Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by 1 (administrator) on 1-PC on 26-01-2015 19:42:42

Running from C:\Users\1\Desktop\New folder

Loaded Profiles: 1 (Available profiles: 1 & polda only)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Spotflux) C:\Program Files (x86)\Spotflux\services\SpotfluxConnectionManager.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII3E.EXE

(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

() C:\Program Files (x86)\TagScanner\Tagscan.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)

HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [Razer Synapse] => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII3E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk

ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

GroupPolicyUsers\S-1-5-21-2950901286-4018632002-2551131573-1006\User: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com?fr=fp-comodo

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://id.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} ->  No File

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-17]

 

Chrome: 

=======

CHR Profile: C:\Users\1\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]

CHR Extension: (Google Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]

CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]

CHR Extension: (WOT) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-12]

CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]

CHR Extension: (Adblock Plus) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-12]

CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]

CHR Extension: (Tampermonkey) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-25]

CHR Extension: (Google Sheets) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-30]

CHR Extension: (Google Wallet) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]

CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)

S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

R2 SpotfluxConnectionManager; C:\Program Files (x86)\Spotflux\services\SpotfluxConnectionManager.exe [104960 2015-01-12] (Spotflux) [File not signed]

S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)

R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)

R0 edevmon; C:\Windows\SysWOW64\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [48896 2015-01-12] (Windows ® Win 7 DDK provider)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-01-12] (Spotflux, Inc.)

S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\Users\1\Desktop\New folder

2015-01-25 22:52 - 2015-01-25 22:52 - 00000978 _____ () C:\Users\1\Desktop\TagScanner.lnk

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\Users\1\AppData\Roaming\TagScanner

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\Program Files (x86)\TagScanner

2015-01-25 18:47 - 2015-01-26 19:41 - 00076411 _____ () C:\Windows\WindowsUpdate.log

2015-01-25 18:19 - 2015-01-25 18:19 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2015-01-25 18:19 - 2015-01-25 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-01-25 18:19 - 2015-01-25 18:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-01-25 10:43 - 2015-01-25 18:32 - 00002692 _____ () C:\Users\1\Desktop\best trance 2014 title.txt

2015-01-25 10:23 - 2015-01-25 10:23 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-25 10:02 - 2015-01-26 19:42 - 00000000 ___DC () C:\FRST

2015-01-25 09:53 - 2015-01-25 09:59 - 00000000 ___DC () C:\AdwCleaner

2015-01-25 09:50 - 2014-12-28 15:01 - 01707939 _____ (Thisisu) C:\Users\1\Desktop\JRT_NEW.exe

2015-01-24 12:55 - 2015-01-24 12:55 - 00001571 _____ () C:\Users\1\Desktop\DivX Movies.lnk

2015-01-24 12:55 - 2015-01-24 12:55 - 00001026 _____ () C:\Users\Public\Desktop\DivX Player.lnk

2015-01-24 12:55 - 2015-01-24 12:55 - 00000000 ____D () C:\Users\1\AppData\Roaming\DivX

2015-01-24 12:54 - 2015-01-24 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2015-01-24 12:54 - 2015-01-24 12:54 - 00000000 ___DC () C:\Program Files\DivX

2015-01-24 12:41 - 2015-01-24 12:55 - 00000000 ____D () C:\Program Files (x86)\DivX

2015-01-24 12:38 - 2015-01-24 12:55 - 00000000 ____D () C:\ProgramData\DivX

2015-01-24 11:00 - 2015-01-26 19:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-24 11:00 - 2015-01-24 11:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 11:00 - 2015-01-24 11:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 11:00 - 2015-01-24 11:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-24 11:00 - 2015-01-24 11:00 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-24 10:56 - 2015-01-24 10:56 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-24 10:03 - 2015-01-24 10:03 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk

2015-01-24 10:03 - 2015-01-24 10:03 - 00000000 ____D () C:\Users\1\AppData\Roaming\MusicBrainz

2015-01-24 10:03 - 2015-01-24 10:03 - 00000000 ____D () C:\Users\1\AppData\Local\MusicBrainz

2015-01-24 10:02 - 2015-01-24 10:02 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard

2015-01-24 09:35 - 2015-01-24 09:35 - 00001053 _____ () C:\Users\1\Desktop\Tag&Rename.lnk

2015-01-24 09:35 - 2015-01-24 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename

2015-01-24 09:35 - 2015-01-24 09:35 - 00000000 ____D () C:\Program Files (x86)\TagRename

2015-01-24 09:16 - 2015-01-24 09:16 - 00132277 _____ () C:\Users\1\Downloads\mp3rename.zip

2015-01-24 09:16 - 2015-01-24 09:16 - 00000000 ____D () C:\Users\1\Downloads\mp3rename

2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Users\1\AppData\Local\Macroplant_LLC

2015-01-23 10:34 - 2015-01-23 10:34 - 00000983 _____ () C:\Users\Public\Desktop\iExplorer.lnk

2015-01-23 10:34 - 2015-01-23 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2015-01-23 10:34 - 2015-01-23 10:34 - 00000000 ____D () C:\Program Files (x86)\iExplorer

2015-01-23 09:34 - 2015-01-24 13:13 - 00000000 ____D () C:\Users\1\Downloads\Naruto

2015-01-23 09:28 - 2015-01-23 09:28 - 00000000 ____D () C:\Users\1\Downloads\ww docs

2015-01-23 09:26 - 2015-01-24 12:38 - 00000000 ____D () C:\Users\1\Downloads\software

2015-01-23 09:26 - 2015-01-23 09:42 - 00000000 ____D () C:\Users\1\Downloads\Games

2015-01-23 09:24 - 2015-01-23 09:37 - 00000000 ____D () C:\Users\1\Downloads\mp4 - new

2015-01-22 18:08 - 2015-01-23 09:39 - 00000000 ____D () C:\Users\1\Downloads\22012015

2015-01-22 18:01 - 2015-01-24 09:34 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mp3tag

2015-01-22 17:33 - 2015-01-23 19:10 - 00000000 ____D () C:\Users\1\Downloads\vaping

2015-01-22 16:17 - 2015-01-22 16:17 - 00000943 _____ () C:\Users\Public\Desktop\Mp3tag.lnk

2015-01-22 16:17 - 2015-01-22 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag

2015-01-22 16:17 - 2015-01-22 16:17 - 00000000 ____D () C:\Program Files (x86)\Mp3tag

2015-01-17 16:57 - 2015-01-17 16:57 - 00000000 ____D () C:\Users\1\AppData\Local\ESET

2015-01-17 16:56 - 2015-01-23 23:38 - 00000000 ____D () C:\Users\1\AppData\Roaming\BitTorrent

2015-01-17 16:56 - 2015-01-17 16:56 - 00000829 _____ () C:\Users\1\Desktop\BitTorrent.lnk

2015-01-17 16:56 - 2015-01-17 16:56 - 00000809 _____ () C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2015-01-17 16:47 - 2015-01-17 16:47 - 00001999 _____ () C:\Users\Public\Desktop\Spotflux.lnk

2015-01-17 16:47 - 2015-01-17 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotflux

2015-01-17 16:47 - 2015-01-12 23:23 - 00048896 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\netfilter2.sys

2015-01-17 16:46 - 2015-01-17 16:47 - 00000000 ____D () C:\ProgramData\spotflux

2015-01-17 16:46 - 2015-01-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Spotflux

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ___DC () C:\Program Files\ESET

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ____D () C:\ProgramData\ESET

2015-01-17 11:30 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2015-01-17 11:29 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI3E.DLL

2015-01-16 19:34 - 2015-01-16 19:34 - 00000000 ____D () C:\Users\1\AppData\Roaming\TuneUp Software

2015-01-16 19:34 - 2015-01-16 19:34 - 00000000 ____D () C:\Users\1\AppData\Local\TuneUp Software

2015-01-16 19:33 - 2015-01-16 19:37 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-16 19:33 - 2015-01-16 19:33 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-16 19:26 - 2015-01-16 19:26 - 00000000 ____D () C:\Users\1\AppData\Roaming\Temp

2015-01-16 19:06 - 2015-01-16 19:30 - 00003362 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task for VeohWebPlayer

2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Program Files (x86)\Veoh Networks

2015-01-15 11:45 - 2015-01-15 11:45 - 00001504 _____ () C:\Users\polda only\Desktop\FlashGet downloads.lnk

2015-01-15 11:45 - 2015-01-15 11:45 - 00001494 _____ () C:\Users\1\Desktop\FlashGet downloads.lnk

2015-01-15 11:30 - 2015-01-15 11:34 - 00000000 ____D () C:\Program Files (x86)\clashofgods

2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\Users\1\G-bits

2015-01-15 10:51 - 2015-01-15 10:51 - 00001031 _____ () C:\Users\Public\Desktop\Clash of Gods.lnk

2015-01-15 10:51 - 2015-01-15 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clash of Gods

2015-01-15 10:38 - 2015-01-15 19:15 - 00000000 ____D () C:\Program Files (x86)\Clash of Gods

2015-01-15 00:19 - 2015-01-22 16:12 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-15 00:19 - 2015-01-15 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-15 00:09 - 2015-01-26 19:14 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-15 00:09 - 2015-01-26 00:14 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-15 00:09 - 2015-01-15 00:09 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-15 00:09 - 2015-01-15 00:09 - 00003632 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-14 23:05 - 2015-01-14 23:05 - 00000000 ____D () C:\Users\1\AppData\Local\Deployment

