Jump to content

New virus that won't go away


kgh5219
 Share

Recommended Posts

A very complicated virus that started off a chain of downloads. It's called gzsir.exe? I've searched it up on the Internet and it seems that no one else had encountered this virus. It seems to be Chinese. There is also an adware called Chinad? Makes annoying Chinese ads come up. The virus also installed a bunch of extensions and changed start up pages and suchlike. It also disguises it's processes with other names like chrome.exe and other stuff, but in the beginning it was gzsir.exe.

Please help, ran malwarebyte a few times and chinad keeps coming up even though I had supposedly quarantined it :(

I also basically deleted a bunch of suspicious looking files but I was an idiot and let the virus run for a long time because I was downloading music (which was how I got the virus in the first place :/ )

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 05/11/2015

Scan Time: 12:26

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.05.03

Rootkit Database: v2015.11.04.02

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Master

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 478763

Time Elapsed: 52 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 9

Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [90d7b1c9c6c549ed0204fd3304fe3dc3], 

Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [84e30773a1eaf54136d0260ac83a0cf4], 

PUP.Optional.BrowserAir, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{3CA2FCF0-1208-4E6E-B239-01BC581E228B}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Master\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir|, Quarantined, [3d2a3347abe03303493784493ac9a957]

PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{CAB992EE-1D7F-43F5-A4ED-F2AB60FDD4D6}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\GeePlayer\GeePlayer.exe|Name=爱奇艺万能播放器|Desc=C:\IQIYI Video\GeePlayer\GeePlayer.exe|, Quarantined, [ec7b39416229e6502e58dbf26e9501ff]

PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7B870D9A-B8EE-41C8-B6F9-EABB59B2EACF}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Master\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe|Name=爱奇艺升级模块|Desc=C:\Users\Master\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe|, Quarantined, [462184f6d1ba93a337557c51db2835cb]

PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B0741C7B-5264-4284-8DB4-A17E0B266123}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyClient.exe|Name=爱奇艺PPS影音|Desc=C:\IQIYI Video\LStyle\QyClient.exe|, Quarantined, [0f58780286058bab266621ac29da9967]

PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{EAF5C527-8EF3-40F2-A170-546CCF5171AB}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyWebPlayer.exe|Name=爱奇艺PPS影音|Desc=C:\IQIYI Video\LStyle\QyWebPlayer.exe|, Quarantined, [14536e0cd4b7a393ff8d468756ade719]

PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{165F2037-7A20-440A-B646-D8F72FEA368B}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\Common\QyKernel.exe|Name=爱奇艺HCDN网络数据传输组件|Desc=C:\IQIYI Video\Common\QyKernel.exe|, Quarantined, [1a4d54266d1e171f9eeea825bc478e72]

PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E831D923-2D77-43CE-AB0F-989E8BE4E7F2}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyPlayer.exe|Name=爱奇艺视频播放器|Desc=C:\IQIYI Video\LStyle\QyPlayer.exe|, Quarantined, [b6b1344693f8af87325ab21b12f1837d]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.ChinAd, C:\Users\Master\AppData\Local\temp\setup3.exe, Quarantined, [b8afa0daf596a69044d190b72dd3f20e], 

PUP.Optional.ChinAd, C:\Users\Master\AppData\Local\temp\IQIYIsetup_spl004@kb037.exe, Quarantined, [75f2c2b85e2d40f6e77f1eaf0df69f61], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015

Ran by Master (administrator) on LUKE (05-11-2015 13:37:24)

Running from C:\Users\Master\Desktop

Loaded Profiles: Master (Available Profiles: Master & Ruke)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\SysWOW64\DM.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Spotify Ltd) C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286784 2015-09-04] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()

HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [spotify Web Helper] => C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd)

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

AppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => No File

ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} =>  No File

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-28]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444

Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {F445C8D2-5860-4978-A564-0D8F36A879E4} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EGB&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=241C9536-6D17-4B8D-ABB1-7395AE106732&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_10.0.9200.16635&doi=2013-07-15&trgb=IE&q={searchTerms}&psv=

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)

BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

BHO-x32: Daum 클리너 -> {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} -> C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll [2012-08-01] (Daum Communications Corp.)

BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation)

Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

Toolbar: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SKV67EK\TouchEnKey_Installer.exe

DPF: HKLM-x32 {8C96AC47-F768-47F5-95C2-24018E6674C5} hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab

DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4

Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2015-02-23] (© INITECH)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default

FF SelectedSearchEngine: v9

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]

FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2011-11-16] (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-04] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-04] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2562538608-3379174730-3565747309-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [2015-02-23]

FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set

CHR StartupUrls: Default -> "hxxp://google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File

CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File

CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File

CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File

CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File

CHR Plugin: (Unity Player) - C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)

CHR Profile: C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (YouTube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Adblock Plus) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]

CHR Extension: (Google Search) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Google Docs Offline) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

CHR Extension: (Gmail) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - C:\Users\Master\AppData\Local\B5T\6.0.5.2\Extensions\B5TShoppingAssistantNativeMsg.crx <not found>

StartMenuInternet: Google Chrome.I7TI3I7QGXMC6GV4VF542MKHD4 - C:\Users\luk\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S4 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [199088 2012-08-01] (Daum Communications Corp.)

R2 DM; C:\Windows\SysWOW64\DM.exe [2535424 2011-06-07] () [File not signed]

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3963248 2011-01-12] (INCA Internet Co., Ltd.) [File not signed]

S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()

R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-20] (Wellbia.com Co., Ltd.) [File not signed]

S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]

S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]

S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]

S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]

S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)

R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)

R2 clunet; C:\Windows\system32\drivers\clunet.sys [49224 2010-10-18] (Windows ® Win 7 DDK provider)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-02-28] (RaonSecure Co., Ltd.)

S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-02-28] (Kings Information & Network)

S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-05] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-15] (AhnLab, Inc.)

S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-15] (AhnLab, Inc.)

S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98040 2012-03-07] (AhnLab, Inc.)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107768 2012-03-07] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [183544 2012-03-07] (AhnLab, Inc.)

