Jump to content

Recommended Posts

I downloaded a file (it was a test game from the rpg maker forum but the file host site gave malware instead) that contained some adware which I got rid off thanks to malwarebytes but "URL4SHORT.INFO" is saved on to my computer, the actual site is stuck on my PC. I disconnected from the internet went on that site and it was able to load. I would like to know how I can completely remove it from my computer. I tried adwcleaner but it didn't remove it.

Link to post
Share on other sites

Hello SakifX9 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015

Ran by $akif X9 (administrator) on SAKIFX9SPC on 19-01-2015 00:25:16

Running from C:\Users\$akif X9\Downloads

Loaded Profiles: $akif X9 (Available profiles: $akif X9 & Kamrul)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

() D:\JoyToKey\JoyToKey.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Valve Corporation) D:\Steam\Steam.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Valve Corporation) D:\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Valve Corporation) D:\Steam\bin\steamwebhelper.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-21] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [D3DOverrider] => "D:\D3DOverrider\D3DOverriderWrapper.exe" /s

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\Run: [nJoy] => C:\Program Files (x86)\Nemex\nJoy\nJoy.exe -minimize

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\Run: [Connectify] => C:\Program Files (x86)\Connectify\Connectify.exe [3941192 2012-02-25] (Connectify)

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\Winlogon: [Shell] D:\Steam\open.bat [195 2014-10-18] () <==== ATTENTION

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2967095572-3354365641-2800166735-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 10.1.1.1

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2967095572-3354365641-2800166735-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\$akif X9\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:

=======

CHR HomePage: Profile 1 ->

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.au/"

CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-15]

CHR Extension: (Angry Birds) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-15]

CHR Extension: (Google Docs) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]

CHR Extension: (Google Drive) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15]

CHR Extension: (YouTube) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]

CHR Extension: (Weebly - Website Builder) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2015-01-15]

CHR Extension: (Google Search) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]

CHR Extension: (Dota 2 Stream Viewer) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dckodhdcpcdalhfmboodbkolcanpdekc [2015-01-15]

CHR Extension: (Block site) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-01-18]

CHR Extension: (Google Sheets) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15]

CHR Extension: (Chrome Remote Desktop) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-15]

CHR Extension: (AdBlock) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-15]

CHR Extension: (Bookmark Manager) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-15]

CHR Extension: (Google Play) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-15]

CHR Extension: (Build with Chrome) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-01-15]

CHR Extension: (cookie.txt export) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lopabhfecdfhgogdbojmaicoicjekelh [2015-01-15]

CHR Extension: (Google Wallet) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]

CHR Extension: (My Chrome Theme) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-01-15]

CHR Extension: (Enhanced Steam) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-15]

CHR Extension: (Gmail) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-24] (ASUSTeK Computer Inc.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2012-02-25] () [File not signed]

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-19] (McAfee, Inc.)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)

S2 PinnacleUpdateSvc; D:\PinnacleGameProfiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-15] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-04] ()

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-24] (Realtek )

R1 cnnctfy2; C:\Windows\system32\DRIVERS\cnnctfy2.sys [31344 2014-07-05] (Connectify)

S3 droidmote; C:\Windows\System32\drivers\droidmote.sys [21504 2013-10-01] (Windows (R) Win 7 DDK provider) [File not signed]

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-19] (McAfee, Inc.)

U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation )

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-07-15] (Microsoft Corporation)

S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-15] (Microsoft Corporation)

R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [59856 2014-05-06] (Windows (R) Win 7 DDK provider)

R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-15] (Microsoft Corporation)

S1 cherimoya; system32\drivers\cherimoya.sys [X]

S3 CV2K1; \SystemRoot\system32\DRIVERS\cv2k1.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 00:25 - 2015-01-19 00:25 - 00023861 _____ () C:\Users\$akif X9\Downloads\FRST.txt

2015-01-19 00:25 - 2015-01-19 00:25 - 00000000 ____D () C:\FRST

2015-01-19 00:24 - 2015-01-19 00:24 - 02126336 _____ (Farbar) C:\Users\$akif X9\Downloads\FRST64.exe

2015-01-18 14:55 - 2015-01-18 14:55 - 00230150 _____ () C:\Users\$akif X9\Downloads\RTPVX_Kaduki.rar

2015-01-18 08:11 - 2015-01-18 21:19 - 00000000 ____D () C:\Users\$akif X9\Downloads\TSBS v1.4 (Open Beta!)