2015-01-14 23:05 - 2015-01-14 23:05 - 00000000 ____D () C:\Users\1\AppData\Local\Apps\2.0

2015-01-14 18:44 - 2014-12-19 10:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 18:44 - 2014-12-19 08:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 18:44 - 2014-12-12 12:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 18:44 - 2014-12-12 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-14 18:44 - 2014-12-12 12:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-14 18:44 - 2014-12-12 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-14 18:44 - 2014-12-12 12:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-14 18:44 - 2014-12-12 12:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-14 18:44 - 2014-12-12 12:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-14 18:44 - 2014-12-12 00:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 18:44 - 2014-12-06 11:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 18:44 - 2014-12-06 11:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\tlntsess.exe

2015-01-14 18:44 - 2014-12-06 10:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-14 18:44 - 2014-12-06 10:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-14 00:01 - 2015-01-14 00:34 - 00000000 ____D () C:\Users\1\itools

2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Users\1\Documents\iTools

2015-01-13 23:56 - 2015-01-22 00:55 - 00000000 ____D () C:\Users\1\Desktop\itools

2015-01-13 00:55 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\1\Documents\project movie keisha

2015-01-12 23:23 - 2015-01-12 23:23 - 00039104 _____ (Spotflux, Inc.) C:\Windows\system32\Drivers\tapSF0901.sys

2015-01-07 10:58 - 2015-01-17 11:26 - 00000000 ____D () C:\Users\1\Desktop\Orderan JAnuari

2015-01-06 07:42 - 2015-01-06 07:43 - 00000000 ___HD () C:\Users\1\Documents\.4sh

2015-01-05 16:14 - 2015-01-05 16:14 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia

2015-01-05 15:41 - 2015-01-19 06:32 - 00001072 _____ () C:\Users\1\Desktop\Adobe Photoshop CC 2014.lnk

2015-01-05 15:41 - 2015-01-05 15:41 - 00000000 ____D () C:\Users\1\AppData\Roaming\PDAppFlex

2014-12-30 21:03 - 2014-12-30 21:03 - 00001200 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk

2014-12-30 21:03 - 2014-12-30 21:03 - 00000000 ____D () C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass

2014-12-30 21:03 - 2014-12-30 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 18:52 - 2014-11-11 23:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-26 10:47 - 2009-07-14 12:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2015-01-25 22:14 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-25 18:52 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-25 18:52 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-25 18:46 - 2014-11-14 15:24 - 00000000 ____D () C:\Users\1\AppData\Local\Adobe

2015-01-25 18:45 - 2014-11-11 22:25 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-25 18:45 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-25 12:18 - 2009-07-14 12:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-25 10:15 - 2014-12-05 10:08 - 00000000 ____D () C:\Users\1\Desktop\psychotic

2015-01-24 14:05 - 2014-11-11 23:14 - 00000000 ____D () C:\Users\1\AppData\Local\CrashDumps

2015-01-24 10:56 - 2014-11-18 11:15 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-01-23 09:42 - 2014-11-16 22:45 - 00000000 ____D () C:\Users\1\Downloads\e1200 v2

2015-01-22 19:21 - 2014-11-11 17:23 - 00000000 ____D () C:\Users\1

2015-01-22 18:00 - 2014-11-15 08:43 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-22 18:00 - 2014-11-15 08:42 - 00000000 ___DC () C:\Program Files\Java

2015-01-22 10:58 - 2014-11-18 10:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\Apple Computer

2015-01-22 00:54 - 2014-11-20 15:34 - 00000000 ____D () C:\Users\1\AppData\Local\Apple Inc

2015-01-22 00:54 - 2014-11-18 10:42 - 00000000 ____D () C:\Users\1\AppData\Local\Apple

2015-01-19 00:38 - 2014-11-22 07:30 - 00000000 ____D () C:\ProgramData\Razer

2015-01-19 00:38 - 2014-11-22 07:30 - 00000000 ____D () C:\Program Files (x86)\Razer

2015-01-19 00:37 - 2014-11-24 17:10 - 00000000 ____D () C:\Users\1\AppData\Local\Razer

2015-01-17 23:23 - 2014-11-14 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2015-01-17 22:12 - 2014-11-20 16:28 - 00000000 ___DC () C:\FFOutput

2015-01-17 11:34 - 2014-11-14 15:41 - 00000000 ____D () C:\Program Files (x86)\Epson Software

2015-01-17 07:22 - 2014-11-14 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

2015-01-16 04:00 - 2014-11-12 00:06 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-15 23:56 - 2014-11-11 18:13 - 00000000 ____D () C:\Users\1\AppData\Local\Google

2015-01-15 23:54 - 2014-12-02 07:12 - 00000000 ____D () C:\Users\1\AppData\Roaming\FlashgetSetup

2015-01-15 23:54 - 2014-12-02 07:12 - 00000000 ____D () C:\Users\1\AppData\Roaming\FlashGetBHO

2015-01-15 23:42 - 2014-12-02 07:16 - 00009095 _____ () C:\Windows\SysWOW64\secushr.dat

2015-01-15 11:44 - 2014-12-02 07:12 - 00000000 ____D () C:\Users\1\AppData\Roaming\BITS

2015-01-15 00:19 - 2014-11-11 18:13 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-14 23:14 - 2014-11-11 18:16 - 00768152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-14 22:41 - 2014-11-12 01:39 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 22:38 - 2014-11-12 01:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-13 11:44 - 2014-11-20 10:17 - 00000385 _____ () C:\Users\1\AppData\Roaming\Rim.DesktopHelper.Exception.log

2015-01-13 11:44 - 2014-11-20 10:17 - 00000385 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.Exception.log

2015-01-13 11:28 - 2014-12-03 11:30 - 00022640 _____ () C:\Users\1\Documents\My Movie.wlmp

2015-01-12 23:50 - 2014-12-03 10:44 - 00000000 ____D () C:\Users\1\AppData\Local\Windows Live

2015-01-05 21:32 - 2014-11-14 21:06 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2015-01-05 19:24 - 2014-11-14 17:56 - 00000000 ___DC () C:\Program Files\Common Files\Adobe

2015-01-05 19:23 - 2014-11-14 15:53 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-01-05 19:22 - 2014-11-14 18:00 - 00000000 ___DC () C:\Program Files\Adobe

2014-12-31 18:14 - 2010-11-21 10:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-30 21:04 - 2014-12-13 05:16 - 00000000 ____D () C:\Program Files (x86)\LastPass

 

==================== Files in the root of some directories =======

 

2014-12-30 21:04 - 2014-12-30 21:04 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe

2014-11-20 10:17 - 2015-01-13 11:44 - 0000385 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.Exception.log

2014-11-20 10:02 - 2014-11-20 10:02 - 0001153 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2014-11-20 10:17 - 2015-01-13 11:44 - 0000385 _____ () C:\Users\1\AppData\Roaming\Rim.DesktopHelper.Exception.log

2015-01-22 01:01 - 2015-01-22 01:01 - 0040115 _____ () C:\Users\1\AppData\Roaming\UserTile.png

2014-11-16 00:50 - 2014-11-30 23:25 - 0036352 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-12 19:25 - 2014-12-12 19:25 - 0266397 _____ () C:\ProgramData\1418386789.bdinstall.bin

 

Some content of TEMP:

====================

C:\Users\1\AppData\Local\Temp\Quarantine.exe

C:\Users\1\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-24 00:40

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by 1 at 2015-01-26 19:43:30

Running from C:\Users\1\Desktop\New folder

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\{D901557E-8AF2-4F66-BE3C-B8C816397BD5}) (Version: 16.0.0.287 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

BitTorrent (HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\BitTorrent) (Version: 7.9.2.37954 - BitTorrent Inc.)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)

Clash of Gods version 1.01 (HKLM-x32\...\{482B45E0-95CA-48BB-B095-E1D5C22BAB77}_is1) (Version: 1.01 - Qeon Interactive)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)

Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)

EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version:  - SEIKO EPSON Corporation)

EPSON L300 Series Printer Uninstall (HKLM\...\EPSON L300 Series) (Version:  - SEIKO EPSON Corporation)

ESET NOD32 Antivirus (HKLM\...\{7F39EB28-B9B7-41B8-8564-DB33284A010D}) (Version: 8.0.304.0 - ESET, spol s r. o.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)

FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iExplorer 3.6.5.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

LastPass (Hapus saja) (HKLM-x32\...\LastPass) (Version:  - LastPass)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)

MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)

NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)

ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)

ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)

Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)

Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)

Spotflux (HKLM-x32\...\Spotflux) (Version: 3.1.2 - Spotflux) <==== ATTENTION!