S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]

R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2015-05-15] ()

S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21432 2015-02-23] (SoftCamp)

S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [42352 2015-02-23] (SoftCamp)

S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]

S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]

S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]

S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]

S0 TfFsMon; system32\drivers\TfFsMon.sys [X]

S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]

S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

S3 vtany; \??\C:\Windows\vtany.sys [X]

S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

S3 xspirit; \??\C:\Windows\xspirit.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-05 13:37 - 2015-11-05 13:38 - 00033223 _____ C:\Users\Master\Desktop\FRST.txt

2015-11-05 13:37 - 2015-11-05 13:37 - 00000000 ____D C:\FRST

2015-11-05 13:36 - 2015-11-05 13:36 - 02198016 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe

2015-11-05 12:15 - 2015-11-05 12:15 - 00000000 ____D C:\MGADiagToolOutput

2015-11-05 12:13 - 2015-11-05 12:13 - 02031992 _____ (Microsoft Corporation) C:\Users\Master\Downloads\MGADiag.exe

2015-11-05 12:13 - 2015-11-05 12:13 - 00000000 ____D C:\ProgramData\Office Genuine Advantage

2015-11-05 12:10 - 2015-11-05 13:33 - 00006424 _____ C:\Windows\system32\PerfStringBackup.TMP

2015-11-05 12:10 - 2015-11-05 12:10 - 00002709 _____ C:\Users\Master\Downloads\legitcheck.hta

2015-11-05 12:08 - 2015-11-05 12:08 - 00000552 _____ C:\Windows\system32\spsys.log

2015-11-05 12:07 - 2015-11-05 13:25 - 00010800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-05 12:07 - 2015-11-05 13:25 - 00010800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-05 12:03 - 2015-11-05 12:04 - 00470072 _____ C:\Windows\system32\FNTCACHE.DAT

2015-10-29 19:32 - 2015-10-29 19:32 - 00000000 __SHD C:\found.001

2015-10-29 19:24 - 2015-10-29 19:24 - 00007604 _____ C:\Users\Ruke\AppData\Local\Resmon.ResmonCfg

2015-10-29 19:22 - 2015-10-29 19:22 - 00001421 _____ C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Real

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Macromedia

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Intel Corporation

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Apple Computer

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Adobe

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\Google

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\EgisTec IPS

2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\CrashRpt

2015-10-29 19:21 - 2015-10-29 19:21 - 00000020 ___SH C:\Users\Ruke\ntuser.ini

2015-10-29 19:21 - 2015-10-29 19:21 - 00000000 ____D C:\Users\Ruke

2015-10-29 19:21 - 2011-02-20 21:01 - 00000000 ____D C:\Users\Ruke\AppData\Local\Microsoft Help

2015-10-29 19:21 - 2009-07-14 04:54 - 00000000 ___RD C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-29 19:21 - 2009-07-14 04:49 - 00000000 ___RD C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-29 18:26 - 2015-10-29 18:26 - 00000000 ____D C:\Windows\Minidump

2015-10-28 15:40 - 2015-10-28 15:40 - 00000080 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk

2015-10-28 13:40 - 2015-10-28 15:40 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-28 13:33 - 2015-10-28 15:41 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-10-28 13:14 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\LocalLow\B5T

2015-10-28 13:14 - 2015-10-28 13:14 - 00000000 ____D C:\Users\Master\AppData\Roaming\afght

2015-10-28 13:11 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\Local\DeskBar

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\Apple Inc

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\7AC9325A-5313-488A-9DB0-D0B71223D70B.aplzod

2015-10-28 11:38 - 2015-10-28 15:40 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-10-28 11:38 - 2015-10-28 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-10-28 11:37 - 2015-10-28 11:38 - 00000000 ____D C:\Program Files\iTunes

2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files\iPod

2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files\Bonjour

2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-10-28 11:29 - 2015-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-10-27 10:58 - 2015-10-27 10:58 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll

2015-10-23 21:40 - 2015-10-23 21:40 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Oracle

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-05 13:31 - 2010-12-04 04:05 - 01197266 _____ C:\Windows\WindowsUpdate.log

2015-11-05 13:29 - 2015-03-12 17:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-11-05 13:26 - 2014-11-15 17:35 - 00701022 _____ C:\Windows\PFRO.log

2015-11-05 13:26 - 2014-09-30 17:06 - 00006968 _____ C:\Windows\setupact.log

2015-11-05 13:26 - 2011-03-11 19:47 - 00000000 ____D C:\Windows\Sun

2015-11-05 12:36 - 2012-08-21 20:40 - 00007602 _____ C:\Users\Master\AppData\Local\Resmon.ResmonCfg

2015-11-05 12:19 - 2013-11-26 21:32 - 00000000 ____D C:\Users\Master\AppData\Roaming\uTorrent

2015-11-05 12:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss

2015-10-29 22:31 - 2012-08-18 10:20 - 00000000 ____D C:\Users\Master

2015-10-29 19:22 - 2013-12-17 21:56 - 00118216 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

2015-10-29 19:22 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-29 19:15 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup

2015-10-28 16:02 - 2012-08-18 10:21 - 00000000 ____D C:\Users\Master\AppData\Roaming\Apple Computer

2015-10-28 16:02 - 2011-02-22 21:02 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-10-28 15:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\addins

2015-10-28 15:41 - 2014-09-11 20:39 - 00001816 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-10-28 15:41 - 2014-04-26 09:28 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-10-28 15:41 - 2012-08-18 10:20 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk

2015-10-28 15:41 - 2011-12-01 19:36 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

2015-10-28 15:41 - 2011-02-24 14:00 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

2015-10-28 15:41 - 2011-02-22 21:03 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-10-28 15:41 - 2010-12-04 04:26 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk

2015-10-28 15:41 - 2010-08-30 09:26 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

2015-10-28 15:41 - 2010-08-30 08:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-10-28 15:41 - 2010-08-30 08:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2015-10-28 15:41 - 2009-07-14 04:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2015-10-28 15:40 - 2015-09-04 10:13 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk

2015-10-28 15:40 - 2015-08-31 19:43 - 00001803 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2015-10-28 15:40 - 2014-08-27 00:37 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-28 15:40 - 2014-04-26 09:28 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-10-28 15:40 - 2013-12-21 18:08 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk

2015-10-28 15:40 - 2013-12-15 10:12 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk

2015-10-28 15:40 - 2012-09-06 06:04 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk

2015-10-28 15:40 - 2011-12-01 19:36 - 00002485 _____ C:\Users\Public\Desktop\Safari.lnk

2015-10-28 15:40 - 2011-03-15 19:13 - 00001972 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk

2015-10-28 15:40 - 2009-07-14 05:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2015-10-28 15:40 - 2009-07-14 04:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2015-10-28 13:40 - 2015-03-12 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-28 13:40 - 2014-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-28 13:34 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\Local\Unity