2015-01-18 08:10 - 2015-01-18 08:11 - 04248212 _____ () C:\Users\$akif X9\Downloads\TSBS v1.4 (Open Beta!).exe

2015-01-18 07:08 - 2015-01-18 07:08 - 00000625 _____ () C:\DelFix.txt

2015-01-18 06:32 - 2015-01-18 06:32 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-17 18:27 - 2015-01-17 22:06 - 00000000 ____D () C:\Users\$akif X9\Downloads\Battle Symphony v1.16c

2015-01-17 18:27 - 2015-01-17 18:27 - 01666896 _____ () C:\Users\$akif X9\Downloads\Battle Symphony v1.16c.exe

2015-01-17 12:46 - 2015-01-17 12:46 - 01742921 _____ () C:\Users\$akif X9\Downloads\teststuff.exe

2015-01-17 12:46 - 2015-01-17 12:46 - 00000000 ____D () C:\Users\$akif X9\Downloads\teststuff

2015-01-15 15:07 - 2015-01-15 15:07 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-15 15:07 - 2015-01-15 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-15 14:28 - 2015-01-15 14:16 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe

2015-01-15 07:48 - 2015-01-15 07:48 - 02766252 _____ () C:\Users\$akif X9\Desktop\serverfile.rar

2015-01-14 21:33 - 2015-01-14 21:33 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-01-14 21:33 - 2015-01-14 21:33 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-14 00:49 - 2015-01-14 00:50 - 00000000 ____D () C:\Users\$akif X9\Desktop\Victor Bow

2015-01-14 00:49 - 2015-01-14 00:49 - 00004368 _____ () C:\Users\$akif X9\Desktop\Bow Animation.rar

2015-01-13 05:38 - 2015-01-13 05:38 - 00000000 _____ () C:\WINDOWS\Minidump\011315-16156-01.dmp

2015-01-11 13:30 - 2015-01-11 13:30 - 01784554 _____ () C:\Users\$akif X9\Desktop\Vs Custom Title Demo.zip

2015-01-10 23:45 - 2015-01-11 01:01 - 00000000 ____D () C:\Users\$akif X9\Desktop\id

2015-01-10 08:06 - 2015-01-10 08:06 - 00025509 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Actors Battlers.txt

2015-01-10 08:05 - 2015-01-10 08:05 - 00288468 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Animated Battle.txt

2015-01-10 08:04 - 2015-01-10 08:04 - 00066746 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Basic Module.txt

2015-01-09 12:44 - 2015-01-09 12:44 - 00000000 ____D () C:\Users\Administrator

2015-01-09 12:37 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis

2015-01-09 12:29 - 2015-01-09 12:29 - 00000051 _____ () C:\WINDOWS\winfix.ini

2015-01-08 00:30 - 2015-01-08 00:35 - 00000000 ____D () C:\Users\$akif X9\Desktop\ZAntiLagTest-v1.2

2015-01-07 19:11 - 2015-01-07 19:25 - 00118904 _____ () C:\Users\$akif X9\Desktop\meme run.pxd

2015-01-07 11:11 - 2015-01-07 11:11 - 00248067 _____ () C:\Users\$akif X9\Desktop\Transition Pack v1.1 Demo.zip

2015-01-05 00:13 - 2015-01-05 00:14 - 03147427 _____ () C:\Users\$akif X9\Desktop\crash_combat_karambit.7z

2015-01-04 22:39 - 2015-01-04 22:39 - 00006917 _____ () C:\Users\$akif X9\Desktop\Series-ChronoTrigger.zip

2015-01-04 19:50 - 2008-12-02 13:59 - 09681303 _____ () C:\Users\$akif X9\Desktop\rxdataed.exe

2015-01-04 19:48 - 2015-01-08 00:48 - 00000000 ____D () C:\Users\$akif X9\eee

2015-01-04 19:46 - 2015-01-04 19:47 - 09693781 _____ () C:\Users\$akif X9\Desktop\rxdated-w32.zip

2015-01-04 19:46 - 2015-01-04 19:46 - 00026138 _____ () C:\Users\$akif X9\Desktop\rxdataed.tar.gz

2014-12-21 23:42 - 2014-12-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-20 11:41 - 2012-11-01 11:30 - 00026624 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswpslwfx.sys

2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2014-12-20 11:40 - 2013-08-01 05:25 - 01975000 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTWlanU.sys

2014-12-20 11:39 - 2014-12-20 11:41 - 00000000 ____D () C:\ProgramData\TP-LINK

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 00:22 - 2014-12-18 13:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-18 23:46 - 2014-07-05 06:36 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-18 23:01 - 2014-12-18 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-01-18 23:00 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-18 22:29 - 2014-07-06 05:24 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001UA.job

2015-01-18 20:17 - 2014-07-14 18:13 - 01932905 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-18 15:46 - 2014-07-05 06:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-18 10:29 - 2014-07-06 05:24 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001Core.job

2015-01-17 14:01 - 2014-07-05 06:35 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2967095572-3354365641-2800166735-1001

2015-01-17 13:41 - 2014-08-05 20:23 - 02416128 ___SH () C:\Users\$akif X9\Desktop\Thumbs.db