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Swordsman Online (HKLM-x32\...\Swordsman Online 1.0.0) (Version: 1.0.0 - Perfect Game)

Tag&Rename 3.8.5 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.5 - Softpointer Inc)

TagScanner 5.1.661 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

 

==================== Restore Points  =========================

 

24-01-2015 09:11:34 Windows Update

25-01-2015 19:00:13 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 09:34 - 2014-11-26 10:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0EBA6E18-CCCA-43B1-9162-8CC8743D4E8E} - System32\Tasks\{C2CCDABC-907F-40BE-A622-8E7F7712258D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe" -d "C:\Program Files (x86)\Common Files\Bitdefender\setupinformation"

Task: {445E0D0D-7324-41B5-9E4C-C5055AE8158F} - System32\Tasks\{BC88C845-F8C2-4403-9EFA-80998AF77332} => pcalua.exe -a C:\Users\1\Downloads\Install_CopyTransControlCenter.exe -d C:\Users\1\Downloads

Task: {5BCD8E1F-77AE-41FA-9529-AB96ABC73C7A} - System32\Tasks\AdobeAAMUpdater-1.0-1-PC-1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)

Task: {60FD4C92-2073-4E71-878C-448A850295B9} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

Task: {66E80760-1CF2-440F-B667-FE64AB49FC26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {713FE722-8A68-4255-BCFB-F0FC0122021B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {7D1C11A3-FF17-488B-8BAF-07ECF78D8B29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)

Task: {B48B903E-F060-4F40-9332-F6C54C04B33E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {CF0C3220-AD3A-489C-BF20-AA4ABDCAA08A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)

Task: {F463718A-328C-4B06-80AF-65F45AFC8BC7} - System32\Tasks\{ECD50EF7-7F56-4682-827F-0C7763B2340D} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\iPhone Contacts Backup\Uninstall.exe"

Task: {F950A615-B8A1-4BE8-9594-84E3F5697AAD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-11-11 22:24 - 2014-07-03 01:55 - 00116568 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2014-01-10 12:26 - 2014-01-10 12:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2015-01-22 16:12 - 2015-01-21 10:41 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

2015-01-25 22:52 - 2015-01-19 14:02 - 03478016 _____ () C:\Program Files (x86)\TagScanner\Tagscan.exe

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-01-12 23:23 - 2015-01-12 23:23 - 00032256 _____ () C:\Program Files (x86)\Spotflux\services\SpotfluxFilterLib.dll

2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

2014-01-10 12:28 - 2014-01-10 12:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16798034.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33000422.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16798034.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33000422.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

1 (S-1-5-21-2950901286-4018632002-2551131573-1000 - Administrator - Enabled) => C:\Users\1

Administrator (S-1-5-21-2950901286-4018632002-2551131573-500 - Administrator - Disabled)

Guest (S-1-5-21-2950901286-4018632002-2551131573-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2950901286-4018632002-2551131573-1004 - Limited - Enabled)

polda only (S-1-5-21-2950901286-4018632002-2551131573-1006 - Limited - Enabled) => C:\Users\polda only

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft ISATAP Adapter

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft ISATAP Adapter #2

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Spotflux Virtual Network Device Driver

Description: Spotflux Virtual Network Device Driver

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Spotflux, Inc.

Service: tapSF0901

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/26/2015 00:43:52 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (01/26/2015 00:43:07 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/26/2015 00:42:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (01/25/2015 06:45:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 06:34:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 10:23:40 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/25/2015 10:23:38 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/25/2015 10:23:38 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/25/2015 10:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 09:47:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/25/2015 06:45:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/25/2015 06:34:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/25/2015 10:00:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/25/2015 09:47:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/25/2015 09:37:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/24/2015 02:14:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

UsbCharger

 

Error: (01/24/2015 10:05:06 AM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (01/24/2015 10:04:59 AM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (01/24/2015 10:04:56 AM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (01/24/2015 10:03:49 AM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (01/26/2015 00:43:52 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

 

Error: (01/26/2015 00:43:07 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (01/26/2015 00:42:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

 

Error: (01/25/2015 06:45:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 06:34:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 10:23:40 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Desktop\psychotic\esetsmartinstaller_enu.exe

 

Error: (01/25/2015 10:23:38 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Desktop\psychotic\esetsmartinstaller_enu.exe

 

Error: (01/25/2015 10:23:38 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Desktop\psychotic\esetsmartinstaller_enu.exe

 

Error: (01/25/2015 10:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 09:47:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-26 10:09:22.884

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-11-26 10:09:22.869

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4570 CPU @ 3.20GHz

Percentage of memory in use: 71%

Total physical RAM: 3974.67 MB

Available physical RAM: 1116.79 MB

Total Pagefile: 7947.53 MB

Available Pagefile: 3229.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.29 GB) (Free:788.7 GB) NTFS

Drive d: (MP3 - 7730) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:226.76 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 10EEAEEB)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi :)

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Home Premium x64

Ran by 1 on 27/01/2015 at  9:35:27,05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 27/01/2015 at  9:40:15,92

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 


# AdwCleaner v4.109 - Report created 27/01/2015 at 09:48:10

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : 1 - 1-PC

# Running from : C:\Users\1\Desktop\mallwarebytes\Naathim\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v40.0.2214.93

 

 

*************************

 

AdwCleaner[R0].txt - [1047 octets] - [25/01/2015 09:55:27]

AdwCleaner[R1].txt - [874 octets] - [27/01/2015 09:41:57]

AdwCleaner[s0].txt - [1115 octets] - [25/01/2015 09:59:11]

AdwCleaner[s1].txt - [796 octets] - [27/01/2015 09:48:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [855 octets] ##########

 

Link to post
Share on other sites


# AdwCleaner v4.109 - Report created 25/01/2015 at 09:59:11

# Updated 24/01/2015 by Xplode

# Database : 2015-01-24.4 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : 1 - 1-PC

# Running from : C:\Users\1\Desktop\psychotic\adwcleaner_4.109.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v40.0.2214.91

 

 

*************************

 

AdwCleaner[R0].txt - [1047 octets] - [25/01/2015 09:55:27]

AdwCleaner[s0].txt - [976 octets] - [25/01/2015 09:59:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1035 octets] ##########

 

Link to post
Share on other sites

Hello :)

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyclsid;process;drivers-services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 27-01-2015

Tool run by 1 on 31/01/2015 at 16:20:54,92.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\1\Desktop\mallwarebytes\Naathim\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

31/01/2015 16:22:29 Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\Bitdefender deleted successfully

C:\Program Files\ReviverSoft deleted successfully

C:\Users\1\AppData\Roaming\FlashgetSetup deleted successfully

C:\Users\1\AppData\Roaming\QuickScan deleted successfully

C:\Users\polda only\AppData\Roaming\Apple Computer deleted successfully

C:\Users\1\AppData\Local\CrashDumps deleted successfully

C:\Users\1\AppData\Local\Secunia PSI deleted successfully

C:\Users\polda only\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully

HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} deleted successfully

HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\bdwteff@bitdefender.com deleted successfully

 

==== Installed Programs ======================

 

Adobe Creative Cloud  

Adobe Flash Player 16 NPAPI  

Apple Application Support  

Apple Mobile Device Support  

Apple Software Update  

BitTorrent  

BlackBerry Desktop Software 7.1  

Bonjour  

CCleaner  

Cisco Connect  

Clash of Gods version 1.01  

D3DX10  

Dell Display Manager  

DivX Setup  

Dota 2  

Epson E-Web Print  

Epson Easy Photo Print 2  

EPSON L110 Series Printer Uninstall  

EPSON L300 Series Printer Uninstall  

Epson User's Guide L300 Series  

ESET NOD32 Antivirus  

FileASSASSIN  

FormatFactory 3.3.5.0  

Google Chrome  

Google Update Helper  

iCloud  

iExplorer 3.6.5.0  

Intel® Processor Graphics  

Intel® Rapid Storage Technology  

iTunes  

Java 8 Update 31 (64-bit)  

Java Auto Updater  

LastPass (Hapus saja)  

Malwarebytes Anti-Malware version 2.0.4.1028  

Microsoft .NET Framework 4.5.2  

Microsoft Application Error Reporting  

Microsoft Security Client  

Microsoft Security Essentials  

Microsoft Silverlight  

Microsoft Visual C++ 2005 Redistributable  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  

Movie Maker  

Mp3tag v2.66  

MSVCRT  

MSVCRT110  

MSVCRT110_amd64  

MusicBrainz Picard  

NVIDIA 3D Vision Controller Driver 326.01  

NVIDIA 3D Vision Driver 340.52  

NVIDIA Control Panel 340.52  

NVIDIA Graphics Driver 340.52  

NVIDIA HD Audio Driver 1.3.30.1  

NVIDIA Install Application  

NVIDIA Stereoscopic 3D Driver  

NVIDIA Update 10.4.0  

NVIDIA Update Core  

NVIDIA Virtual Audio 1.2.5  

ON_OFF Charge 2 B13.1028.1  

Photo Common  

Photo Gallery  

QuickTime 7  

Razer Synapse 2.0  

Realtek Ethernet Controller Driver  

Realtek High Definition Audio Driver  

Secunia PSI (3.0.0.10004)  

Software Updater  

Spotflux  

Spybot - Search & Destroy  

Swordsman Online  

Tag&Rename 3.8.5  

TagScanner 5.1.661  

VC80CRTRedist - 8.0.50727.6195  

Windows Live Communications Platform  

Windows Live Essentials  

Windows Live ID Sign-in Assistant  

Windows Live Installer  

Windows Live Photo Common  

Windows Live PIMT Platform  

Windows Live SOXE  

Windows Live SOXE Definitions  

Windows Live UX Platform  

Windows Live UX Platform Language Pack  

WinRAR 5.11 (64-bit)  

 

==== Running Processes ======================

 