2015-10-28 13:15 - 2012-08-18 10:21 - 00118608 _____ C:\Users\Master\AppData\Local\GDIPFONTCACHEV1.DAT

2015-10-28 13:14 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Unity

2015-10-15 10:05 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps

 

==================== Files in the root of some directories =======

 

2014-05-12 18:52 - 2014-03-16 01:22 - 0003541 _____ () C:\Program Files (x86)\NA_Network_Diagnostic_Test_v6.bat

2014-05-12 18:53 - 2014-05-12 18:57 - 0015204 _____ () C:\Program Files (x86)\riot-lol-results-pc-v6.txt

2013-05-11 18:00 - 2013-05-10 05:06 - 0011855 _____ () C:\Users\Master\AppData\Roaming\photo.jpeg

2013-12-11 21:25 - 2014-06-02 20:57 - 0034816 _____ () C:\Users\Master\AppData\Roaming\RZR_0060a48d4361bf547311ce97226c.db

2014-08-26 23:19 - 2014-08-26 23:19 - 0000047 _____ () C:\Users\Master\AppData\Roaming\WB.CFG

2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log

2015-08-14 10:47 - 2015-08-14 10:47 - 0004608 _____ () C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log

2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log

2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log

2012-08-21 20:40 - 2015-11-05 12:36 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg

2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c

2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log

 

Some files in TEMP:

====================

C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe

C:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe

C:\Users\Master\AppData\Local\temp\lowproc.exe

C:\Users\Master\AppData\Local\temp\qdAstsetup13.exe

C:\Users\Master\AppData\Local\temp\stubhelper.dll

C:\Users\Master\AppData\Local\temp\tu17p84.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 18:16

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015

Ran by Master (2015-11-05 13:38:35)

Running from C:\Users\Master\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled)

Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled)

Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\Master

Ruke (S-1-5-21-2562538608-3379174730-3565747309-1006 - Administrator - Enabled) => C:\Users\Ruke

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)

AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version:  - AhnLab, Inc)

Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden

BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Daum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.)

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version:  - )

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Excel 2007 Help 업데이트 (KB963678) (HKLM-x32\...\{90120000-0016-0412-0000-0000000FF1CE}_ENTERPRISE_{DEA3DED2-5CB8-4FD3-BE1B-7C0412D4117F}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Powerpoint 2007 Help 업데이트 (KB963669) (HKLM-x32\...\{90120000-0018-0412-0000-0000000FF1CE}_ENTERPRISE_{98189FA0-E081-4DBD-84DE-8FB66BF4AC6C}) (Version:  - Microsoft)

Microsoft Office Word 2007 Help 업데이트 (KB963665) (HKLM-x32\...\{90120000-001B-0412-0000-0000000FF1CE}_ENTERPRISE_{15B9412E-6769-4CEA-8A83-39FEDB1F3499}) (Version:  - Microsoft)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems)

MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)

Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)

Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )

MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )

NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation)

Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)

RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version:  - ) <==== ATTENTION

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

SK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version:  - Verified Publisher)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version:  - )

Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)

Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)

Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Veraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera)

Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"

Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION

Task: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default

Task: {117987D2-0CDD-424B-8F35-E501D4C15F83} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {1BF6F709-663B-4985-967D-18DF3E1A68AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default

Task: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder"

Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"

Task: {426F6309-9A90-4293-9CF5-AF85B53C0171} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe

Task: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)

Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTION

Task: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTION

Task: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)

Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory"

Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe

Task: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"

Task: {E3D86EE5-3B45-4A8C-92B8-1099DF26175D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION

Task: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log"

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

Task: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

Task: C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL

2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe

2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll

2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll

2015-09-04 10:13 - 2015-09-04 10:13 - 00089152 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll

2009-08-04 16:23 - 2009-08-04 16:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll

2009-08-04 16:23 - 2009-08-04 16:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll

2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll

2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-10-28 05:07 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll

2015-10-28 05:07 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: DaumCleanerService => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: PCSUService => 2

MSCONFIG\Services: Razer Game Scanner Service => 2

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2

MSCONFIG\Services: RealPlayer Cloud Service => 2

MSCONFIG\Services: RzMaelstromVADStreamingService => 2

MSCONFIG\Services: RzOvlMon => 2

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: SeaPort => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: Updater Service => 2

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wlidsvc => 2

MSCONFIG\Services: WMPNetworkSvc => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: wuauserv => 2

MSCONFIG\Services: YahooAUService => 2

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe

FirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe

FirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100

FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427

FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161

FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{8C0A2E64-DA6C-4A3F-A4A8-10D58D036AC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

 

==================== Faulty Device Manager Devices =============

 

Name: BlueStacks Hypervisor

Description: BlueStacks Hypervisor

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: BstHdDrv

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/07/2015 07:41:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Exception code: 0xc0000005

Fault offset: 0x000b8554

Faulting process id: 0x2a70

Faulting application start time: 0xrads_user_kernel.exe0

Faulting application path: rads_user_kernel.exe1

Faulting module path: rads_user_kernel.exe2

Report Id: rads_user_kernel.exe3

 

Error: (02/06/2015 06:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Exception code: 0xc0000005

Fault offset: 0x000b8554

Faulting process id: 0x2c10

Faulting application start time: 0xrads_user_kernel.exe0

Faulting application path: rads_user_kernel.exe1

Faulting module path: rads_user_kernel.exe2

Report Id: rads_user_kernel.exe3

 

Error: (02/05/2015 09:54:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Exception code: 0xc0000005

Fault offset: 0x000b8554

Faulting process id: 0x105c

Faulting application start time: 0xrads_user_kernel.exe0

Faulting application path: rads_user_kernel.exe1

Faulting module path: rads_user_kernel.exe2

Report Id: rads_user_kernel.exe3

 

Error: (01/31/2015 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Exception code: 0xc0000005

Fault offset: 0x000b8554

Faulting process id: 0x1f74

Faulting application start time: 0xrads_user_kernel.exe0

Faulting application path: rads_user_kernel.exe1

Faulting module path: rads_user_kernel.exe2

Report Id: rads_user_kernel.exe3

 

Error: (01/23/2015 12:52:40 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac

Exception code: 0xc0000005

Fault offset: 0x000b8554

Faulting process id: 0x18e4

Faulting application start time: 0xrads_user_kernel.exe0

Faulting application path: rads_user_kernel.exe1

Faulting module path: rads_user_kernel.exe2

Report Id: rads_user_kernel.exe3

 

Error: (01/21/2015 06:03:28 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program PMM Update Application because of this error.