2015-01-17 12:58 - 2014-08-05 22:28 - 00371712 ___SH () C:\Users\$akif X9\Downloads\Thumbs.db

2015-01-15 15:07 - 2014-07-05 06:36 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-15 14:33 - 2014-07-19 22:08 - 00000000 ____D () C:\Users\$akif X9\.VirtualBox

2015-01-15 14:31 - 2014-08-15 18:51 - 00119296 _____ () C:\WINDOWS\SysWOW64\zlib.dll

2015-01-15 14:30 - 2014-03-18 20:54 - 00038390 _____ () C:\WINDOWS\PFRO.log

2015-01-15 14:30 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-15 14:29 - 2013-08-23 00:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-15 14:26 - 2014-07-14 18:01 - 00000000 ____D () C:\Users\$akif X9

2015-01-15 14:26 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2015-01-15 14:26 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy

2015-01-13 05:38 - 2014-07-22 20:06 - 342786045 _____ () C:\WINDOWS\MEMORY.DMP

2015-01-13 05:38 - 2014-07-22 20:06 - 00000000 ____D () C:\WINDOWS\Minidump

2015-01-12 22:22 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\Camera

2015-01-11 00:23 - 2014-10-07 17:43 - 00000133 _____ () C:\Users\$akif X9\Desktop\Steam Keys.txt

2015-01-09 12:46 - 2013-08-21 04:07 - 00000000 ____D () C:\ProgramData\ASUS

2015-01-09 12:46 - 2013-08-21 04:02 - 00000000 ____D () C:\Program Files (x86)\ASUS

2015-01-09 12:45 - 2014-07-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

2015-01-07 09:55 - 2014-03-18 21:03 - 00877896 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-07 08:52 - 2013-08-23 01:46 - 00352554 _____ () C:\WINDOWS\setupact.log

2014-12-28 16:55 - 2014-09-04 20:21 - 00000000 ____D () C:\Users\$akif X9\Desktop\Youtube resources

2014-12-27 06:18 - 2013-08-23 01:44 - 01923096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-12-24 09:10 - 2014-07-05 13:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-12-22 16:28 - 2014-07-26 18:02 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories

2014-12-21 22:54 - 2013-08-21 04:20 - 00262635 _____ () C:\WINDOWS\DirectX.log

2014-12-20 11:47 - 2013-08-21 03:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-20 11:31 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-12-20 11:25 - 2014-07-27 14:51 - 00000517 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics

2014-12-20 11:22 - 2014-07-14 18:01 - 00000000 ____D () C:\Users\Kamrul

2014-12-20 11:08 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-11-01 12:32 - 2014-12-18 13:33 - 0001476 _____ () C:\Users\$akif X9\AppData\Roaming\SpeedRunnersLog.txt

2014-11-21 19:38 - 2014-11-21 19:38 - 0000096 _____ () C:\Users\$akif X9\AppData\Local\fusioncache.dat

2014-12-08 19:09 - 2014-12-08 19:09 - 0003369 _____ () C:\Users\$akif X9\AppData\Local\recently-used.xbel

2014-08-01 17:22 - 2014-08-01 17:22 - 0007601 _____ () C:\Users\$akif X9\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-13 09:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015

Ran by $akif X9 at 2015-01-19 00:26:05

Running from C:\Users\$akif X9\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden

µTorrent (HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)

Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version: - 11 bit studios)

ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)

Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)

Autodesk Pixlr (x32 Version: 1.0.3.0 - Autodesk) Hidden

BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)

Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)

BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)

Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)

Cave Story+ (HKLM-x32\...\Steam App 200900) (Version: - Nicalis)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

Connectify (HKLM\...\Connectify) (Version: 3.3.0.23104 - Connectify)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)

CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)

Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden

Driver (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited)

eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

join.me (HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\JoinMe) (Version: 1.18.0.189 - LogMeIn, Inc.)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)

LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden

LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden

Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Memories of a Vagabond (HKLM-x32\...\Steam App 307070) (Version: - DarkElite)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version: - )

METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Visual Basic 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version: - Microsoft Corporation)

Microsoft Visual Basic 6.0 Upgrade Assessment Tool (HKLM-x32\...\{7C9B9127-8F4A-4E41-9072-C5A7A2092769}) (Version: 1.0.0 - Microsoft)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)

Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{c93c1c16-fd12-4b07-8926-2a4af46b6597}) (Version: 11.0.50727.26 - Microsoft Corporation)

Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

nJoy 1.0.2.6 (HKLM-x32\...\{B57D952C-5836-43E1-944B-2A6C58F6886A}_is1) (Version: - Nemex)

Node.js (HKLM\...\{602B267C-6443-4276-ABD5-76471E89804C}) (Version: 0.10.30 - Joyent, Inc. and other Node contributors)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )

Oracle VM VirtualBox 4.3.14 (HKLM\...\{8DD94059-60C6-42E3-AB59-8F37445ACC79}) (Version: 4.3.14 - Oracle Corporation)

paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)

Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.7.8 - PowerUp Software)

Pokémon Trading Card Game Online (HKLM-x32\...\{F1F2C3CF-BE57-4C12-951E-2F0A01C173F4}) (Version: 2.23.1 - The Pokémon Company International)

Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)

Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)

Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version: - Valve)

PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden

PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

Q.U.B.E: Director's Cut (HKLM-x32\...\Steam App 239430) (Version: - Toxic Games)

Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Really Big Sky (HKLM-x32\...\Steam App 201570) (Version: - Boss Baddie)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)

Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )

Restorator 2007 Trial Update 2 (HKLM-x32\...\Restorator2007_is1) (Version: - Bome Software)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)

Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skullgirls (HKLM-x32\...\Steam App 245170) (Version: - Lab Zero Games)

Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)

Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)

Spacewar (HKLM-x32\...\Steam App 480) (Version: - Valve)

SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)

Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)

Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.6 - Splashtop Inc.)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

Steam Controller Configs (HKLM-x32\...\Steam App 241100) (Version: - )

TakeOwnershipEx (HKLM-x32\...\TakeOwnershipEx) (Version: 1.2.0.1 - http://winaero.com)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version: - Stridemann)

To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Vanguard Princess (HKLM-x32\...\Steam App 262150) (Version: - Tomoaki Sugeno)

VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden

WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

WO Mic Client (HKLM-x32\...\WOMic) (Version: - )

Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2967095572-3354365641-2800166735-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-2967095572-3354365641-2800166735-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

06-01-2015 13:19:25 Scheduled Checkpoint

09-01-2015 12:53:23 Removed System Requirements Lab CYRI

15-01-2015 13:58:37 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 16:26 - 2015-01-18 07:20 - 00000862 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 url4short.info

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07D6B3CD-2DA0-49BD-815F-5FC47C2B0555} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001UA => C:\Users\$akif X9\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-06] (Facebook Inc.)

Task: {1CC73F90-EC66-495B-BB8A-A9B739BFF821} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {2231BFDA-60F9-43D7-A357-1B6250F7D12F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-08] (Microsoft Corporation)

Task: {3C4A3BEA-3D9B-4591-B31E-6E404266B903} - System32\Tasks\AdobeAAMUpdater-1.0-SakifX9sPC-$akif X9 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)

Task: {49F546F6-F239-474F-983F-347F524E166F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001Core => C:\Users\$akif X9\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-06] (Facebook Inc.)

Task: {5FE9D6A8-33EB-499A-80E4-9FE4E84604B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-14] (ASUSTeK Computer Inc.)

Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-05] (ASUSTeK Computer Inc.)

Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-28] ()

Task: {A16DF0CE-CE06-4EFF-BEAF-622096C4C342} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05] (Google Inc.)

Task: {BC8B1543-9893-49D2-A34B-E4E38BB83B5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05] (Google Inc.)

Task: {EF2A49AF-4192-49C3-9BAC-F51315D22AF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-08] (Microsoft Corporation)

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001Core.job => C:\Users\$akif X9\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001UA.job => C:\Users\$akif X9\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-21 04:07 - 2012-06-01 20:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2012-12-19 17:10 - 2012-12-19 17:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

2014-07-06 04:46 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-11-15 14:26 - 2014-09-24 00:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-10-18 07:14 - 2014-05-10 09:10 - 01731584 _____ () D:\JoyToKey\JoyToKey.exe

2013-08-21 04:07 - 2015-01-15 14:30 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2013-08-21 04:07 - 2010-06-29 13:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2013-11-20 00:39 - 2013-03-13 08:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-10-18 07:14 - 2012-08-26 18:09 - 00068608 _____ () D:\JoyToKey\VistaAPI.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 01171456 _____ () D:\Steam\libavcodec-56.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00332800 _____ () D:\Steam\libavresample-2.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00442368 _____ () D:\Steam\libavutil-54.dll

2014-12-18 13:51 - 2014-11-12 05:47 - 00774656 _____ () D:\Steam\SDL2.dll

2014-12-18 13:51 - 2014-11-19 07:23 - 02227904 _____ () D:\Steam\video.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00403968 _____ () D:\Steam\libavformat-56.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00485888 _____ () D:\Steam\libswscale-3.dll

2014-12-18 13:51 - 2014-11-19 07:23 - 00690880 _____ () D:\Steam\bin\chromehtml.DLL

2014-12-18 13:51 - 2014-11-19 07:23 - 00138432 _____ () D:\Steam\bin\audio.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00071680 _____ () D:\Steam\bin\mssmp3.asi

2014-12-18 13:51 - 2014-11-12 05:48 - 00153088 _____ () D:\Steam\bin\mssvoice.asi

2014-12-18 13:51 - 2014-11-12 05:48 - 34589888 _____ () D:\Steam\bin\libcef.dll

2014-12-18 13:51 - 2014-11-12 05:48 - 00837824 _____ () D:\Steam\bin\ffmpegsumo.dll

2014-11-15 14:26 - 2014-09-23 22:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2015-01-15 15:07 - 2015-01-09 11:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-15 15:07 - 2015-01-09 11:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-15 15:07 - 2015-01-09 11:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-15 15:07 - 2015-01-09 11:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

2015-01-15 15:07 - 2015-01-09 11:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\$akif X9\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\.exe: => <===== ATTENTION!