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files (x86)\Spotflux\services\SpotfluxConnectionManager.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Users\1\Desktop\mallwarebytes\Naathim\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Services(whitelist) ======================

Powered by E Dev

 

R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe

R2 - [bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe

R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe

R2 - [igfxCUIService1.0.0.0] - Intel® HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe

R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe

R2 - [sBSDWSCService] - SBSD Security Center Service - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe

R2 - [spotfluxConnectionManager] - Spotflux Connection Manager - c:\program files (x86)\spotflux\services\spotfluxconnectionmanager.exe

R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R3 - [blackberry Device Manager] - Blackberry Device Manager - c:\program files (x86)\common files\research in motion\usb drivers\bbdevmgr.exe

R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

R3 - [iPod Service] - Layanan iPod - c:\program files\ipod\bin\ipodservice.exe

R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe

S2 - [gupdate] - Layanan Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe

S2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe

S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe

S2 - [secunia PSI Agent] - Secunia PSI Agent - c:\program files (x86)\secunia\psi\psia.exe

S2 - [secunia Update Agent] - Secunia Update Agent - c:\program files (x86)\secunia\psi\sua.exe

S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

S3 - [gupdatem] - Layanan Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe

S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe

S4 - [TlntSvr] - Telnet - c:\windows\system32\tlntsvr.exe

S4 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

 

==== Drivers(whitelist) ======================

Powered by E Dev

 

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys

R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys

R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys

R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys

R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys

S3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys

S3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys

R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys

R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys

R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]

R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys

R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys

R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys

R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys

R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys

R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys

R0 - [iaStorF] - iaStorF - C:\Windows\system32\Drivers\iaStorF.sys

R0 - [iusb3hcs] - Intel® USB 3.0 Host Controller Switch Driver - C:\Windows\system32\Drivers\iusb3hcs.sys

R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys

R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys

R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys

R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys

R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys

R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys

R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys

R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys

R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys

R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys

R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys

R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys

R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys

R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys

R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys

R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys

R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys

R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys

R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys

R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys

R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\1\AppData\Roaming\FlashGetBHO deleted

C:\PROGRA~3\Package Cache deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

"C:\Windows\Installer\5e05b8a.msi" deleted

 

==== System Specs ======================

 

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3975 MB

CPU Info: Intel® Core i5-4570 CPU @ 3.20GHz

CPU Speed: 3229,0 MHz

Sound Card: Speakers (Realtek High Definiti | 

Realtek Digital Output (Realtek | 

DELL S2340L-4 (NVIDIA High Defi | 

Display Adapters: NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | 

 

Intel® HD Graphics 4600 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; DELL S2340L(HDMI) | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (D: | ) D: ATAPI   iHAS124   W

Ports: COM4 | COM5 | COM1 | COM2 | COM3 LPT1

Mouse: 7 Button Wheel Mouse Present

Hard Disks: C:  931,3GB

Hard Disks - Free: C:  786,4GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 08/03/13 | ALASKA - 1072009

Time Zone: SE Asia Standard Time

Motherboard *: Gigabyte Technology Co., Ltd. P85-D3

Country: Indonesia 

Language: IND 

 

==== System Specs (Software) ======================

 

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Virus: ESET NOD32 Antivirus 8.0 On-access scanning disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: ESET NOD32 Antivirus 8.0 disabled (Outdated)

Default Browser: Google Chrome 40.0.2214.94

Internet Explorer Version: 11.0.9600.17501 

Google Chrome version: 40.0.2214.94

Sun Java version: 1.8.0_31 (32-bit) 

Sun Java version: 1.8.0_31 (64-bit) 

Flash Player version: 16.0.0.287

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

2015-01-29 01:48:52 22C419ED589FAF800C34527DA09E2FD5 36 ----a-w- C:\Windows\system##%%

====== C:\Users\1\AppData\Local\Temp ====

====== Java Cache =====

2015-01-14 17:34:50 B305F3EA216138114F8A6878BEFACACF 9207692 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\26f38d4b-493c3a42

2015-01-25 03:59:49 68A1066E340ABF34992AF2BE7EB41BC0 13538319 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\37cf27d1-69c5a826

2015-01-10 06:40:23 6B01BA7F2BDE9AA7F7458DB97695E111 211301 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\90ce81c-32bbca66

2015-01-03 23:25:28 BECAA634638635F8CF9F5536A39695C4 28888 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7adb3a25-5641631f

2015-01-03 23:25:31 9A90F04015AD1EFBC3506F9F965C1103 429 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\610ce9f5-24d3d971

2015-01-12 17:25:03 B1CF74329FED38AE6D3A066034804A7E 3366639 ----a-w- C:\Users\1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\33ab88ff-211bfa89

====== C:\Windows\SysWOW64 =====

2015-01-24 04:00:31 E1A13A0F5CFAAAF964C5D08D1FD37DA5 71344 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 04:00:31 0EE42A693F0AAABFFBD31678FF4CC426 701616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2015-01-17 09:47:10 1ECCB46440A5BBC41B0FA82620A32C6A 48896 ----a-w- C:\Windows\Sysnative\drivers\netfilter2.sys

2015-01-14 11:44:26 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys

2015-01-12 16:23:18 185C2170CFD84F9D708276FBB5ABD77D 39104 ----a-w- C:\Windows\Sysnative\drivers\tapSF0901.sys

====== C:\Windows\Tasks ======

2015-01-24 04:00:32 D4822E9C93CB2E782FB1C58A40D740A4 3768 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater

2015-01-24 04:00:32 640D61DA00BBE97B0B581165C8BBD70F 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-16 12:06:31 6CC78191FD3D771B1EF7C43AABF09BDE 3362 ----a-w- C:\Windows\Sysnative\Tasks\RunAsStdUser Task for VeohWebPlayer

2015-01-14 17:09:44 2061B8E439F04C92363ADCDB86C9277E 3884 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA

2015-01-14 17:09:43 410394973E49730994A1433AF524AD62 888 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-14 17:09:40 50E87760875164825FF40B1933C462DF 884 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-14 17:09:40 46A32171B7A5EBF70ACA31D2B9A5FCA8 3632 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-01-24 05:54:56 -------- dc----w- C:\Program Files\DivX

2015-01-17 05:08:40 -------- dc----w- C:\Program Files\ESET

======= C:\PROGRA~2 =====

2015-01-25 15:52:26 -------- d-----w- C:\PROGRA~2\TagScanner

2015-01-25 11:19:44 -------- d-----w- C:\PROGRA~2\QuickTime

2015-01-25 03:23:42 -------- d-----w- C:\PROGRA~2\ESET

2015-01-24 05:54:35 -------- d-----w- C:\PROGRA~2\COMMON~1\DivX Shared

2015-01-24 05:41:32 -------- d-----w- C:\PROGRA~2\DivX

2015-01-24 03:02:57 -------- d-----w- C:\PROGRA~2\MusicBrainz Picard

2015-01-24 02:35:49 -------- d-----w- C:\PROGRA~2\TagRename

2015-01-23 03:34:01 -------- d-----w- C:\PROGRA~2\iExplorer

2015-01-22 11:02:27 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2015-01-22 09:17:27 -------- d-----w- C:\PROGRA~2\Mp3tag

2015-01-17 09:46:33 -------- d-----w- C:\PROGRA~2\Spotflux

2015-01-16 12:06:22 -------- d-----w- C:\PROGRA~2\Veoh Networks

2015-01-15 04:30:36 -------- d-----w- C:\PROGRA~2\clashofgods

2015-01-15 03:38:07 -------- d-----w- C:\PROGRA~2\Clash of Gods

======= C: =====

====== C:\Users\1\AppData\Roaming ======

2015-01-27 14:33:31 42F34ABDA13E4D8A7195BB6F0094A2E0 3817 ----a-w- C:\Users\1\AppData\Locallow\lpm.dat

2015-01-25 15:52:32 -------- d-----w- C:\Users\1\AppData\Roaming\TagScanner

2015-01-24 05:55:05 -------- d-----w- C:\Users\1\AppData\Roaming\DivX

2015-01-24 03:57:13 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\ESET

2015-01-24 03:03:34 -------- d-----w- C:\Users\1\AppData\Roaming\MusicBrainz

2015-01-24 03:03:34 -------- d-----w- C:\Users\1\AppData\Local\MusicBrainz

2015-01-23 03:47:49 -------- d-----w- C:\Users\1\AppData\Local\Macroplant_LLC

2015-01-23 03:43:09 -------- d-----w- C:\Users\1\AppData\Locallow\Apple Computer

2015-01-22 11:01:55 -------- d-----w- C:\Users\1\AppData\Roaming\Mp3tag

2015-01-21 18:01:26 B5150D5ED195AB61C205ABDC19EB4C74 40115 ----a-w- C:\Users\1\AppData\Roaming\UserTile.png

2015-01-17 09:57:24 -------- d-----w- C:\Users\1\AppData\Local\ESET

2015-01-17 09:56:10 -------- d-----w- C:\Users\1\AppData\Roaming\BitTorrent

2015-01-16 12:34:40 -------- d-----w- C:\Users\1\AppData\Roaming\TuneUp Software

2015-01-16 12:34:40 -------- d-----w- C:\Users\1\AppData\Local\TuneUp Software

2015-01-16 12:26:26 -------- d-----w- C:\Users\1\AppData\Roaming\Temp

2015-01-14 16:05:47 -------- d-----w- C:\Users\1\AppData\Local\Deployment

2015-01-14 16:05:47 -------- d-----w- C:\Users\1\AppData\Local\Apps

2015-01-14 02:59:31 6FFDFC511A9634A9584ED563A2908C37 145248 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat

2015-01-05 08:41:43 -------- d-----w- C:\Users\1\AppData\Roaming\PDAppFlex

====== C:\Users\1 ======

2015-01-30 12:13:41 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\1\Downloads\esetsmartinstaller_enu.exe

2015-01-29 06:19:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2015-01-25 15:52:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner

2015-01-25 11:19:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-01-25 02:50:05 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\1\Desktop\JRT_NEW.exe

2015-01-24 05:54:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2015-01-24 05:38:58 -------- d-----w- C:\ProgramData\DivX

2015-01-24 02:35:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename

2015-01-23 03:34:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2015-01-22 09:17:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag

2015-01-17 09:47:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotflux

2015-01-17 09:46:33 -------- d-----w- C:\ProgramData\spotflux

2015-01-17 05:08:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2015-01-17 05:08:40 -------- d-----w- C:\ProgramData\ESET

2015-01-16 12:33:32 -------- d-----w- C:\ProgramData\TuneUp Software

2015-01-16 12:33:28 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-16 12:33:28 -------- d--h--w- C:\ProgramData\Common Files

2015-01-15 03:54:10 -------- d-----w- C:\Users\1\G-bits

2015-01-15 03:51:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clash of Gods

2015-01-14 17:19:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-13 17:01:25 -------- d-----w- C:\Users\1\itools

 

====== C: exe-files ==

2015-01-30 22:22:13 74AF9DC43C91C6E69C9DE98D52F5F001 46908496 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-

 

D3C12E15B62D}\40.0.2214.94\40.0.2214.94_chrome64_installer.exe

2015-01-30 12:13:41 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\1\Downloads\esetsmartinstaller_enu.exe

2015-01-30 12:13:09 AC8B882D658AF3070167F59AE92E5CA3 834752 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe

2015-01-29 06:19:05 407DCF2E09CC7BFC772FDD4C3510A7B5 1408152 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YINSI1E.EXE

2015-01-29 06:19:04 B1BB3D1F876D10C15A852D3246DA5052 609376 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_TINVI1E.EXE

2015-01-29 06:19:03 25FF18FD9FC61B4EFB43B96DCC04F644 258656 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YBCSI1E.EXE

2015-01-29 06:19:02 8862A971F1F569DB55681DDDAADB0EC8 157792 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YHUTI1E.EXE

2015-01-29 06:19:00 6BBBF90149C46DAE4B6E02806BE98676 298592 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YARNI1E.EXE

2015-01-29 06:18:59 DDAB16D069DC113789FBB5080D7EC999 802912 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YUBI1E.EXE

2015-01-29 06:18:57 6ECE746BB283927604DA192CA0D1403D 283232 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YATII1E.EXE

2015-01-29 06:18:57 5EF26FCEEFE5C3FBE66AC1D5836FDB9A 291936 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YPREI1E.EXE

2015-01-29 06:18:57 275BE0147D5E8949750A706F58D81695 338016 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YACHI1E.EXE

2015-01-29 06:18:51 F09FB6387FCC0FBD5F99BC388C97F2CE 1599072 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_YJACI1E.EXE

2015-01-27 17:31:29 7B87B47DCD463800765D48456381D1C1 1057072 ----a-w- C:\Program Files (x86)\Clash of Gods\Clash Of Gods.exe

2015-01-27 02:41:22 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\1\Desktop\mallwarebytes\Naathim\AdwCleaner.exe

2015-01-27 02:34:46 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\1\Desktop\mallwarebytes\Naathim\JRT.exe

2015-01-26 12:42:13 0A5A11928325940A75A7CE46D5B460BD 2129920 ----a-w- C:\Users\1\Desktop\mallwarebytes\Naathim\FRST64.exe

2015-01-25 15:52:26 CD2FD7705E113EF775F67895274AC79E 3478016 ----a-w- C:\Program Files (x86)\TagScanner\Tagscan.exe

2015-01-25 15:52:26 1326D3E934D498FA73E4EB9BE7238465 719521 ----a-w- C:\Program Files (x86)\TagScanner\unins000.exe

2015-01-25 03:24:15 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

2015-01-25 03:24:15 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

2015-01-25 03:24:15 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

2015-01-25 03:24:15 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

2015-01-25 03:24:14 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

2015-01-25 03:15:03 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\1\Desktop\mallwarebytes\psychotic\esetsmartinstaller_enu.exe

2015-01-25 03:10:31 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\1\Desktop\mallwarebytes\psychotic\hx4l6cgp.exe

2015-01-25 02:52:24 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\1\Desktop\mallwarebytes\psychotic\adwcleaner_4.109.exe

2015-01-25 02:50:05 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\1\Desktop\JRT_NEW.exe

2015-01-25 02:44:53 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\1\Desktop\mallwarebytes\psychotic\tdsskiller\TDSSKiller.exe

=== C: other files ==

2015-01-25 02:44:02 E05770D0C2CD3B7A15FE0CA5EA5094C0 4176437 ----a-w- C:\Users\1\Desktop\mallwarebytes\psychotic\tdsskiller.zip

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII1E.EXE /EPT EPLTarget\P0000000000000000 /M L300 Series"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"

"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII1E.EXE /EPT EPLTarget\P0000000000000000 /M L300 Series"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"InstallerLauncher"="C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files

 

\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"

 

==== Startup Folders ======================

 

2014-11-11 16:24:58 1181 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk

2014-12-30 14:04:14 2074 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

2014-12-12 10:38:53 1070 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/01/2015 11:00]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/01/2015 00:09]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/01/2015 00:09]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-1-PC-1" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\RunAsStdUser Task for VeohWebPlayer" [C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [17/01/2015 11:34]

 

==== Chromium Look ======================

 

Google Chrome Version: 40.0.2214.94 (Possible outdated, latest Stable version: 40.0.2214.93)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

hdokiejnpimakedhajhdlcegeplioahd - No path found[]

 

Google Slides - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

WOT - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp

YouTube - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

selector is not a valid CSS selector - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Tampermonkey - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo

Google Sheets - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

LastPass - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

Google Wallet - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

YouTube - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Bitdefender Wallet - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih

Google Sheets - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Google Wallet - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\polda only\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=18 folders=18 22148268 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\1\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\polda only\AppData\Local\temp emptied successfully

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on 31/01/2015 at 16:37:45,16 ======================
Link to post
Share on other sites

Hi :)

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;hdokiejnpimakedhajhdlcegeplioahd;chrC:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C};fsC:\Windows\system##%%;virustotal
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 27-01-2015

Tool run by 1 on 01/02/2015 at  8:29:36,68.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\1\Desktop\mallwarebytes\Naathim\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2015-01-31-093745.log 42141 bytes

 

==== System Restore Info ======================

 

01/02/2015 8:31:47 Zoek.exe System Restore Point Created Succesfully.

 

==== VirusTotal Scan ======================

 


 

==== Chromium Look ======================

 

Google Chrome Version: 40.0.2214.94 (Possible outdated, latest Stable version: 40.0.2214.93)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

hdokiejnpimakedhajhdlcegeplioahd - No path found[]

 

Google Slides - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

WOT - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp

YouTube - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

selector is not a valid CSS selector - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Tampermonkey - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo

Google Sheets - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

LastPass - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

Google Wallet - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

YouTube - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Bitdefender Wallet - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih

Google Sheets - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Google Wallet - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - polda only\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Chromium Fix ======================

 

C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd deleted successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd deleted successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=615 folders=74 32602405 bytes)

 

==== After Reboot ======================

 

==== Deleting Files / Folders ======================

 

"C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage" not deleted

"C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage-journal" not deleted

"C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0" deleted

 

==== EOF on 01/02/2015 at  8:34:31,14 ======================
Link to post
Share on other sites

Hi and sorry for the delay. I blame it on the jetlag.

gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.

It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.

Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.

icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

oo .  hi there.. welcome home .. 