 

Program: PMM Update Application

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: 00000000

Disk type: 0

 

 

System errors:

=============

Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/30/2015 01:18:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

CodeIntegrity:

===================================

  Date: 2013-03-22 17:19:39.463

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-22 17:19:38.963

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-31 18:44:53.793

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-31 18:44:53.606

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 19:22:56.105

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 19:22:55.949

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-29 21:45:18.679

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-29 21:45:18.492

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-28 19:53:18.465

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-28 19:53:18.278

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 61%

Total physical RAM: 2806.71 MB

Available physical RAM: 1074 MB

Total Virtual: 7412.9 MB

Available Virtual: 5266.92 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:165.41 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Caught a virus that downloaded a bunch of other nasty stuff. Also changed my windows key or something so my computer tells me that I dont have genuine windows :( 

the virus hides as other processes, eg. chrome.exe. i know this because there are like 10 chrome processes when i just open it.

 

Link to post
Share on other sites

  • Root Admin

I'm sorry but AutoKMS is not due to an infection. One has to read where and how to download and then how to install it. It's done on purpose.

The best thing to do is backup your data and format the drive and install Windows 10 or contact Microsoft who can work with you to change your Windows to a legitimate licensed version.

https://forums.malwarebytes.org/index.php?/topic/174566-new-virus-that-wont-go-away/

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 13/11/2015

Scan Time: 13:22

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.13.04

Rootkit Database: v2015.11.13.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Master

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 433489

Time Elapsed: 48 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 4

Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [682038453358cb6b08e896a248babb45], 

Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [91f7e39aabe07eb8ba36b0886b97ca36], 

PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyClient.exe, 9000, Quarantined, [7f09a1dcd2b9270fb611f9de28db43bd]

PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe, 9000, Quarantined, [c4c4443905868aac2b9b667140c30cf4]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....
 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by Master (administrator) on LUKE (14-11-2015 20:02:16)

Running from C:\Users\Master\Desktop

Loaded Profiles: Master (Available Profiles: Master)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\SysWOW64\DM.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Spotify Ltd) C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286784 2015-09-04] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()

HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [spotify Web Helper] => C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd)

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

AppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => No File

ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} =>  No File

ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} =>  No File

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-28]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444

Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {F445C8D2-5860-4978-A564-0D8F36A879E4} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EGB&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=241C9536-6D17-4B8D-ABB1-7395AE106732&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_10.0.9200.16635&doi=2013-07-15&trgb=IE&q={searchTerms}&psv=

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)

BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

BHO-x32: Daum 클리너 -> {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} -> C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll [2012-08-01] (Daum Communications Corp.)

BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation)

Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

Toolbar: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SKV67EK\TouchEnKey_Installer.exe

DPF: HKLM-x32 {8C96AC47-F768-47F5-95C2-24018E6674C5} hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab

DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4

Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2015-02-23] (© INITECH)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default

FF SelectedSearchEngine: v9

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]

FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2011-11-16] (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-04] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-04] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2562538608-3379174730-3565747309-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [2015-02-23]

FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set

CHR StartupUrls: Default -> "hxxp://google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File

CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File

CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File

CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File

CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File

CHR Plugin: (Unity Player) - C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)

CHR Profile: C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (YouTube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Adblock Plus) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]

CHR Extension: (Google Search) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Google Docs Offline) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

CHR Extension: (Gmail) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - C:\Users\Master\AppData\Local\B5T\6.0.5.2\Extensions\B5TShoppingAssistantNativeMsg.crx <not found>

StartMenuInternet: Google Chrome.I7TI3I7QGXMC6GV4VF542MKHD4 - C:\Users\luk\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S4 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [199088 2012-08-01] (Daum Communications Corp.)

R2 DM; C:\Windows\SysWOW64\DM.exe [2535424 2011-06-07] () [File not signed]

S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]

R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3963248 2011-01-12] (INCA Internet Co., Ltd.) [File not signed]

S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)

S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()

R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-20] (Wellbia.com Co., Ltd.) [File not signed]

S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]

S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)

R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)

R2 clunet; C:\Windows\system32\drivers\clunet.sys [49224 2010-10-18] (Windows ® Win 7 DDK provider)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-02-28] (RaonSecure Co., Ltd.)

S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-02-28] (Kings Information & Network)

S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) [File not signed]

U0 kvrrwkon; C:\Windows\System32\drivers\avvifrad.sys [79064 2015-11-13] (Malwarebytes)

S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-15] (AhnLab, Inc.)

S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-15] (AhnLab, Inc.)

S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98040 2012-03-07] (AhnLab, Inc.)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107768 2012-03-07] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [183544 2012-03-07] (AhnLab, Inc.)

S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]

R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2015-05-15] ()

S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21432 2015-02-23] (SoftCamp)

S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [42352 2015-02-23] (SoftCamp)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-05] ()

S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]

S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]

S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]

R0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]

S0 TfFsMon; system32\drivers\TfFsMon.sys [X]

S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]

S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

S3 vtany; \??\C:\Windows\vtany.sys [X]

S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

S3 xspirit; \??\C:\Windows\xspirit.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-14 20:02 - 2015-11-14 20:02 - 00031286 _____ C:\Users\Master\Desktop\FRST.txt

2015-11-14 19:51 - 2015-11-14 19:51 - 00000000 ____D C:\Users\Master\Desktop\FRST-OlderVersion

2015-11-13 14:59 - 2015-11-13 14:59 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\avvifrad.sys

2015-11-05 22:45 - 2015-11-12 22:46 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-11-05 13:47 - 2015-11-05 13:47 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-11-05 13:47 - 2015-11-05 13:47 - 00000000 ____D C:\ProgramData\RogueKiller

2015-11-05 13:46 - 2015-11-05 13:46 - 18969672 _____ C:\Users\Master\Desktop\RogueKiller.exe

2015-11-05 13:37 - 2015-11-14 20:02 - 00000000 ____D C:\FRST

2015-11-05 13:36 - 2015-11-14 19:51 - 02198528 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe

2015-11-05 12:15 - 2015-11-05 12:15 - 00000000 ____D C:\MGADiagToolOutput

2015-11-05 12:13 - 2015-11-05 12:13 - 02031992 _____ (Microsoft Corporation) C:\Users\Master\Downloads\MGADiag.exe

