlmon.dll @ 0x7fefe893660
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateURLMoniker : C:\Windows\system32\urlmon.dll @ 0x7fefe8eccf4
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateURLMonikerEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8978d0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateURLMonikerEx2 : C:\Windows\system32\urlmon.dll @ 0x7fefe8d40f0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8916f0
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateUriFromMultiByteString : C:\Windows\system32\urlmon.dll @ 0x7fefe911ee4
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateUriPriv : C:\Windows\system32\urlmon.dll @ 0x7fefe911ef8
[EAT:Addr] (explorer.exe) COMDLG32.dll - CreateUriWithFragment : C:\Windows\system32\urlmon.dll @ 0x7fefe911f40
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllCanUnloadNow : C:\Windows\system32\urlmon.dll @ 0x7fefe891600
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllGetClassObject : C:\Windows\system32\urlmon.dll @ 0x7fefe8dab3c
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllInstall : C:\Windows\system32\urlmon.dll @ 0x7fefe912458
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllRegisterServer : C:\Windows\system32\urlmon.dll @ 0x7fefe912464
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllRegisterServerEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8ee070
[EAT:Addr] (explorer.exe) COMDLG32.dll - DllUnregisterServer : C:\Windows\system32\urlmon.dll @ 0x7fefe912470
[EAT:Addr] (explorer.exe) COMDLG32.dll - Extract : C:\Windows\system32\urlmon.dll @ 0x7fefe927f74
[EAT:Addr] (explorer.exe) COMDLG32.dll - FaultInIEFeature : C:\Windows\system32\urlmon.dll @ 0x7fefe928fe8
[EAT:Addr] (explorer.exe) COMDLG32.dll - FileBearsMarkOfTheWeb : C:\Windows\system32\urlmon.dll @ 0x7fefe8c6b60
[EAT:Addr] (explorer.exe) COMDLG32.dll - FindMediaType : C:\Windows\system32\urlmon.dll @ 0x7fefe912e9c
[EAT:Addr] (explorer.exe) COMDLG32.dll - FindMediaTypeClass : C:\Windows\system32\urlmon.dll @ 0x7fefe8b6080
[EAT:Addr] (explorer.exe) COMDLG32.dll - FindMimeFromData : C:\Windows\system32\urlmon.dll @ 0x7fefe8d50bc
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetAddSitesFileUrl : C:\Windows\system32\urlmon.dll @ 0x7fefe9502b0
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetClassFileOrMime : C:\Windows\system32\urlmon.dll @ 0x7fefe8eb8ec
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetClassURL : C:\Windows\system32\urlmon.dll @ 0x7fefe912074
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetComponentIDFromCLSSPEC : C:\Windows\system32\urlmon.dll @ 0x7fefe9292e8
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetIDNFlagsForUri : C:\Windows\system32\urlmon.dll @ 0x7fefe8ac7f0
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetIUriPriv : C:\Windows\system32\urlmon.dll @ 0x7fefe911f60
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetIUriPriv2 : C:\Windows\system32\urlmon.dll @ 0x7fefe911f50
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetLabelsFromNamedHost : C:\Windows\system32\urlmon.dll @ 0x7fefe958b54
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetMarkOfTheWeb : C:\Windows\system32\urlmon.dll @ 0x7fefe949390
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetPortFromUrlScheme : C:\Windows\system32\urlmon.dll @ 0x7fefe911e94
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetPropertyFromName : C:\Windows\system32\urlmon.dll @ 0x7fefe911ea4
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetPropertyName : C:\Windows\system32\urlmon.dll @ 0x7fefe911eb4