 

i got warning .. cant run system32.. but i keep running the scan as instructed

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-05 08:16:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a WDC_____ rev.80.0 931,51GB
Running: ils36j2j.exe; Driver: C:\Users\1\AppData\Local\Temp\pxldqpog.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1968] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                        0000000075948791 4 bytes [C2, 04, 00, 00]
.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                             0000000077611465 2 bytes [61, 77]
.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                            00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                       0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                      00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
?       C:\Windows\system32\mssprxy.dll [1780] entry point in ".rdata" section                                                                            0000000073ea71e6
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                       0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                      00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077611465 2 bytes [61, 77]
.text   C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077611465 2 bytes [61, 77]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000776114bb 2 bytes [61, 77]
.text   ...                                                                                                                                               * 2
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\system32\svchost.exe [1232:1468]                                                                                                       000007fefadb8274
Thread  C:\Windows\system32\svchost.exe [1232:3028]                                                                                                       000007fefadb8274
Thread  C:\Windows\system32\svchost.exe [1404:5044]                                                                                                       000007fef5e05170
Thread  C:\Windows\System32\spoolsv.exe [1632:1320]                                                                                                       000007fefb9f10c8
Thread  C:\Windows\System32\spoolsv.exe [1632:3728]                                                                                                       000007fef3b86144
Thread  C:\Windows\System32\spoolsv.exe [1632:3960]                                                                                                       000007fef3b35fd0
Thread  C:\Windows\System32\spoolsv.exe [1632:3148]                                                                                                       000007fef6283438
Thread  C:\Windows\System32\spoolsv.exe [1632:3164]                                                                                                       000007fef3b363ec
Thread  C:\Windows\System32\spoolsv.exe [1632:3756]                                                                                                       000007fefb965e5c
Thread  C:\Windows\System32\spoolsv.exe [1632:3908]                                                                                                       000007fef3a25074
Thread  C:\Windows\System32\spoolsv.exe [1632:3648]                                                                                                       000007fefb78e088
Thread  C:\Windows\System32\spoolsv.exe [1632:3684]                                                                                                       000007fefb7be088
Thread  C:\Windows\System32\spoolsv.exe [1632:3592]                                                                                                       000007fefb788230
Thread  C:\Windows\system32\Dwm.exe [1644:1516]                                                                                                           000007fef5cbabf0
Thread  C:\Windows\SysWOW64\ntdll.dll [6128:5400]                                                                                                         0000000000bf34c9
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015

Ran by 1 at 2015-02-06 21:38:20

Running from C:\Users\1\Desktop\mallwarebytes\Naathim

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\{A37E9FA0-00FE-479D-9F62-E6E3DBA51D29}) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)

Clash of Gods version 1.01 (HKLM-x32\...\{482B45E0-95CA-48BB-B095-E1D5C22BAB77}_is1) (Version: 1.01 - Qeon Interactive)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dukungan Aplikasi Apple (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)

Dukungan Aplikasi Apple (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)

Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)

Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)

EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version:  - SEIKO EPSON Corporation)

EPSON L300 Series Printer Uninstall (HKLM\...\EPSON L300 Series) (Version:  - SEIKO EPSON Corporation)

ESET NOD32 Antivirus (HKLM\...\{7F39EB28-B9B7-41B8-8564-DB33284A010D}) (Version: 8.0.304.0 - ESET, spol s r. o.)

FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)

FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iExplorer 3.6.5.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)

ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)

ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)

Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Swordsman Online (HKLM-x32\...\Swordsman Online 1.0.0) (Version: 1.0.0 - Perfect Game)

TagScanner 5.1.661 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VideoDownloaderUltimate (HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.34 - Link64)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

 

==================== Restore Points  =========================

 

29-01-2015 13:13:40 Windows Update

31-01-2015 16:22:08 zoek.exe restore point

01-02-2015 08:31:30 zoek.exe restore point

01-02-2015 18:40:27 Windows Update

05-02-2015 08:47:09 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 09:34 - 2014-11-26 10:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0EBA6E18-CCCA-43B1-9162-8CC8743D4E8E} - System32\Tasks\{C2CCDABC-907F-40BE-A622-8E7F7712258D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe" -d "C:\Program Files (x86)\Common Files\Bitdefender\setupinformation"

Task: {273117DA-B328-49BB-AA84-811E2AF93661} - System32\Tasks\GoogleUpdateTaskMachineCore1d0413d75382c45 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {445E0D0D-7324-41B5-9E4C-C5055AE8158F} - System32\Tasks\{BC88C845-F8C2-4403-9EFA-80998AF77332} => pcalua.exe -a C:\Users\1\Downloads\Install_CopyTransControlCenter.exe -d C:\Users\1\Downloads

Task: {53800AE2-34B1-4112-B3F7-E9A4001FE5E9} - System32\Tasks\GoogleUpdateTaskMachineUA1d0413d75d863f3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {5BCD8E1F-77AE-41FA-9529-AB96ABC73C7A} - System32\Tasks\AdobeAAMUpdater-1.0-1-PC-1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)

Task: {60FD4C92-2073-4E71-878C-448A850295B9} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

Task: {66E80760-1CF2-440F-B667-FE64AB49FC26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {713FE722-8A68-4255-BCFB-F0FC0122021B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {A8E5453D-1520-4FBB-93FE-73101D3ABADA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)

Task: {B48B903E-F060-4F40-9332-F6C54C04B33E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)

Task: {CF0C3220-AD3A-489C-BF20-AA4ABDCAA08A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)

Task: {F463718A-328C-4B06-80AF-65F45AFC8BC7} - System32\Tasks\{ECD50EF7-7F56-4682-827F-0C7763B2340D} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\iPhone Contacts Backup\Uninstall.exe"

Task: {F950A615-B8A1-4BE8-9594-84E3F5697AAD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0413d75382c45.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0413d75d863f3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-11-11 22:24 - 2014-07-03 01:55 - 00116568 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2015-02-06 09:22 - 2015-02-04 15:53 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-06 09:22 - 2015-02-04 15:53 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-06 09:22 - 2015-02-04 15:53 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16798034.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33000422.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16798034.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33000422.sys => ""="Driver"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Accounts: =============================

 

1 (S-1-5-21-2950901286-4018632002-2551131573-1000 - Administrator - Enabled) => C:\Users\1

Administrator (S-1-5-21-2950901286-4018632002-2551131573-500 - Administrator - Disabled)

Guest (S-1-5-21-2950901286-4018632002-2551131573-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2950901286-4018632002-2551131573-1004 - Limited - Enabled)

polda only (S-1-5-21-2950901286-4018632002-2551131573-1006 - Limited - Enabled) => C:\Users\polda only

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft ISATAP Adapter

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft ISATAP Adapter #2

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/06/2015 00:40:44 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (02/06/2015 00:39:58 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (02/05/2015 06:35:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 174

 

Start Time: 01d041379c3a4b46

 

Termination Time: 60

 

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

 

Report Id: 131dc4da-ad2b-11e4-ac14-74d435537fcb

 

Error: (02/05/2015 06:33:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 56c

 

Start Time: 01d041377d1d60ad

 

Termination Time: 60

 

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

 

Report Id: d30df716-ad2a-11e4-ac14-74d435537fcb

 

Error: (02/05/2015 06:22:27 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0xe8cf3acc

Faulting process id: 0x674

Faulting application start time: 0xPSIA.exe0

Faulting application path: PSIA.exe1

Faulting module path: PSIA.exe2

Report Id: PSIA.exe3

 

Error: (02/05/2015 06:17:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/05/2015 10:56:51 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/05/2015 10:31:01 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/05/2015 09:06:49 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/05/2015 08:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (02/06/2015 09:37:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:37:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:37:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:37:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

Error: (02/06/2015 09:33:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1058

 

 

Microsoft Office Sessions:

=========================

Error: (02/06/2015 00:40:44 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

 

Error: (02/06/2015 00:39:58 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

 

Error: (02/05/2015 06:35:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wmplayer.exe12.0.7601.1815017401d041379c3a4b4660C:\Program Files (x86)\Windows Media Player\wmplayer.exe131dc4da-ad2b-11e4-ac14-74d435537fcb

 

Error: (02/05/2015 06:33:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wmplayer.exe12.0.7601.1815056c01d041377d1d60ad60C:\Program Files (x86)\Windows Media Player\wmplayer.exed30df716-ad2a-11e4-ac14-74d435537fcb

 

Error: (02/05/2015 06:22:27 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005e8cf3acc67401d0413559248e5eC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown435e2567-ad29-11e4-ac14-74d435537fcb

 

Error: (02/05/2015 06:17:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/05/2015 10:56:51 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Downloads\software\esetsmartinstaller_enu.exe

 

Error: (02/05/2015 10:31:01 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Downloads\esetsmartinstaller_enu.exe

 

Error: (02/05/2015 09:06:49 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1\Downloads\esetsmartinstaller_enu.exe

 

Error: (02/05/2015 08:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-26 10:09:22.884

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-11-26 10:09:22.869

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4570 CPU @ 3.20GHz

Percentage of memory in use: 53%

Total physical RAM: 3974.67 MB

Available physical RAM: 1841.92 MB

Total Pagefile: 7947.53 MB

Available Pagefile: 5283.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.29 GB) (Free:779.88 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015

Ran by 1 (administrator) on 1-PC on 06-02-2015 21:37:46

Running from C:\Users\1\Desktop\mallwarebytes\Naathim

Loaded Profiles: 1 (Available profiles: 1 & polda only)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII1E.EXE

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)

HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [Razer Synapse] => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII1E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1013368 2015-02-01] (Link64 GmbH)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226704 2013-03-07] (Research In Motion Limited)

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk

ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\polda only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk

ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

GroupPolicyUsers\S-1-5-21-2950901286-4018632002-2551131573-1006\User: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2950901286-4018632002-2551131573-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} ->  No File

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-17]

 

Chrome: 

=======

CHR Profile: C:\Users\1\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]

CHR Extension: (Google Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]

CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]

CHR Extension: (WOT) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-12]

CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]

CHR Extension: (Adblock Plus) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-12]

CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]

CHR Extension: (Tampermonkey) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-25]

CHR Extension: (Google Sheets) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]

CHR Extension: (Google Wallet) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]

CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)

S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)

R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)

R0 edevmon; C:\Windows\SysWOW64\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-01-12] (Spotflux, Inc.)