2015-11-05 12:13 - 2015-11-05 12:13 - 00000000 ____D C:\ProgramData\Office Genuine Advantage

2015-11-05 12:10 - 2015-11-07 17:12 - 00006424 _____ C:\Windows\system32\PerfStringBackup.TMP

2015-11-05 12:10 - 2015-11-05 12:10 - 00002709 _____ C:\Users\Master\Downloads\legitcheck.hta

2015-11-05 12:08 - 2015-11-05 12:08 - 00000552 _____ C:\Windows\system32\spsys.log

2015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-05 12:03 - 2015-11-05 22:01 - 00466456 _____ C:\Windows\system32\FNTCACHE.DAT

2015-10-29 19:32 - 2015-10-29 19:32 - 00000000 __SHD C:\found.001

2015-10-29 18:26 - 2015-10-29 18:26 - 00000000 ____D C:\Windows\Minidump

2015-10-28 15:40 - 2015-10-28 15:40 - 00000080 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk

2015-10-28 13:33 - 2015-10-28 15:41 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-10-28 13:14 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\LocalLow\B5T

2015-10-28 13:14 - 2015-10-28 13:14 - 00000000 ____D C:\Users\Master\AppData\Roaming\afght

2015-10-28 13:11 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\Local\DeskBar

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\Apple Inc

2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\7AC9325A-5313-488A-9DB0-D0B71223D70B.aplzod

2015-10-28 11:38 - 2015-10-28 15:40 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-10-28 11:38 - 2015-10-28 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-10-28 11:37 - 2015-10-28 11:38 - 00000000 ____D C:\Program Files\iTunes

2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files\iPod

2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files\Bonjour

2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-10-28 11:29 - 2015-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-10-27 10:58 - 2015-10-27 10:58 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll

2015-10-23 21:40 - 2015-10-23 21:40 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Oracle

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-14 20:02 - 2012-08-21 20:40 - 00007602 _____ C:\Users\Master\AppData\Local\Resmon.ResmonCfg

2015-11-14 19:45 - 2013-06-15 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-11-14 19:10 - 2011-12-23 16:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-14 18:48 - 2014-06-21 11:23 - 00003334 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005

2015-11-14 18:48 - 2013-11-29 19:35 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005

2015-11-14 18:48 - 2011-12-23 16:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-14 18:48 - 2010-12-04 04:05 - 01219057 _____ C:\Windows\WindowsUpdate.log

2015-11-13 15:04 - 2014-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-11-12 23:17 - 2014-08-27 00:37 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-12 22:47 - 2015-01-30 19:10 - 00003356 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005

2015-11-12 22:47 - 2015-01-30 19:10 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005

2015-11-12 22:46 - 2013-06-15 18:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-11-12 22:46 - 2012-05-12 16:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-11-12 22:46 - 2011-05-17 17:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-06 22:49 - 2014-09-30 17:06 - 00007080 _____ C:\Windows\setupact.log

2015-11-06 22:49 - 2013-12-02 20:39 - 00000454 ____H C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job

2015-11-06 22:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-05 22:38 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps

2015-11-05 22:03 - 2012-08-18 10:21 - 00116184 _____ C:\Users\Master\AppData\Local\GDIPFONTCACHEV1.DAT

2015-11-05 22:00 - 2014-11-15 17:35 - 00701374 _____ C:\Windows\PFRO.log

2015-11-05 21:56 - 2011-02-19 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-11-05 21:56 - 2010-12-04 04:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2015-11-05 21:56 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\ShellNew

2015-11-05 21:56 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild

2015-11-05 21:51 - 2009-07-14 02:34 - 00000387 _____ C:\Windows\win.ini

2015-11-05 21:48 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2015-11-05 14:24 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries

2015-11-05 13:26 - 2011-03-11 19:47 - 00000000 ____D C:\Windows\Sun

2015-11-05 12:19 - 2013-11-26 21:32 - 00000000 ____D C:\Users\Master\AppData\Roaming\uTorrent

2015-11-05 12:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss

2015-10-29 22:31 - 2012-08-18 10:20 - 00000000 ____D C:\Users\Master

2015-10-29 19:22 - 2013-12-17 21:56 - 00118216 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

2015-10-29 19:22 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-29 19:15 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup

2015-10-28 16:02 - 2012-08-18 10:21 - 00000000 ____D C:\Users\Master\AppData\Roaming\Apple Computer

2015-10-28 16:02 - 2011-02-22 21:02 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-10-28 15:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\addins

2015-10-28 15:41 - 2014-09-11 20:39 - 00001816 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-10-28 15:41 - 2014-04-26 09:28 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-10-28 15:41 - 2012-08-18 10:20 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk

2015-10-28 15:41 - 2011-12-01 19:36 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

2015-10-28 15:41 - 2011-02-24 14:00 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2015-10-28 15:41 - 2011-02-24 13:59 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

2015-10-28 15:41 - 2011-02-22 21:03 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-10-28 15:41 - 2010-12-04 04:26 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk

2015-10-28 15:41 - 2010-08-30 09:26 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

2015-10-28 15:41 - 2010-08-30 08:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-10-28 15:41 - 2010-08-30 08:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2015-10-28 15:41 - 2009-07-14 04:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2015-10-28 15:41 - 2009-07-14 04:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2015-10-28 15:40 - 2015-09-04 10:13 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk

2015-10-28 15:40 - 2015-08-31 19:43 - 00001803 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2015-10-28 15:40 - 2014-04-26 09:28 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-10-28 15:40 - 2013-12-21 18:08 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk

2015-10-28 15:40 - 2013-12-15 10:12 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk

2015-10-28 15:40 - 2012-09-06 06:04 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk

2015-10-28 15:40 - 2011-12-01 19:36 - 00002485 _____ C:\Users\Public\Desktop\Safari.lnk

2015-10-28 15:40 - 2011-03-15 19:13 - 00001972 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk

2015-10-28 15:40 - 2009-07-14 05:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2015-10-28 15:40 - 2009-07-14 04:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2015-10-28 13:34 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\Local\Unity

2015-10-28 13:14 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Unity

 

==================== Files in the root of some directories =======

 

2014-05-12 18:52 - 2014-03-16 01:22 - 0003541 _____ () C:\Program Files (x86)\NA_Network_Diagnostic_Test_v6.bat