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetSoftwareUpdateInfo : C:\Windows\system32\urlmon.dll @ 0x7fefe8ee070
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetUrlmonThreadNotificationHwnd : C:\Windows\system32\urlmon.dll @ 0x7fefe8edeb4
[EAT:Addr] (explorer.exe) COMDLG32.dll - GetZoneFromAlternateDataStreamEx : C:\Windows\system32\urlmon.dll @ 0x7fefe896d90
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkGoBack : C:\Windows\system32\urlmon.dll @ 0x7fefe946e78
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkGoForward : C:\Windows\system32\urlmon.dll @ 0x7fefe946f24
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkNavigateMoniker : C:\Windows\system32\urlmon.dll @ 0x7fefe946fd0
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkNavigateString : C:\Windows\system32\urlmon.dll @ 0x7fefe947004
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkSimpleNavigateToMoniker : C:\Windows\system32\urlmon.dll @ 0x7fefe947038
[EAT:Addr] (explorer.exe) COMDLG32.dll - HlinkSimpleNavigateToString : C:\Windows\system32\urlmon.dll @ 0x7fefe9475e8
[EAT:Addr] (explorer.exe) COMDLG32.dll - IECompatLogCSSFix : C:\Windows\system32\urlmon.dll @ 0x7fefe9212fc
[EAT:Addr] (explorer.exe) COMDLG32.dll - IEDllLoader : C:\Windows\system32\urlmon.dll @ 0x7fefe9126f0
[EAT:Addr] (explorer.exe) COMDLG32.dll - IEGetUserPrivateNamespaceName : C:\Windows\system32\urlmon.dll @ 0x7fefe923244
[EAT:Addr] (explorer.exe) COMDLG32.dll - IEInstallScope : C:\Windows\system32\urlmon.dll @ 0x7fefe927554
[EAT:Addr] (explorer.exe) COMDLG32.dll - IntlPercentEncodeNormalize : C:\Windows\system32\urlmon.dll @ 0x7fefe911f70
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsAsyncMoniker : C:\Windows\system32\urlmon.dll @ 0x7fefe8d21fc
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsDWORDProperty : C:\Windows\system32\urlmon.dll @ 0x7fefe911ec4
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsIntranetAvailable : C:\Windows\system32\urlmon.dll @ 0x7fefe950668
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsJITInProgress : C:\Windows\system32\urlmon.dll @ 0x7fefe8ab328
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsLoggingEnabledA : C:\Windows\system32\urlmon.dll @ 0x7fefe94855c
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsLoggingEnabledW : C:\Windows\system32\urlmon.dll @ 0x7fefe948688
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsStringProperty : C:\Windows\system32\urlmon.dll @ 0x7fefe911ed4
[EAT:Addr] (explorer.exe) COMDLG32.dll - IsValidURL : C:\Windows\system32\urlmon.dll @ 0x7fefe8c7610
[EAT:Addr] (explorer.exe) COMDLG32.dll - MkParseDisplayNameEx : C:\Windows\system32\urlmon.dll @ 0x7fefe8e92f0
[EAT:Addr] (explorer.exe) COMDLG32.dll - ObtainUserAgentString : C:\Windows\system32\urlmon.dll @ 0x7fefe91dce0
[EAT:Addr] (explorer.exe) COMDLG32.dll - PrivateCoInstall : C:\Windows\system32\urlmon.dll @ 0x7fefe927560
[EAT:Addr] (explorer.exe) COMDLG32.dll - QueryAssociations : C:\Windows\system32\urlmon.dll @ 0x7fefe8ae9c0
[EAT:Addr] (explorer.exe) COMDLG32.dll - QueryClsidAssociation : C:\Windows\system32\urlmon.dll @ 0x7fefe920a8c
[EAT:Addr] (explorer.exe) COMDLG32.dll - RegisterBindStatusCallback : C:\Windows\system32\urlmon.dll @ 0x7fefe8cf600
[EAT:Addr] (explorer.exe) COMDLG32.dll - RegisterFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7fefe8d1c6c
[EAT:Addr] (explorer.exe) COMDLG32.dll - RegisterMediaTypeClass : C:\Windows\system32\urlmon.dll @ 0x7fefe9120c0
[EAT:Addr] (explorer.exe) COMDLG32.dll - RegisterMediaTypes : C:\Windows\system32\urlmon.dll @ 0x7fefe912210
[EAT:Addr] (explorer.exe) COMDLG32.dll - RegisterWebPlatformPermanentSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7fefe8c8c54