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\exefile: <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\StartupApproved\Run: => "Connectify"

========================= Accounts: ==========================

$akif X9 (S-1-5-21-2967095572-3354365641-2800166735-1001 - Administrator - Enabled) => C:\Users\$akif X9

Administrator (S-1-5-21-2967095572-3354365641-2800166735-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2967095572-3354365641-2800166735-1012 - Limited - Enabled)

Guest (S-1-5-21-2967095572-3354365641-2800166735-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-2967095572-3354365641-2800166735-1011 - Limited - Enabled)

Kamrul (S-1-5-21-2967095572-3354365641-2800166735-1002 - Limited - Enabled) => C:\Users\Kamrul

==================== Faulty Device Manager Devices =============

Name: MT65xx Android Phone

Description: MT65xx Android Phone

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/18/2015 01:30:42 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/18/2015 01:30:40 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2015 01:27:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/18/2015 01:27:30 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2015 01:14:23 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2015 09:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x5462bb74

Faulting module name: tier0.dll, version: 0.0.0.0, time stamp: 0x546ef9d7

Exception code: 0xc0000409

Fault offset: 0x0002050e

Faulting process id: 0xf08

Faulting application start time: 0xcsgo.exe0

Faulting application path: csgo.exe1

Faulting module path: csgo.exe2

Report Id: csgo.exe3

Faulting package full name: csgo.exe4

Faulting package-relative application ID: csgo.exe5

Error: (01/18/2015 06:32:55 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/18/2015 06:32:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/18/2015 06:32:41 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/18/2015 06:32:41 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:

=============

Error: (01/18/2015 01:28:29 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/18/2015 01:27:59 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/18/2015 01:14:26 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/18/2015 01:13:55 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/18/2015 06:46:23 AM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/17/2015 02:02:43 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/17/2015 02:02:13 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/17/2015 11:00:32 AM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/16/2015 04:13:56 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/16/2015 01:09:49 PM) (Source: DCOM) (EventID: 10010) (User: SakifX9sPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Microsoft Office Sessions:

=========================

Error: (01/18/2015 01:30:42 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/18/2015 01:30:40 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (01/18/2015 01:27:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/18/2015 01:27:30 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (01/18/2015 01:14:23 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (01/18/2015 09:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: csgo.exe0.0.0.05462bb74tier0.dll0.0.0.0546ef9d7c00004090002050ef0801d0329e520041c0D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeD:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll0a9e26d5-9e96-11e4-bf74-d850e6c35b5f

Error: (01/18/2015 06:32:55 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\$akif X9\Downloads\esetsmartinstaller_enu.exe

Error: (01/18/2015 06:32:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\$akif X9\Downloads\esetsmartinstaller_enu.exe

Error: (01/18/2015 06:32:41 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\$akif X9\Downloads\esetsmartinstaller_enu.exe

Error: (01/18/2015 06:32:41 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\$akif X9\Downloads\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130T CPU @ 2.90GHz

Percentage of memory in use: 53%

Total physical RAM: 3777.82 MB

Available physical RAM: 1737.82 MB

Total Pagefile: 11713.82 MB

Available Pagefile: 8595.57 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:91.31 GB) NTFS

Drive d: (Steam Drive) (Fixed) (Total:759.33 GB) (Free:565.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 3496C9C5)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh FRST log files.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by $akif X9 (administrator) on SAKIFX9SPC on 19-01-2015 22:29:48

Running from C:\Users\$akif X9\Downloads

Loaded Profiles: $akif X9 (Available profiles: $akif X9 & Kamrul)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

(Valve Corporation) D:\Steam\Steam.exe

() D:\JoyToKey\JoyToKey.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Valve Corporation) D:\Steam\bin\steamwebhelper.exe

(Valve Corporation) D:\Steam\bin\steamwebhelper.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-21] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [D3DOverrider] => "D:\D3DOverrider\D3DOverriderWrapper.exe" /s

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\Run: [nJoy] => C:\Program Files (x86)\Nemex\nJoy\nJoy.exe -minimize

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\...\Winlogon: [Shell] D:\Steam\open.bat [195 2014-10-18] () <==== ATTENTION