2014-05-12 18:53 - 2014-05-12 18:57 - 0015204 _____ () C:\Program Files (x86)\riot-lol-results-pc-v6.txt

2013-05-11 18:00 - 2013-05-10 05:06 - 0011855 _____ () C:\Users\Master\AppData\Roaming\photo.jpeg

2013-12-11 21:25 - 2014-06-02 20:57 - 0034816 _____ () C:\Users\Master\AppData\Roaming\RZR_0060a48d4361bf547311ce97226c.db

2014-08-26 23:19 - 2014-08-26 23:19 - 0000047 _____ () C:\Users\Master\AppData\Roaming\WB.CFG

2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log

2015-08-14 10:47 - 2015-08-14 10:47 - 0004608 _____ () C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log

2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log

2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log

2012-08-21 20:40 - 2015-11-14 20:02 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg

2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c

2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log

 

Some files in TEMP:

====================

C:\Users\Master\AppData\Local\temp\dllnt_dump.dll

C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe

C:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe

C:\Users\Master\AppData\Local\temp\lowproc.exe

C:\Users\Master\AppData\Local\temp\qdAstsetup13.exe

C:\Users\Master\AppData\Local\temp\stubhelper.dll

C:\Users\Master\AppData\Local\temp\tu17p84.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 18:16

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by Master (2015-11-14 20:03:26)

Running from C:\Users\Master\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled)

Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled)

Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\Master

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)

AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version:  - AhnLab, Inc)

Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Daum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.)

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version:  - )

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems)

MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)

Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)

Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )

MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )

NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation)

Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)

RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version:  - ) <==== ATTENTION

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

SK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version:  - Verified Publisher)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version:  - )

Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)

Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)

Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Veraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera)

Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

05-11-2015 14:23:04 Removed BlueStacks Notification Center

05-11-2015 21:48:25 Removed Microsoft Office Enterprise 2007

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"

Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION

Task: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default

Task: {1A0F294A-62E5-4661-9BC3-2B5494A90A06} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default

Task: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {26FFE70F-9E70-4FD2-A01C-38E918613B88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder"

Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"

Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe

Task: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {9028F171-E8B5-40A3-A587-E10E689549BF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)

Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTION

Task: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTION

Task: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)

Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory"

Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe

Task: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"

Task: {E42141DC-00C5-4400-AFC8-1F6710D1E5B5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION

Task: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log"

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

Task: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL

2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe

2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll

2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll

2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: DaumCleanerService => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: PCSUService => 2

MSCONFIG\Services: Razer Game Scanner Service => 2

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2

MSCONFIG\Services: RealPlayer Cloud Service => 2

MSCONFIG\Services: RzMaelstromVADStreamingService => 2

MSCONFIG\Services: RzOvlMon => 2

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: SeaPort => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: Updater Service => 2

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wlidsvc => 2

MSCONFIG\Services: WMPNetworkSvc => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: wuauserv => 2

MSCONFIG\Services: YahooAUService => 2

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe

FirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe

FirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100

FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427

FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161

FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{66A45832-78DF-4DF5-AEE5-152E4DD6BD7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/14/2015 08:01:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1bfc

 

Start Time: 01d11f1700714260

 

Termination Time: 8

 

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Report Id: 856caaf1-8b0a-11e5-8141-1c750843763f

 

Error: (11/14/2015 07:59:34 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 4068

 

Start Time: 01d11f16dbf2d7d7

 

Termination Time: 12

 

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Report Id: 354f39cc-8b0a-11e5-8141-1c750843763f

 

Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 43214040

 

Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 43214040

 

Error: (11/14/2015 05:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 122273

 

Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 122273

 

Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 121275

 

Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 121275

 

 

System errors:

=============

Error: (11/14/2015 05:19:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.

 

Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.4.

The computer with the IP address 192.168.0.12 did not allow the name to be claimed by

this computer.

 

Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.4.

The computer with the IP address 192.168.0.12 did not allow the name to be claimed by

this computer.

 

Error: (11/12/2015 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 4 time(s).

 

Error: (11/12/2015 05:00:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (11/12/2015 04:59:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (11/12/2015 04:59:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (11/10/2015 11:10:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (11/09/2015 10:55:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 3 time(s).

 

Error: (11/09/2015 10:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The RealPlayer Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

  Date: 2013-03-22 17:19:39.463

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-22 17:19:38.963

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-31 18:44:53.793

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-31 18:44:53.606

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 19:22:56.105

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 19:22:55.949

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-29 21:45:18.679

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-29 21:45:18.492

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-28 19:53:18.465

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-28 19:53:18.278

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 35%

Total physical RAM: 2806.71 MB

Available physical RAM: 1799.65 MB

Total Virtual: 7412.9 MB

Available Virtual: 6012.91 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:167.11 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Users shortcut scan result (x64) Version:07-11-2015

Ran by Master (2015-11-14 20:05:36)

Running from C:\Users\Master\Desktop

Boot Mode: Normal

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

 

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes (RealPlayer).lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Downloader.lnk -> C:\Windows\Installer\{B0235718-21E0-4A90-A42F-9C64C1B531CD}\recordingmanager.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\RichText.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\QTPlayer.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Mplayer.lnk -> C:\Program Files (x86)\Mplayer\smplayer_portable.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Uninstall.lnk -> C:\Program Files (x86)\Mplayer\uninstall.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP ePrint.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\HP ePrint.exe (HP - TEST)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP LaserJet Guide.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\C_help\Help.exe (Hewlett-Packard Company)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Install Notes.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\English\Manuals\1100SeriesInstallNotes.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Uninstall.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\Uninstall.exe (HP)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Wireless Configuration.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett Packard)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2\eSobi v2.lnk -> C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe (Macrovision Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\MyWinLocker.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\Launcher\x86\MiniLauncher.exe (Egis Technology Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\Online Help.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\x86\OnlineHelp.exe (Egis Technology Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너 제거.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê Á¦°Å.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Online registration.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\OLRSubmission\OLRSubmission.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Read Me.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\Readme.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Guide.lnk -> C:\book\Generic_User_Guide.pdf (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Quick Guide.lnk -> C:\book\Quick_Guide.pdf (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Acer GameZone Console.lnk -> C:\Program Files (x86)\Acer GameZone\GameConsole\Acer Game Console.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Spin & Win.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Poker Pop.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Merriam Websters Spell Jam.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Heroes of Hellas.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Galapago.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Farm Frenzy 2.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Dream Day First Home.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Cake Mania.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Amazonia.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Airport Mania First Flight.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Launch.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Acer Crystal Eye webcam.lnk -> C:\Program Files (x86)\Acer Crystal Eye webcam\CrystalEye.exe (Liteon)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Uninstall Acer Crystal Eye webcam.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager\Acer Backup Manager.lnk -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManager.exe (NewTech Infosystems, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer eRecovery Management.lnk -> C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe (Acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Updater.lnk -> C:\Program Files\Acer\Acer Updater\ALU.exe (Acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IdentityCard.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Welcome Center.lnk -> C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\Links\Desktop.lnk -> C:\Users\Master\Desktop ()