[EAT:Addr] (explorer.exe) COMDLG32.dll - ReleaseBindInfo : C:\Windows\system32\urlmon.dll @ 0x7fefe897d40
[EAT:Addr] (explorer.exe) COMDLG32.dll - RevokeBindStatusCallback : C:\Windows\system32\urlmon.dll @ 0x7fefe8cfbf0
[EAT:Addr] (explorer.exe) COMDLG32.dll - RevokeFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7fefe9122cc
[EAT:Addr] (explorer.exe) COMDLG32.dll - SetAccessForIEAppContainer : C:\Windows\system32\urlmon.dll @ 0x7fefe923258
[EAT:Addr] (explorer.exe) COMDLG32.dll - SetSoftwareUpdateAdvertisementState : C:\Windows\system32\urlmon.dll @ 0x7fefe8ee070
[EAT:Addr] (explorer.exe) COMDLG32.dll - ShouldDisplayPunycodeForUri : C:\Windows\system32\urlmon.dll @ 0x7fefe91de50
[EAT:Addr] (explorer.exe) COMDLG32.dll - ShouldShowIntranetWarningSecband : C:\Windows\system32\urlmon.dll @ 0x7fefe8d3a3c
[EAT:Addr] (explorer.exe) COMDLG32.dll - ShowTrustAlertDialog : C:\Windows\system32\urlmon.dll @ 0x7fefe950820
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadA : C:\Windows\system32\urlmon.dll @ 0x7fefe915cc4
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadToCacheFileA : C:\Windows\system32\urlmon.dll @ 0x7fefe947d9c
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadToCacheFileW : C:\Windows\system32\urlmon.dll @ 0x7fefe8ba0c4
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadToFileA : C:\Windows\system32\urlmon.dll @ 0x7fefe947f10
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadToFileW : C:\Windows\system32\urlmon.dll @ 0x7fefe8befd0
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLDownloadW : C:\Windows\system32\urlmon.dll @ 0x7fefe915d78
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenBlockingStreamA : C:\Windows\system32\urlmon.dll @ 0x7fefe948058
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenBlockingStreamW : C:\Windows\system32\urlmon.dll @ 0x7fefe948138
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenPullStreamA : C:\Windows\system32\urlmon.dll @ 0x7fefe94821c
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenPullStreamW : C:\Windows\system32\urlmon.dll @ 0x7fefe9482e0
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenStreamA : C:\Windows\system32\urlmon.dll @ 0x7fefe948408
[EAT:Addr] (explorer.exe) COMDLG32.dll - URLOpenStreamW : C:\Windows\system32\urlmon.dll @ 0x7fefe9484d0
[EAT:Addr] (explorer.exe) COMDLG32.dll - UnregisterWebPlatformPermanentSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7fefe8ec9b4
[EAT:Addr] (explorer.exe) COMDLG32.dll - UrlMkBuildVersion : C:\Windows\system32\urlmon.dll @ 0x7fefe912804
[EAT:Addr] (explorer.exe) COMDLG32.dll - UrlMkGetSessionOption : C:\Windows\system32\urlmon.dll @ 0x7fefe8a3e60
[EAT:Addr] (explorer.exe) COMDLG32.dll - UrlMkSetSessionOption : C:\Windows\system32\urlmon.dll @ 0x7fefe8cd0e4
[EAT:Addr] (explorer.exe) COMDLG32.dll - UrlmonCleanupCurrentThread : C:\Windows\system32\urlmon.dll @ 0x7fefe8ba27c
[EAT:Addr] (explorer.exe) COMDLG32.dll - WriteHitLogging : C:\Windows\system32\urlmon.dll @ 0x7fefe9485d0
[EAT:Addr] (explorer.exe) COMDLG32.dll - ZonesReInit : C:\Windows\system32\urlmon.dll @ 0x7fefe949c30
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] be4c91603da601c79490ed07cee8bce6
[bSP] 8959d8120d88dd96332e99c0f7508d0a : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 4091 MB
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 54fcac12789d03f1198099835339d8b1
[bSP] 2868f8b70c57eaf3d5b45bb628d8e0e8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_06012014_222108.log - RKreport_SCN_06012014_234456.log - RKreport_DEL_06012014_234609.log - RKreport_SCN_06022014_170035.log 
 