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\$akif X9\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2967095572-3354365641-2800166735-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 10.1.1.1

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2967095572-3354365641-2800166735-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\$akif X9\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:

=======

CHR HomePage: Profile 1 ->

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.au/"

CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-15]

CHR Extension: (Angry Birds) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-15]

CHR Extension: (Google Docs) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]

CHR Extension: (Google Drive) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15]

CHR Extension: (YouTube) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]

CHR Extension: (Weebly - Website Builder) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2015-01-15]

CHR Extension: (Google Search) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]

CHR Extension: (Dota 2 Stream Viewer) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dckodhdcpcdalhfmboodbkolcanpdekc [2015-01-15]

CHR Extension: (Block site) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-01-18]

CHR Extension: (Google Sheets) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15]

CHR Extension: (Chrome Remote Desktop) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-15]

CHR Extension: (AdBlock) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-15]

CHR Extension: (Bookmark Manager) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-15]

CHR Extension: (Google Play) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-15]

CHR Extension: (Build with Chrome) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-01-15]

CHR Extension: (cookie.txt export) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lopabhfecdfhgogdbojmaicoicjekelh [2015-01-15]

CHR Extension: (Google Wallet) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]

CHR Extension: (My Chrome Theme) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-01-15]

CHR Extension: (Enhanced Steam) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-15]

CHR Extension: (Gmail) - C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-24] (ASUSTeK Computer Inc.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-19] (McAfee, Inc.)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)

S2 PinnacleUpdateSvc; D:\PinnacleGameProfiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-15] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-04] ()

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-24] (Realtek )

S3 droidmote; C:\Windows\System32\drivers\droidmote.sys [21504 2013-10-01] (Windows (R) Win 7 DDK provider) [File not signed]

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-19] (McAfee, Inc.)

R1 MpKslbb9fdac6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E93FE4D-843D-42FD-9482-BD938759707F}\MpKslbb9fdac6.sys [45352 2015-01-19] (Microsoft Corporation)

U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation )

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-07-15] (Microsoft Corporation)

S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-15] (Microsoft Corporation)

R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [59856 2014-05-06] (Windows (R) Win 7 DDK provider)

R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-15] (Microsoft Corporation)

S1 cherimoya; system32\drivers\cherimoya.sys [X]

S3 CV2K1; \SystemRoot\system32\DRIVERS\cv2k1.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 22:29 - 2015-01-19 22:29 - 00000000 ____D () C:\Users\$akif X9\Downloads\FRST-OlderVersion

2015-01-19 08:26 - 2015-01-19 08:26 - 00237380 _____ () C:\Users\$akif X9\Downloads\Super_Smash_Font_0_.zip

2015-01-19 00:26 - 2015-01-19 00:26 - 00043254 _____ () C:\Users\$akif X9\Downloads\Addition.txt

2015-01-19 00:25 - 2015-01-19 22:29 - 00024002 _____ () C:\Users\$akif X9\Downloads\FRST.txt

2015-01-19 00:25 - 2015-01-19 22:29 - 00000000 ____D () C:\FRST

2015-01-19 00:24 - 2015-01-19 22:29 - 02126848 _____ (Farbar) C:\Users\$akif X9\Downloads\FRST64.exe

2015-01-18 14:55 - 2015-01-18 14:55 - 00230150 _____ () C:\Users\$akif X9\Downloads\RTPVX_Kaduki.rar

2015-01-18 08:11 - 2015-01-18 21:19 - 00000000 ____D () C:\Users\$akif X9\Downloads\TSBS v1.4 (Open Beta!)

2015-01-18 08:10 - 2015-01-18 08:11 - 04248212 _____ () C:\Users\$akif X9\Downloads\TSBS v1.4 (Open Beta!).exe

2015-01-18 07:08 - 2015-01-18 07:08 - 00000625 _____ () C:\DelFix.txt

2015-01-18 06:32 - 2015-01-18 06:32 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-17 18:27 - 2015-01-19 20:52 - 00000000 ____D () C:\Users\$akif X9\Downloads\Battle Symphony v1.16c

2015-01-17 18:27 - 2015-01-17 18:27 - 01666896 _____ () C:\Users\$akif X9\Downloads\Battle Symphony v1.16c.exe

2015-01-17 12:46 - 2015-01-17 12:46 - 01742921 _____ () C:\Users\$akif X9\Downloads\teststuff.exe

2015-01-17 12:46 - 2015-01-17 12:46 - 00000000 ____D () C:\Users\$akif X9\Downloads\teststuff

2015-01-15 15:07 - 2015-01-15 15:07 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-15 15:07 - 2015-01-15 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-15 14:28 - 2015-01-15 14:16 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe

2015-01-15 07:48 - 2015-01-15 07:48 - 02766252 _____ () C:\Users\$akif X9\Desktop\serverfile.rar