Shortcut: C:\Users\Master\Links\Downloads.lnk -> C:\Users\Master\Downloads ()

Shortcut: C:\Users\Master\Links\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Master\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet-Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Master\4Sync\Getting Started with 4Sync.lnk -> C:\Program Files (x86)\4Sync\Getting Started with 4Sync.pdf (No File)

Shortcut: C:\Users\Public\Desktop\Adobe Reader 9.lnk -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)

Shortcut: C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.)

Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()

Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()

Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

 

 

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos#channel-popular.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) ->  hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/Music

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) ->  hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/popular

 

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Cigarettes In the Theatre.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/01 - Cigarettes In the Theatre.mp3

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Come Back Home.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/02 - Come Back Home.mp3

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:

 

 

InternetURL: C:\Users\Master\Music\New folder\music\CODE KUNST - PARACHUTE [www.k2nblog.com]\K2NBLOG.com - visit for more albums, singles, MVs.url -> hxxp://k2nblog.com/

InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728

InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698

InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271

InternetURL: C:\Users\Master\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/

InternetURL: C:\Users\Master\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/messages

InternetURL: C:\Users\Master\Favorites\Links\Froggie.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539

InternetURL: C:\Users\Master\Favorites\Links\Google.url -> hxxps://www.google.co.uk/

InternetURL: C:\Users\Master\Favorites\Links\Suggested Sites (2).url -> hxxps://ieonline.microsoft.com/#ieslice

InternetURL: C:\Users\Master\Favorites\Links\Suggested Sites.url -> 0

InternetURL: C:\Users\Master\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\Houston Koreatown - Daum 카페.url -> hxxp://cafe.daum.net/txhouston

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\I LOVE HOUSTON  2011년 12월 휴스턴 지역 룸메이트, 하숙, 렌트관련 정보 - Daum 카페.url -> hxxp://cafe.daum.net/Houston/T5MM/42?docid=7Q6kT5MM4220111215120833

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\코리안 휴스턴 메인홈.url -> hxxp://korean-houston.com/cafexe/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Welcome to 04UK.COM.url -> hxxp://www.04uk.com/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Google.url -> hxxps://www.google.co.uk/

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Student Home Page NEW.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/?gl=GB&hl=en-GB

InternetURL: C:\Users\Master\4Sync\100GB Storage.url -> hxxp://www.4sync.com

 

==================== End of Shortcut.txt =============================
Link to post
Share on other sites

RogueKiller V10.11.5.0 (x64) [Nov  9 2015] (Free) by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Master [Administrator]

Started from : C:\Users\Master\Desktop\RogueKillerX64.exe

Mode : Scan -- Date : 11/14/2015 20:48:14

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 17 ¤¤¤

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB}  -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB}  -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} -> Found

[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kvrrwkon (System32\drivers\avvifrad.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vtany (\??\C:\Windows\vtany.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtany (\??\C:\Windows\vtany.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vtany (\??\C:\Windows\vtany.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 9 ¤¤¤

[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

[PUP][Folder] C:\Program Files (x86)\globalUpdate -> Found

[PUP][Folder] C:\Program Files (x86)\predm -> Found

[PUP][Folder] C:\Program Files (x86)\SearchProtect -> Found

[PUP][Folder] C:\Program Files (x86)\SimilarSites -> Found

[PUP][Folder] C:\Program Files (x86)\Sk-Enhancer -> Found

[PUP][Folder] C:\Program Files (x86)\ToggleMark -> Found

[PUP][Folder] C:\Program Files (x86)\W3i -> Found

[PUP][Folder] C:\Program Files (x86)\WebSearch -> Found

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] wkwtgo1d.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224");-> Found

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] 950f05daa3c404232d19ff8ca44b1749

[bSP] 16176d5abc32588c5d7e90f1b6e320f1 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Thanks for the logs, continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning

    drwebselect.JPG
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    drwebfolders.JPG
  • Press start scan
  • The scan will now commence

    drwebscan.JPG
  • Once the scan has finished click open report <<<--- Do not miss this step

    drwebscancomplete.JPG
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Attach it to your next reply…
 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin...

 

 

Fixlist.txt

Link to post
Share on other sites

 Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015

Ran by Master (2015-11-17 13:13:59) Run:1
Running from C:\Users\Master\Desktop
Loaded Profiles: Master (Available Profiles: Master)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()
C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe
C:\Users\Master\AppData\Roaming\afght
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} =>  No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} =>  No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} =>  No File
ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} =>  No File
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444
Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)
Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)
cmd: netsh winsock reset
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]
S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X]
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log
2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log
2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log
2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log
2012-08-21 20:40 - 2015-11-05 12:36 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg
2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c
2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log
C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe
C:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe
C:\Users\Master\AppData\Local\temp\lowproc.exe
C:\Users\Master\AppData\Local\temp\qdAstsetup13.exe
C:\Users\Master\AppData\Local\temp\stubhelper.dll
C:\Users\Master\AppData\Local\temp\tu17p84.exe
Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION
c:\programdata\quickset
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
EmptyTemp:
End
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ldkxa => value removed successfully
C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe => moved successfully
C:\Users\Master\AppData\Roaming\afght => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay1" => key removed successfully
"HKCR\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay2" => key removed successfully
"HKCR\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay3" => key removed successfully
"HKCR\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay4" => key removed successfully
"HKCR\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully
HKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully
HKCR\Wow6432Node\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
BstHdAndroidSvc => service not found.
BstHdLogRotatorSvc => service not found.
BstHdUpdaterSvc => service not found.
Razer Game Scanner Service => service removed successfully
RzMaelstromVADStreamingService => service removed successfully
AhnFlt2K => service removed successfully
AhnRec2K => service removed successfully
BstHdDrv => service not found.
dump_wmimmc => service removed successfully
EagleX64 => service removed successfully
JRSKD24 => service removed successfully
TfFsMon => service removed successfully
TfNetMon => service removed successfully
TfSysMon => service removed successfully
vtany => service removed successfully
wanatw => service removed successfully
xspirit => service removed successfully
C:\Users\Master\AppData\Local\aqgghxya.log => moved successfully
C:\Users\Master\AppData\Local\kxolkgoj.log => moved successfully
C:\Users\Master\AppData\Local\mmxikddc.log => moved successfully
C:\Users\Master\AppData\Local\qdavljxb.log => moved successfully
C:\Users\Master\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\243c3831_c => moved successfully
C:\ProgramData\cytkwumn.log => moved successfully
C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Master\AppData\Local\temp\lowproc.exe => moved successfully
C:\Users\Master\AppData\Local\temp\qdAstsetup13.exe => moved successfully
C:\Users\Master\AppData\Local\temp\stubhelper.dll => moved successfully
C:\Users\Master\AppData\Local\temp\tu17p84.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMSCustom => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSCustom" => key removed successfully
"C:\Windows\AutoKMS" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found. 
C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => moved successfully
c:\programdata\quickset => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
EmptyTemp: => 2.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:19:05 ====
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17/11/2015