S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-05 19:15 - 2015-02-06 21:20 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0413d75d863f3.job

2015-02-05 19:15 - 2015-02-06 19:20 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0413d75382c45.job

2015-02-05 19:15 - 2015-02-05 19:15 - 00004008 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0413d75d863f3

2015-02-05 19:15 - 2015-02-05 19:15 - 00003756 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0413d75382c45

2015-02-05 08:34 - 2015-02-06 18:52 - 00146014 _____ () C:\Windows\WindowsUpdate.log

2015-02-05 08:24 - 2015-02-05 08:24 - 00000000 ____D () C:\Windows\pss

2015-02-03 15:15 - 2015-02-03 15:15 - 00001123 _____ () C:\Users\Public\Desktop\Dell Display Manager.lnk

2015-02-02 13:46 - 2015-02-02 13:46 - 00012677 _____ () C:\Users\1\Documents\Order cog Rudy Herlambang 28 Juli 2014.xlsx

2015-02-01 16:40 - 2015-02-01 16:40 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk

2015-02-01 16:40 - 2015-02-01 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-02-01 16:39 - 2015-02-01 16:40 - 00000000 ___DC () C:\Program Files\iTunes

2015-02-01 16:39 - 2015-02-01 16:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-02-01 16:39 - 2015-02-01 16:39 - 00000000 ___DC () C:\Program Files\iPod

2015-02-01 09:23 - 2015-02-01 09:23 - 00000890 _____ () C:\Users\1\Desktop\Video Downloader Ultimate.lnk

2015-02-01 09:22 - 2015-02-04 21:28 - 00000000 ____D () C:\ProgramData\VideoDownloaderUltimateWinApp

2015-02-01 08:32 - 2015-02-01 08:29 - 00024064 _____ () C:\Windows\zoek-delete.exe

2015-02-01 08:31 - 2015-01-31 16:37 - 00042141 ____C () C:\zoek-results2015-01-31-093745.log

2015-01-31 16:22 - 2015-02-01 08:34 - 00004730 ____C () C:\zoek-results.log

2015-01-31 16:20 - 2015-02-01 08:32 - 00000000 ___DC () C:\zoek_backup

2015-01-30 19:13 - 2015-01-30 19:15 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe

2015-01-29 13:37 - 2015-01-29 13:40 - 00001218 _____ () C:\Users\1\Desktop\EPSON L110 Series Advanced Driver Settings.txt

2015-01-29 13:27 - 2015-01-29 13:27 - 00001218 _____ () C:\Users\1\Documents\EPSON L300 Series Advanced Driver Settings.txt

2015-01-29 13:19 - 2015-01-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2015-01-29 08:48 - 2015-01-29 08:48 - 00000036 _____ () C:\Windows\system##%%

2015-01-29 08:21 - 2015-01-29 08:21 - 06436236 _____ () C:\Users\1\Desktop\acha 1biji.psd

2015-01-29 08:17 - 2015-01-29 08:17 - 40697597 _____ () C:\Users\1\Desktop\mug 100.psd

2015-01-27 09:40 - 2015-01-27 09:40 - 00000755 _____ () C:\Users\1\Desktop\JRT.txt

2015-01-26 20:29 - 2015-01-26 20:29 - 00000000 ____D () C:\Users\1\Desktop\mallwarebytes

2015-01-25 22:52 - 2015-01-25 22:52 - 00000978 _____ () C:\Users\1\Desktop\TagScanner.lnk

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\Users\1\AppData\Roaming\TagScanner

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner

2015-01-25 22:52 - 2015-01-25 22:52 - 00000000 ____D () C:\Program Files (x86)\TagScanner

2015-01-25 18:19 - 2015-01-25 18:19 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2015-01-25 18:19 - 2015-01-25 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-01-25 18:19 - 2015-01-25 18:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-01-25 10:43 - 2015-01-25 18:32 - 00002692 _____ () C:\Users\1\Desktop\best trance 2014 title.txt

2015-01-25 10:02 - 2015-02-06 21:37 - 00000000 ___DC () C:\FRST

2015-01-25 09:53 - 2015-01-27 09:48 - 00000000 ___DC () C:\AdwCleaner

2015-01-25 09:50 - 2014-12-28 15:01 - 01707939 _____ (Thisisu) C:\Users\1\Desktop\JRT_NEW.exe

2015-01-24 12:55 - 2015-01-27 21:33 - 00000000 ____D () C:\Users\1\AppData\Roaming\DivX

2015-01-24 12:41 - 2015-02-03 16:37 - 00000000 ____D () C:\Program Files (x86)\DivX

2015-01-24 12:38 - 2015-02-03 16:37 - 00000000 ____D () C:\ProgramData\DivX

2015-01-24 11:00 - 2015-02-06 21:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-24 11:00 - 2015-01-31 16:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 11:00 - 2015-01-31 16:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 11:00 - 2015-01-31 16:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-24 11:00 - 2015-01-24 11:00 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-24 10:56 - 2015-01-24 10:56 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-24 10:03 - 2015-01-24 10:03 - 00000000 ____D () C:\Users\1\AppData\Roaming\MusicBrainz

2015-01-24 10:03 - 2015-01-24 10:03 - 00000000 ____D () C:\Users\1\AppData\Local\MusicBrainz

2015-01-24 09:16 - 2015-01-24 09:16 - 00132277 _____ () C:\Users\1\Downloads\mp3rename.zip

2015-01-24 09:16 - 2015-01-24 09:16 - 00000000 ____D () C:\Users\1\Downloads\mp3rename

2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Users\1\AppData\Local\Macroplant_LLC

2015-01-23 10:34 - 2015-01-23 10:34 - 00000983 _____ () C:\Users\Public\Desktop\iExplorer.lnk

2015-01-23 10:34 - 2015-01-23 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2015-01-23 10:34 - 2015-01-23 10:34 - 00000000 ____D () C:\Program Files (x86)\iExplorer

2015-01-23 09:34 - 2015-01-24 13:13 - 00000000 ____D () C:\Users\1\Downloads\Naruto

2015-01-23 09:28 - 2015-01-23 09:28 - 00000000 ____D () C:\Users\1\Downloads\ww docs

2015-01-23 09:26 - 2015-02-05 10:49 - 00000000 ____D () C:\Users\1\Downloads\software

2015-01-23 09:26 - 2015-01-23 09:42 - 00000000 ____D () C:\Users\1\Downloads\Games

2015-01-23 09:24 - 2015-01-23 09:37 - 00000000 ____D () C:\Users\1\Downloads\mp4 - new

2015-01-22 18:08 - 2015-01-23 09:39 - 00000000 ____D () C:\Users\1\Downloads\22012015

2015-01-22 17:33 - 2015-02-05 09:12 - 00000000 ____D () C:\Users\1\Downloads\vaping

2015-01-22 16:17 - 2015-02-04 10:10 - 00000000 ____D () C:\Program Files (x86)\Mp3tag

2015-01-17 16:57 - 2015-01-17 16:57 - 00000000 ____D () C:\Users\1\AppData\Local\ESET

2015-01-17 16:56 - 2015-02-04 10:11 - 00000000 ____D () C:\Users\1\AppData\Roaming\BitTorrent

2015-01-17 16:47 - 2015-01-12 23:23 - 00048896 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\netfilter2.sys

2015-01-17 16:46 - 2015-02-04 10:07 - 00000000 ____D () C:\ProgramData\spotflux

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ___DC () C:\Program Files\ESET

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2015-01-17 12:08 - 2015-01-17 12:08 - 00000000 ____D () C:\ProgramData\ESET

2015-01-17 11:30 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2015-01-17 11:29 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI3E.DLL

2015-01-16 19:34 - 2015-01-16 19:34 - 00000000 ____D () C:\Users\1\AppData\Roaming\TuneUp Software

2015-01-16 19:34 - 2015-01-16 19:34 - 00000000 ____D () C:\Users\1\AppData\Local\TuneUp Software

2015-01-16 19:33 - 2015-01-16 19:37 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-16 19:33 - 2015-01-16 19:33 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-16 19:26 - 2015-01-16 19:26 - 00000000 ____D () C:\Users\1\AppData\Roaming\Temp

2015-01-16 19:06 - 2015-01-16 19:30 - 00003362 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task for VeohWebPlayer

2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Program Files (x86)\Veoh Networks

2015-01-15 11:45 - 2015-01-15 11:45 - 00001504 _____ () C:\Users\polda only\Desktop\FlashGet downloads.lnk

2015-01-15 11:45 - 2015-01-15 11:45 - 00001494 _____ () C:\Users\1\Desktop\FlashGet downloads.lnk

2015-01-15 11:30 - 2015-01-15 11:34 - 00000000 ____D () C:\Program Files (x86)\clashofgods

2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\Users\1\G-bits

2015-01-15 10:51 - 2015-01-15 10:51 - 00001031 _____ () C:\Users\Public\Desktop\Clash of Gods.lnk

2015-01-15 10:51 - 2015-01-15 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clash of Gods

2015-01-15 10:38 - 2015-01-28 00:41 - 00000000 ____D () C:\Program Files (x86)\Clash of Gods

2015-01-15 00:19 - 2015-02-06 09:22 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-15 00:19 - 2015-01-15 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-15 00:09 - 2015-02-06 21:21 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-15 00:09 - 2015-02-06 19:20 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-15 00:09 - 2015-02-05 19:15 - 00004008 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-15 00:09 - 2015-02-05 19:15 - 00003756 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-14 23:05 - 2015-01-14 23:05 - 00000000 ____D () C:\Users\1\AppData\Local\Deployment