2015-01-14 21:33 - 2015-01-14 21:33 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-01-14 21:33 - 2015-01-14 21:33 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-14 00:49 - 2015-01-14 00:50 - 00000000 ____D () C:\Users\$akif X9\Desktop\Victor Bow

2015-01-14 00:49 - 2015-01-14 00:49 - 00004368 _____ () C:\Users\$akif X9\Desktop\Bow Animation.rar

2015-01-13 05:38 - 2015-01-13 05:38 - 00000000 _____ () C:\WINDOWS\Minidump\011315-16156-01.dmp

2015-01-11 13:30 - 2015-01-11 13:30 - 01784554 _____ () C:\Users\$akif X9\Desktop\Vs Custom Title Demo.zip

2015-01-10 23:45 - 2015-01-11 01:01 - 00000000 ____D () C:\Users\$akif X9\Desktop\id

2015-01-10 08:06 - 2015-01-10 08:06 - 00025509 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Actors Battlers.txt

2015-01-10 08:05 - 2015-01-10 08:05 - 00288468 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Animated Battle.txt

2015-01-10 08:04 - 2015-01-10 08:04 - 00066746 _____ () C:\Users\$akif X9\Desktop\Victor Engine - Basic Module.txt

2015-01-09 12:44 - 2015-01-09 12:44 - 00000000 ____D () C:\Users\Administrator

2015-01-09 12:37 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis

2015-01-09 12:29 - 2015-01-09 12:29 - 00000051 _____ () C:\WINDOWS\winfix.ini

2015-01-08 00:30 - 2015-01-08 00:35 - 00000000 ____D () C:\Users\$akif X9\Desktop\ZAntiLagTest-v1.2

2015-01-07 19:11 - 2015-01-07 19:25 - 00118904 _____ () C:\Users\$akif X9\Desktop\meme run.pxd

2015-01-07 11:11 - 2015-01-07 11:11 - 00248067 _____ () C:\Users\$akif X9\Desktop\Transition Pack v1.1 Demo.zip

2015-01-05 00:13 - 2015-01-05 00:14 - 03147427 _____ () C:\Users\$akif X9\Desktop\crash_combat_karambit.7z

2015-01-04 22:39 - 2015-01-04 22:39 - 00006917 _____ () C:\Users\$akif X9\Desktop\Series-ChronoTrigger.zip

2015-01-04 19:50 - 2008-12-02 13:59 - 09681303 _____ () C:\Users\$akif X9\Desktop\rxdataed.exe

2015-01-04 19:48 - 2015-01-08 00:48 - 00000000 ____D () C:\Users\$akif X9\eee

2015-01-04 19:46 - 2015-01-04 19:47 - 09693781 _____ () C:\Users\$akif X9\Desktop\rxdated-w32.zip

2015-01-04 19:46 - 2015-01-04 19:46 - 00026138 _____ () C:\Users\$akif X9\Desktop\rxdataed.tar.gz

2014-12-21 23:42 - 2014-12-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-20 11:41 - 2012-11-01 11:30 - 00026624 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswpslwfx.sys

2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2014-12-20 11:40 - 2013-08-01 05:25 - 01975000 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTWlanU.sys

2014-12-20 11:39 - 2014-12-20 11:41 - 00000000 ____D () C:\ProgramData\TP-LINK

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 22:29 - 2014-07-06 05:24 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001UA.job

2015-01-19 22:02 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-19 21:46 - 2014-07-05 06:36 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-19 15:46 - 2014-07-05 06:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-19 14:42 - 2014-07-14 18:13 - 01975346 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-19 14:09 - 2014-12-18 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-01-19 10:29 - 2014-07-06 05:24 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2967095572-3354365641-2800166735-1001Core.job

2015-01-19 00:22 - 2014-12-18 13:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-17 14:01 - 2014-07-05 06:35 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2967095572-3354365641-2800166735-1001

2015-01-17 13:41 - 2014-08-05 20:23 - 02416128 ___SH () C:\Users\$akif X9\Desktop\Thumbs.db

2015-01-17 12:58 - 2014-08-05 22:28 - 00371712 ___SH () C:\Users\$akif X9\Downloads\Thumbs.db

2015-01-15 15:07 - 2014-07-05 06:36 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-15 14:33 - 2014-07-19 22:08 - 00000000 ____D () C:\Users\$akif X9\.VirtualBox

2015-01-15 14:31 - 2014-08-15 18:51 - 00119296 _____ () C:\WINDOWS\SysWOW64\zlib.dll

2015-01-15 14:30 - 2014-03-18 20:54 - 00038390 _____ () C:\WINDOWS\PFRO.log

2015-01-15 14:30 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-15 14:29 - 2013-08-23 00:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-15 14:26 - 2014-07-14 18:01 - 00000000 ____D () C:\Users\$akif X9