Scan Time: 13:38

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.17.03

Rootkit Database: v2015.11.14.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Master

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 422351

Time Elapsed: 45 min, 10 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 15

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], 

PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [27f03c4392f986b0feb7c77d32d0b848], 

 

Registry Values: 2

Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [43d42d528b00ff37204ad9633fc3e818], 

Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [35e21c6363283105016966d642c039c7], 

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

# AdwCleaner v5.021 - Logfile created 17/11/2015 at 14:43:21

# Updated 14/11/2015 by Xplode

# Database : 2015-11-13.3 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Master - LUKE

# Running from : C:\Users\Master\Desktop\AdwCleaner.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\SearchProtect

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate

[-] Folder Deleted : C:\Program Files (x86)\predm

[-] Folder Deleted : C:\Program Files (x86)\SearchProtect

[-] Folder Deleted : C:\Program Files (x86)\SimilarSites

[-] Folder Deleted : C:\Program Files (x86)\Sk-Enhancer

[-] Folder Deleted : C:\Program Files (x86)\ToggleMark

[-] Folder Deleted : C:\Program Files (x86)\w3i

[-] Folder Deleted : C:\Program Files (x86)\WebSearch

[-] Folder Deleted : C:\ProgramData\Ask

[-] Folder Deleted : C:\ProgramData\Babylon

[-] Folder Deleted : C:\ProgramData\TVWizard

[-] Folder Deleted : C:\ProgramData\w3i

[-] Folder Deleted : C:\ProgramData\Suurf and kEep

[-] Folder Deleted : C:\ProgramData\519817776577d2c8

[-] Folder Deleted : C:\Users\Master\AppData\Local\Bundled software uninstaller

[-] Folder Deleted : C:\Users\Master\AppData\Local\globalUpdate

[-] Folder Deleted : C:\Users\Master\AppData\Local\Zoom_Downloader

[-] Folder Deleted : C:\Users\Master\AppData\Local\DeskBar

[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Conduit

[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\mixidj

[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Yahoo!\Companion

[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\B5T

[-] Folder Deleted : C:\Users\Master\AppData\Roaming\Activeris

[-] Folder Deleted : C:\Users\Master\AppData\Roaming\eType

[-] Folder Deleted : C:\Users\Master\AppData\Roaming\SkypEmoticons

 

***** [ Files ] *****

 

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

[-] File Deleted : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js

[-] File Deleted : C:\Windows\SysNative\roboot64.exe

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : RunAsStdUser Task

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

[-] Key Deleted : HKCU\Software\Mozilla\Extends

[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils

[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient

[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{646BAAE7-7538-4866-8EEE-974C0AA910AB}]

[-] Key Deleted : HKLM\SOFTWARE\Classes\ppsmb

[-] Key Deleted : HKCU\Software\90dfdbb43cbf12

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_617c7ac4

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\nklfajnmfbchcceflgddnkignfheooic

[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}

[-] Key Deleted : HKCU\Software\Classes\CLSID\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\BI

[-] Key Deleted : HKCU\Software\GlobalUpdate

[-] Key Deleted : HKCU\Software\IM

[-] Key Deleted : HKCU\Software\ImInstaller

[-] Key Deleted : HKCU\Software\RegisteredApplicationsEx

[-] Key Deleted : HKCU\Software\Store

[-] Key Deleted : HKCU\Software\DAILYPCCLEAN

[-] Key Deleted : HKCU\Software\Yahoo\Companion

[-] Key Deleted : HKCU\Software\PPStream

[-] Key Deleted : HKCU\Software\WEBAPP

[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\Babylon

[-] Key Deleted : HKLM\SOFTWARE\Conduit

[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate

[-] Key Deleted : HKLM\SOFTWARE\Sk-Enhancer

[-] Key Deleted : HKLM\SOFTWARE\SP Global

[-] Key Deleted : HKLM\SOFTWARE\W3I

[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\B5TService

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F445C8D2-5860-4978-A564-0D8F36A879E4}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : apjkpjchfbckhjhokinlgdbmibpbbjak

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blmchfpimpbbdmgpcieclabeafkljbhm

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eooncjejnppfjjklapaamhcdmjbilmde

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jojhdgnandjllaeaaccnkddgieegmljj

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpmbfleldcgkldadpdinhjjopdfpjfjp

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mkndcbhcgphcfkkddanakjiepeknbgle

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nklfajnmfbchcceflgddnkignfheooic

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogccgbmabaphcakpiclgcnmcnimhokcj

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pelmeidfhdlhlbjimpabfcbnnojbboma

[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16992 bytes] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.0 (11.12.2015)

Operating System: Windows 7 Home Premium x64 

Ran by Master (Administrator) on 17/11/2015 at 14:58:17.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 6 

 

Successfully deleted: C:\Users\Master\AppData\Local\crashrpt (Folder) 

Successfully deleted: C:\Users\Master\AppData\Local\cre (Folder) 

Successfully deleted: C:\Users\Master\AppData\Local\installer (Folder) 

Successfully deleted: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\extensions\staged (Folder) 

Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf (File) 

Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File) 

 

 

 

Registry: 1 

 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} (Registry Key)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/11/2015 at 15:01:02.68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.