2015-01-14 23:05 - 2015-01-14 23:05 - 00000000 ____D () C:\Users\1\AppData\Local\Apps\2.0

2015-01-14 18:44 - 2014-12-19 10:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 18:44 - 2014-12-19 08:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 18:44 - 2014-12-12 12:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 18:44 - 2014-12-12 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-14 18:44 - 2014-12-12 12:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-14 18:44 - 2014-12-12 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-14 18:44 - 2014-12-12 12:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-14 18:44 - 2014-12-12 12:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-14 18:44 - 2014-12-12 12:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-14 18:44 - 2014-12-12 00:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 18:44 - 2014-12-06 11:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 18:44 - 2014-12-06 11:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\tlntsess.exe

2015-01-14 18:44 - 2014-12-06 10:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-14 18:44 - 2014-12-06 10:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-14 00:01 - 2015-01-14 00:34 - 00000000 ____D () C:\Users\1\itools

2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Users\1\Documents\iTools

2015-01-13 23:56 - 2015-01-22 00:55 - 00000000 ____D () C:\Users\1\Desktop\itools

2015-01-13 00:55 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\1\Documents\project movie keisha

2015-01-12 23:23 - 2015-01-12 23:23 - 00039104 _____ (Spotflux, Inc.) C:\Windows\system32\Drivers\tapSF0901.sys

2015-01-07 10:58 - 2015-01-17 11:26 - 00000000 ____D () C:\Users\1\Desktop\Orderan JAnuari

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-06 21:36 - 2014-11-11 23:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-06 21:34 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-06 02:00 - 2014-11-14 15:24 - 00000000 ____D () C:\Users\1\AppData\Local\Adobe

2015-02-05 18:24 - 2009-07-14 12:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-05 18:24 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-05 18:24 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-05 18:17 - 2014-11-11 22:25 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-05 18:17 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-05 10:27 - 2014-11-20 10:17 - 00000462 _____ () C:\Users\1\AppData\Roaming\Rim.DesktopHelper.Exception.log

2015-02-05 10:27 - 2014-11-20 10:17 - 00000462 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.Exception.log

2015-02-04 11:10 - 2009-07-14 12:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-02-03 15:15 - 2014-11-11 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager

2015-02-01 16:39 - 2014-11-18 11:15 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-02-01 16:39 - 2014-11-18 10:41 - 00000000 ___DC () C:\Program Files\Common Files\Apple

2015-01-31 16:39 - 2014-11-12 00:06 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-31 16:37 - 2014-11-11 22:36 - 00000008 __RSH () C:\Users\1\ntuser.pol

2015-01-31 16:37 - 2014-11-11 17:23 - 00000000 ____D () C:\Users\1

2015-01-31 16:30 - 2009-07-14 10:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-01-29 08:02 - 2009-07-14 12:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2015-01-26 20:33 - 2014-12-11 20:11 - 00000206 _____ () C:\Users\1\Desktop\speedy1.txt

2015-01-23 09:42 - 2014-11-16 22:45 - 00000000 ____D () C:\Users\1\Downloads\e1200 v2

2015-01-22 18:00 - 2014-11-15 08:43 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-22 18:00 - 2014-11-15 08:42 - 00000000 ___DC () C:\Program Files\Java

2015-01-22 10:58 - 2014-11-18 10:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\Apple Computer

2015-01-22 00:54 - 2014-11-20 15:34 - 00000000 ____D () C:\Users\1\AppData\Local\Apple Inc

2015-01-22 00:54 - 2014-11-18 10:42 - 00000000 ____D () C:\Users\1\AppData\Local\Apple

2015-01-19 06:32 - 2015-01-05 15:41 - 00001072 _____ () C:\Users\1\Desktop\Adobe Photoshop CC 2014.lnk

2015-01-19 00:38 - 2014-11-22 07:30 - 00000000 ____D () C:\ProgramData\Razer

2015-01-19 00:38 - 2014-11-22 07:30 - 00000000 ____D () C:\Program Files (x86)\Razer

2015-01-19 00:37 - 2014-11-24 17:10 - 00000000 ____D () C:\Users\1\AppData\Local\Razer

2015-01-17 22:12 - 2014-11-20 16:28 - 00000000 ___DC () C:\FFOutput

2015-01-17 11:34 - 2014-11-14 15:41 - 00000000 ____D () C:\Program Files (x86)\Epson Software

2015-01-17 07:22 - 2014-11-14 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

2015-01-15 23:56 - 2014-11-11 18:13 - 00000000 ____D () C:\Users\1\AppData\Local\Google

2015-01-15 23:42 - 2014-12-02 07:16 - 00009095 _____ () C:\Windows\SysWOW64\secushr.dat

2015-01-15 11:44 - 2014-12-02 07:12 - 00000000 ____D () C:\Users\1\AppData\Roaming\BITS

2015-01-15 00:19 - 2014-11-11 18:13 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-14 23:14 - 2014-11-11 18:16 - 00768152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-14 22:41 - 2014-11-12 01:39 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 22:38 - 2014-11-12 01:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-13 11:28 - 2014-12-03 11:30 - 00022640 _____ () C:\Users\1\Documents\My Movie.wlmp

2015-01-12 23:50 - 2014-12-03 10:44 - 00000000 ____D () C:\Users\1\AppData\Local\Windows Live

 

==================== Files in the root of some directories =======

 

2014-12-30 21:04 - 2015-02-04 10:10 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe

2014-11-20 10:17 - 2015-02-05 10:27 - 0000462 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.Exception.log

2014-11-20 10:02 - 2014-11-20 10:02 - 0001153 _____ () C:\Users\1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2014-11-20 10:17 - 2015-02-05 10:27 - 0000462 _____ () C:\Users\1\AppData\Roaming\Rim.DesktopHelper.Exception.log

2015-01-22 01:01 - 2015-01-22 01:01 - 0040115 _____ () C:\Users\1\AppData\Roaming\UserTile.png

2014-11-16 00:50 - 2014-11-30 23:25 - 0036352 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-12 19:25 - 2014-12-12 19:25 - 0266397 _____ () C:\ProgramData\1418386789.bdinstall.bin

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 00:46

 

==================== End Of Log ============================

Link to post
Share on other sites

ussualy i can download every video from youtube by using keepvid.. suddenly i cant download for some reason .. and also the next  day ... when it pop up the download bar and save as to ....... the file name change to viedotext.txt ... 

 

this problem always happen when i feel my comp act so strange... is this the one that u told me about unwated problem (could you give me 1 example what kind of problem / software that i didnt know get into my pc)

 

oh yeah. 1 more thing.. if this kind of problem happend again.. can i just do all the work as u instructed before.. so i dont have to ask for help again... thanks bro for helping me.. 

Link to post
Share on other sites

oh yeah. 1 more thing.. if this kind of problem happend again.. can i just do all the work as u instructed before.. so i dont have to ask for help again...

Nope, the scripts and tools are taken individually for each case, depending on what we see in the logs. THat means almost every time there will be something different to bo done.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=250f612fd3433943b8928f32237b1ad7

# engine=22485

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-02-16 04:10:10

# local_time=2015-02-16 11:10:10 (+0700, SE Asia Standard Time)

# country="Indonesia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 375276 47061804 0 0

# compatibility_mode_1='ESET NOD32 Antivirus 8.0'

# compatibility_mode=8229 16777213 100 100 1748099 18252402 0 0

# scanned=66898

# found=0

# cleaned=0

# scan_time=2292

# nod_component=V3 Build:0x30000000

 


 Results of screen317's Security Check version 0.99.96  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

ESET NOD32 Antivirus 8.0        

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Secunia PSI (3.0.0.10004)   

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player 16.0.0.305  

 Google Chrome (40.0.2214.111) 

 Google Chrome (40.0.2214.94) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 ESET NOD32 Antivirus egui.exe  

 ESET NOD32 Antivirus ekrn.exe  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 ESET ESET Online Scanner OnlineScannerApp.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 1 Desktop mallwarebytes Naathim\SecurityCheck.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

Hi :)

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

# DelFix v10.8 - Logfile created 17/02/2015 at 08:35:06

# Updated 29/07/2014 by Xplode

# Username : 1 - 1-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\TDSSKiller.3.0.0.41_25.01.2015_09.43.57_log.txt

Deleted : C:\TDSSKiller.3.0.0.44_25.01.2015_09.45.01_log.txt

Deleted : C:\TDSSKiller.3.0.0.44_25.01.2015_09.47.43_log.txt

Deleted : C:\zoek-results.log

Deleted : C:\zoek-results2015-01-31-093745.log

Deleted : C:\Users\1\Desktop\JRT.txt

Deleted : C:\Users\1\Desktop\JRT_NEW.exe

Deleted : C:\Users\1\Downloads\esetsmartinstaller_enu.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Cleaning system restore ...

 

Deleted : RP #103 [Windows Update | 02/11/2015 19:51:13]

Deleted : RP #104 [Windows Update | 02/12/2015 20:00:15]

Deleted : RP #105 [Windows Update | 02/16/2015 02:14:09]

Deleted : RP #106 [installed Microsoft Office Professional Plus 2010 | 02/16/2015 09:38:33]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.