2015-01-15 14:26 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2015-01-15 14:26 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy

2015-01-13 05:38 - 2014-07-22 20:06 - 342786045 _____ () C:\WINDOWS\MEMORY.DMP

2015-01-13 05:38 - 2014-07-22 20:06 - 00000000 ____D () C:\WINDOWS\Minidump

2015-01-12 22:22 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\Camera

2015-01-11 00:23 - 2014-10-07 17:43 - 00000133 _____ () C:\Users\$akif X9\Desktop\Steam Keys.txt

2015-01-09 12:46 - 2013-08-21 04:07 - 00000000 ____D () C:\ProgramData\ASUS

2015-01-09 12:46 - 2013-08-21 04:02 - 00000000 ____D () C:\Program Files (x86)\ASUS

2015-01-09 12:45 - 2014-07-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

2015-01-07 09:55 - 2014-03-18 21:03 - 00877896 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-07 08:52 - 2013-08-23 01:46 - 00352554 _____ () C:\WINDOWS\setupact.log

2014-12-28 16:55 - 2014-09-04 20:21 - 00000000 ____D () C:\Users\$akif X9\Desktop\Youtube resources

2014-12-27 06:18 - 2013-08-23 01:44 - 01923096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-12-24 09:10 - 2014-07-05 13:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-12-22 16:28 - 2014-07-26 18:02 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories

2014-12-21 22:54 - 2013-08-21 04:20 - 00262635 _____ () C:\WINDOWS\DirectX.log

2014-12-20 11:47 - 2013-08-21 03:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-20 11:31 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-12-20 11:25 - 2014-07-27 14:51 - 00000517 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics

2014-12-20 11:22 - 2014-07-14 18:01 - 00000000 ____D () C:\Users\Kamrul

2014-12-20 11:08 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-11-01 12:32 - 2014-12-18 13:33 - 0001476 _____ () C:\Users\$akif X9\AppData\Roaming\SpeedRunnersLog.txt

2014-11-21 19:38 - 2014-11-21 19:38 - 0000096 _____ () C:\Users\$akif X9\AppData\Local\fusioncache.dat

2014-12-08 19:09 - 2014-12-08 19:09 - 0003369 _____ () C:\Users\$akif X9\AppData\Local\recently-used.xbel

2014-08-01 17:22 - 2014-08-01 17:22 - 0007601 _____ () C:\Users\$akif X9\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-13 09:47

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • fixlog log

fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 20/01/2015

Scan Time: 12:30:00 PM

Logfile:

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.01.19.16

Rootkit Database: v2015.01.14.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: $akif X9

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 432770

Time Elapsed: 19 min, 22 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [31203cbb454454e248263c3606fdfd03],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

Ran by $akif X9 at 2015-01-20 12:57:48 Run:1

Running from C:\Users\$akif X9\Desktop\frst

Loaded Profiles: $akif X9 (Available profiles: $akif X9 & Kamrul)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\.exe: => <===== ATTENTION!

HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\exefile: <===== ATTENTION!

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

*****************

"HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\.exe" => Key deleted successfully.

"HKU\S-1-5-21-2967095572-3354365641-2800166735-1001\Software\Classes\exefile" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

==== End of Fixlog 12:57:48 ====

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln\221\lsdb.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln\221\Yx.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\hGL6jixeM.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\linhecdcciafdepelobdgcbgpdbkfjbh\207\ZUr.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lnbhlidejbpjjpbfigfdlnfiajiiehch\5.1\lsdb.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lnbhlidejbpjjpbfigfdlnfiajiiehch\5.1\zEl9.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\$akif X9\Downloads\CheatEngine64.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined

C:\Users\$akif X9\Downloads\ConnectifyLite (1).exe a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined

C:\Users\$akif X9\Downloads\ConnectifyLite.exe a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined

C:\Users\$akif X9\Downloads\winzip18-dl.exe a variant of Win32/InstallCore.PP potentially unwanted application deleted - quarantined

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 8.1 x64

Ran by $akif X9 on Thu 22/01/2015 at 13:28:39.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 22/01/2015 at 13:30:25.10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v4.108 - Report created 23/01/2015 at 10:35:15

# Updated 17/01/2015 by Xplode

# Database : 2015-01-22.3 [Live]

# Operating System : Windows 8.1 (64 bits)

# Username : $akif X9 - SAKIFX9SPC

# Running from : C:\Users\$akif X9\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v39.0.2171.99

*************************

AdwCleaner[R0].txt - [729 octets] - [22/01/2015 13:32:55]

AdwCleaner[R1].txt - [788 octets] - [22/01/2015 13:37:12]

AdwCleaner[R2].txt - [847 octets] - [23/01/2015 10:33:39]

AdwCleaner[S0].txt - [769 octets] - [23/01/2015 10:35:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [828 octets] ##########

Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.