 
 
Im hoping this doesn't have to go to a Factory Default.
 
Do your best Kevin 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Next,
 
Farbar scanner, for use when connection or redirect issues:
 
Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
Make sure the following options are checked:
 

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those two logs....

Link to post
Share on other sites
bursticool

bursticool

Posted
  • Author
Posted

This is MiniToolbox 

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by User (administrator) on 02-06-2014 at 20:03:30
Running from "F:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink Gigabit Ethernet = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 88-9F-FA-5F-82-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::97d:9224:5569:f907%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 2 June 2014 4:51:06 PM
   Lease Expires . . . . . . . . . . : Monday, 2 June 2014 8:53:11 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 193503226
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-00-11-1C-75-08-E9-12-CE
   DNS Servers . . . . . . . . . . . : 198.142.0.51
                                       211.29.132.12
                                       198.142.235.14
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-E9-12-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  dns.mel.optusnet.com.au
Address:  198.142.0.51
 
Name:    google.com
Addresses:  2404:6800:4006:806::1009
 74.125.237.130
 74.125.237.128
 74.125.237.131
 74.125.237.136
 74.125.237.135
 74.125.237.133
 74.125.237.132
 74.125.237.137
 74.125.237.134
 74.125.237.129
 74.125.237.142
 
 
Pinging google.com [74.125.237.197] with 32 bytes of data:
Reply from 74.125.237.197: bytes=32 time=28ms TTL=52
Reply from 74.125.237.197: bytes=32 time=34ms TTL=52
 
Ping statistics for 74.125.237.197:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 34ms, Average = 31ms
Server:  dns.mel.optusnet.com.au
Address:  198.142.0.51
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=298ms TTL=45
Reply from 98.139.183.24: bytes=32 time=292ms TTL=45
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 292ms, Maximum = 298ms, Average = 295ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...88 9f fa 5f 82 f2 ......Atheros AR5B97 Wireless Network Adapter
 10...1c 75 08 e9 12 ce ......Broadcom NetLink Gigabit Ethernet
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    281
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::97d:9224:5569:f907/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/02/2014 06:43:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (06/02/2014 05:11:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12183
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12183
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11169
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11169
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/02/2014 00:02:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10155
 
Error: (06/02/2014 00:02:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10155
 
 
System errors:
=============
Error: (06/02/2014 05:45:35 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (06/01/2014 10:18:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (06/02/2014 06:43:53 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (06/02/2014 05:11:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\esetsmartinstaller_enu.exe
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12183
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12183
 
Error: (06/02/2014 00:02:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11169
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11169
 
Error: (06/02/2014 00:02:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/02/2014 00:02:21 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10155
 
Error: (06/02/2014 00:02:21 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10155
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-31 14:53:40.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-31 14:53:39.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
Acer Backup Manager (Version: 3.0.0.69)
Acer Crystal Eye Webcam (Version: 1.0.1306)
Acer ePower Management (Version: 6.00.3002)
Acer eRecovery Management (Version: 5.00.3002)
Acer GameZone Console (Version: 6.1.0.9)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.1130.2010)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
Addon Sync 2009 (Version: 1.0.67)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Arma 2: Operation Arrowhead Beta
Arma 3 Alpha
avast! Free Antivirus (Version: 8.0.1489.0)
Backup Manager V3 (Version: 3.0.0.69)
Battlefield 3ô (Version: 1.6.0.0)
Battlefield 4ô Beta (Version: 1.0.0.0)
Battleground Europe
Battlelog Web Plugins (Version: 2.3.2)
BattlEye for OA Uninstall
BattlEye Uninstall
Blacklight: Retribution
Bluetooth Win7 Suite (64) (Version: 7.2.0.56)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.6.1.2)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.2)
Burnout Paradise: The Ultimate Box
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Modern Warfare 2 - Multiplayer
Chivalry: Medieval Warfare
Chivalry: Medieval Warfare Beta
clear.fi (Version: 1.0.1229.00)
clear.fi (Version: 9.0.7209)
clear.fi Client (Version: 1.00.3008)
Counter-Strike: Global Offensive
Counter-Strike: Source
Crysis 2 Maximum Edition
D3DX10 (Version: 15.4.2368.0902)
DayZ
DayZ Commander (Version: 0.92.83)
DivX Setup (Version: 2.6.1.44)
Dota 2
Dream Day First Home
ESN Sonar (Version: 0.70.4)
eSobi v2 (Version: 2.0.4.000274)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Fistful of Frags
Free to Play
Frhed 1.6.0 (Version: 1.6.0)
Galapago
Garry's Mod
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (Version: 35.0.1916.114)
Google Update Helper (Version: 1.3.24.7)
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Heroes & Generals (Version: 1.0.6.1)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Identity Card (Version: 1.00.3003)
Insurgency
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.0.82.0)
iTunes (Version: 11.1.3.8)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Just Cause 2: Multiplayer Mod
Launch Manager (Version: 5.1.3)
Left 4 Dead 2
Malwarebytes Anti-Malware version 2.0.2.1012 (Version: 2.0.2.1012)
Media Watch (Version: 1.1)
MediaEspresso (Version: 1.0.1210_33255)
Merriam Websters Spell Jam
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Mirror's Edge
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mumble 1.2.4 (Version: 1.2.4)
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (Version: 4.0.14.11)
MyWinLocker Suite (Version: 4.0.14.11)
Nexon Game Manager
NTI Media Maker 9 (Version: 9.0.2.8939)
NVIDIA Control Panel 334.89 (Version: 334.89)
NVIDIA GeForce Experience 1.8.2.1 (Version: 1.8.2.1)
NVIDIA Graphics Driver 334.89 (Version: 334.89)
NVIDIA Install Application (Version: 2.1002.147.1067)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13)
NVIDIA PhysX (Version: 9.13.1220)
NVIDIA PhysX System Software 9.13.1220 (Version: 9.13.1220)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13)
NVIDIA Update 11.10.13 (Version: 11.10.13)
NVIDIA Update Core (Version: 11.10.13)
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20)
OpenAL
Origin (Version: 9.1.15.109)
PFPortChecker 1.0.39 (Version: 1.0.39)
PlanetSide 2
PunkBuster Services (Version: 0.993)
RAMDisk (Version: 4.4.0.31)
Realtek High Definition Audio Driver (Version: 6.0.1.6276)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.26.0)
Rising Storm/Red Orchestra 2 Multiplayer
ROBLOX Player for User
Rust
SHIELD Streaming (Version: 1.7.321)
Shredder (Version: 2.0.8.7)
Skype Click to Call (Version: 7.2.15747.10003)
Skypeô 6.16 (Version: 6.16.105)
Sleeping Dogsô
Sniper Elite V2
Sniper Elite: Nazi Zombie Army
Source SDK
Source SDK Base 2006
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Update kb70007 (Version: 1.0.0)
Tactical Intervention
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.11)
Tom Clancy's Ghost Recon Phantoms - NA
Tribes: Ascend
Unity Web Player (Version: )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Video Player (Version: 1.1)
War Thunder
War Thunder Launcher 1.0.1.199
Warframe
Welcome Center (Version: 1.02.3007)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
World of Tanks
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 79%
Total physical RAM: 8043.86 MB
Available physical RAM: 1658.93 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 9754.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.22 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:187.42 GB) NTFS
3 Drive e: (CMW) (Fixed) (Total:3.99 GB) (Free:3.99 GB) FAT32
4 Drive f: () (Removable) (Total:15.1 GB) (Free:13.62 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\USER-PC
 
Administrator            Guest                    User                     
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
02-06-2014 08:47:06 Scheduled Checkpoint
 
**** End of log ****
 
 
 
 
this is Farbar Service Scanner
 
 
 
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
Im really confused Kevin, after all these programs and scans, i still can't access internet Websites or can't update games, Do you know what is happening???
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes the issue seems to be down to the proxy, even though I have given instruction to remove/reset it still seems to be back each time.....

 

Can you check again manually and remove the proxy then reset to  Auto detect:

 

Check for proxy server settings in your browser, the following are the most common used.

 

Internet Explorer:

Tools Menu -> Internet Options  -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

 

Chrome:

Select -> Tools menu ->  then "Options", then  go to "Change Proxy Settings", then "LAN Settings" , then  take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

 

Safari


Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept