kgh5219 Posted October 29, 2015 ID:998619 Share Posted October 29, 2015 A very complicated virus that started off a chain of downloads. It's called gzsir.exe? I've searched it up on the Internet and it seems that no one else had encountered this virus. It seems to be Chinese. There is also an adware called Chinad? Makes annoying Chinese ads come up. The virus also installed a bunch of extensions and changed start up pages and suchlike. It also disguises it's processes with other names like chrome.exe and other stuff, but in the beginning it was gzsir.exe. Please help, ran malwarebyte a few times and chinad keeps coming up even though I had supposedly quarantined it I also basically deleted a bunch of suspicious looking files but I was an idiot and let the virus run for a long time because I was downloading music (which was how I got the virus in the first place :/ ) Link to post Share on other sites More sharing options...
kevinf80 Posted October 30, 2015 ID:998639 Share Posted October 30, 2015 Hello and welcome to Malwarebytes.orgP2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Next,Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Next,Follow the instructions in the following link to show hidden files:http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Next,Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Next,Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open. Close the program > Don't Fix anything!Let me see those logs in your reply....Thank you,Kevin... Link to post Share on other sites More sharing options...
kgh5219 Posted November 5, 2015 Author ID:999902 Share Posted November 5, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 05/11/2015Scan Time: 12:26Logfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2015.11.05.03Rootkit Database: v2015.11.04.02License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Master Scan Type: Threat ScanResult: CompletedObjects Scanned: 478763Time Elapsed: 52 min, 42 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 9Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [90d7b1c9c6c549ed0204fd3304fe3dc3], Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [84e30773a1eaf54136d0260ac83a0cf4], PUP.Optional.BrowserAir, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{3CA2FCF0-1208-4E6E-B239-01BC581E228B}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Master\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir|, Quarantined, [3d2a3347abe03303493784493ac9a957]PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{CAB992EE-1D7F-43F5-A4ED-F2AB60FDD4D6}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\GeePlayer\GeePlayer.exe|Name=爱奇艺万能播放器|Desc=C:\IQIYI Video\GeePlayer\GeePlayer.exe|, Quarantined, [ec7b39416229e6502e58dbf26e9501ff]PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7B870D9A-B8EE-41C8-B6F9-EABB59B2EACF}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Master\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe|Name=爱奇艺升级模块|Desc=C:\Users\Master\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe|, Quarantined, [462184f6d1ba93a337557c51db2835cb]PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B0741C7B-5264-4284-8DB4-A17E0B266123}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyClient.exe|Name=爱奇艺PPS影音|Desc=C:\IQIYI Video\LStyle\QyClient.exe|, Quarantined, [0f58780286058bab266621ac29da9967]PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{EAF5C527-8EF3-40F2-A170-546CCF5171AB}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyWebPlayer.exe|Name=爱奇艺PPS影音|Desc=C:\IQIYI Video\LStyle\QyWebPlayer.exe|, Quarantined, [14536e0cd4b7a393ff8d468756ade719]PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{165F2037-7A20-440A-B646-D8F72FEA368B}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\Common\QyKernel.exe|Name=爱奇艺HCDN网络数据传输组件|Desc=C:\IQIYI Video\Common\QyKernel.exe|, Quarantined, [1a4d54266d1e171f9eeea825bc478e72]PUP.Optional.IQIYI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E831D923-2D77-43CE-AB0F-989E8BE4E7F2}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\IQIYI Video\LStyle\QyPlayer.exe|Name=爱奇艺视频播放器|Desc=C:\IQIYI Video\LStyle\QyPlayer.exe|, Quarantined, [b6b1344693f8af87325ab21b12f1837d] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.ChinAd, C:\Users\Master\AppData\Local\temp\setup3.exe, Quarantined, [b8afa0daf596a69044d190b72dd3f20e], PUP.Optional.ChinAd, C:\Users\Master\AppData\Local\temp\IQIYIsetup_spl004@kb037.exe, Quarantined, [75f2c2b85e2d40f6e77f1eaf0df69f61], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kgh5219 Posted November 5, 2015 Author ID:999904 Share Posted November 5, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015Ran by Master (administrator) on LUKE (05-11-2015 13:37:24)Running from C:\Users\Master\DesktopLoaded Profiles: Master (Available Profiles: Master & Ruke)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Windows\SysWOW64\DM.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(HP) C:\Windows\System32\HPSIsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Spotify Ltd) C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286784 2015-09-04] (RealNetworks, Inc.)HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [spotify Web Helper] => C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd)HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exeHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exeAppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => No FileShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No FileShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No FileShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No FileShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No FileShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-28]ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [DhcpNameServer] 192.168.0.1 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {F445C8D2-5860-4978-A564-0D8F36A879E4} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EGB&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=241C9536-6D17-4B8D-ABB1-7395AE106732&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_10.0.9200.16635&doi=2013-07-15&trgb=IE&q={searchTerms}&psv=BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)BHO-x32: Daum 클리너 -> {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} -> C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll [2012-08-01] (Daum Communications Corp.)BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No FileToolbar: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cabDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SKV67EK\TouchEnKey_Installer.exeDPF: HKLM-x32 {8C96AC47-F768-47F5-95C2-24018E6674C5} hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cabDPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2015-02-23] (© INITECH)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.defaultFF SelectedSearchEngine: v9FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File]FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2011-11-16] (Nexon)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-04] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-04] (RealTimes)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [No File]FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2562538608-3379174730-3565747309-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [2015-02-23]FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not foundFF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtensionFF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-04] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtensionFF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not foundFF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtensionFF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=setCHR StartupUrls: Default -> "hxxp://google.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No FileCHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No FileCHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No FileCHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No FileCHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No FileCHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No FileCHR Plugin: (Unity Player) - C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No FileCHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)CHR Profile: C:\Users\Master\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]CHR Extension: (YouTube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]CHR Extension: (Adblock Plus) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]CHR Extension: (Google Search) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]CHR Extension: (Google Docs Offline) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]CHR Extension: (Chrome Web Store Payments) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]CHR Extension: (Gmail) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]CHR HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - C:\Users\Master\AppData\Local\B5T\6.0.5.2\Extensions\B5TShoppingAssistantNativeMsg.crx <not found>StartMenuInternet: Google Chrome.I7TI3I7QGXMC6GV4VF542MKHD4 - C:\Users\luk\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)S4 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [199088 2012-08-01] (Daum Communications Corp.)R2 DM; C:\Windows\SysWOW64\DM.exe [2535424 2011-06-07] () [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3963248 2011-01-12] (INCA Internet Co., Ltd.) [File not signed]S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-20] (Wellbia.com Co., Ltd.) [File not signed]S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)R2 clunet; C:\Windows\system32\drivers\clunet.sys [49224 2010-10-18] (Windows ® Win 7 DDK provider)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-02-28] (RaonSecure Co., Ltd.)S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-02-28] (Kings Information & Network)S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-05] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-15] (AhnLab, Inc.)S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-15] (AhnLab, Inc.)S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98040 2012-03-07] (AhnLab, Inc.)S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107768 2012-03-07] (AhnLab, Inc.)S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [183544 2012-03-07] (AhnLab, Inc.)S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2015-05-15] ()S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21432 2015-02-23] (SoftCamp)S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [42352 2015-02-23] (SoftCamp)S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]S0 TfFsMon; system32\drivers\TfFsMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]S0 TfSysMon; system32\drivers\TfSysMon.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 wanatw; system32\DRIVERS\wanatw64.sys [X]S3 xspirit; \??\C:\Windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-05 13:37 - 2015-11-05 13:38 - 00033223 _____ C:\Users\Master\Desktop\FRST.txt2015-11-05 13:37 - 2015-11-05 13:37 - 00000000 ____D C:\FRST2015-11-05 13:36 - 2015-11-05 13:36 - 02198016 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe2015-11-05 12:15 - 2015-11-05 12:15 - 00000000 ____D C:\MGADiagToolOutput2015-11-05 12:13 - 2015-11-05 12:13 - 02031992 _____ (Microsoft Corporation) C:\Users\Master\Downloads\MGADiag.exe2015-11-05 12:13 - 2015-11-05 12:13 - 00000000 ____D C:\ProgramData\Office Genuine Advantage2015-11-05 12:10 - 2015-11-05 13:33 - 00006424 _____ C:\Windows\system32\PerfStringBackup.TMP2015-11-05 12:10 - 2015-11-05 12:10 - 00002709 _____ C:\Users\Master\Downloads\legitcheck.hta2015-11-05 12:08 - 2015-11-05 12:08 - 00000552 _____ C:\Windows\system32\spsys.log2015-11-05 12:07 - 2015-11-05 13:25 - 00010800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-11-05 12:07 - 2015-11-05 13:25 - 00010800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-11-05 12:03 - 2015-11-05 12:04 - 00470072 _____ C:\Windows\system32\FNTCACHE.DAT2015-10-29 19:32 - 2015-10-29 19:32 - 00000000 __SHD C:\found.0012015-10-29 19:24 - 2015-10-29 19:24 - 00007604 _____ C:\Users\Ruke\AppData\Local\Resmon.ResmonCfg2015-10-29 19:22 - 2015-10-29 19:22 - 00001421 _____ C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Real2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Macromedia2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Intel Corporation2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Apple Computer2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Roaming\Adobe2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\Google2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\EgisTec IPS2015-10-29 19:22 - 2015-10-29 19:22 - 00000000 ____D C:\Users\Ruke\AppData\Local\CrashRpt2015-10-29 19:21 - 2015-10-29 19:21 - 00000020 ___SH C:\Users\Ruke\ntuser.ini2015-10-29 19:21 - 2015-10-29 19:21 - 00000000 ____D C:\Users\Ruke2015-10-29 19:21 - 2011-02-20 21:01 - 00000000 ____D C:\Users\Ruke\AppData\Local\Microsoft Help2015-10-29 19:21 - 2009-07-14 04:54 - 00000000 ___RD C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-10-29 19:21 - 2009-07-14 04:49 - 00000000 ___RD C:\Users\Ruke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-10-29 18:26 - 2015-10-29 18:26 - 00000000 ____D C:\Windows\Minidump2015-10-28 15:40 - 2015-10-28 15:40 - 00000080 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk2015-10-28 13:40 - 2015-10-28 15:40 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-10-28 13:33 - 2015-10-28 15:41 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-10-28 13:14 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\LocalLow\B5T2015-10-28 13:14 - 2015-10-28 13:14 - 00000000 ____D C:\Users\Master\AppData\Roaming\afght2015-10-28 13:11 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\Local\DeskBar2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\Apple Inc2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\7AC9325A-5313-488A-9DB0-D0B71223D70B.aplzod2015-10-28 11:38 - 2015-10-28 15:40 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk2015-10-28 11:38 - 2015-10-28 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-10-28 11:37 - 2015-10-28 11:38 - 00000000 ____D C:\Program Files\iTunes2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files\iPod2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files (x86)\iTunes2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files\Bonjour2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-10-28 11:29 - 2015-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-10-27 10:58 - 2015-10-27 10:58 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll2015-10-23 21:40 - 2015-10-23 21:40 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Oracle ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-05 13:31 - 2010-12-04 04:05 - 01197266 _____ C:\Windows\WindowsUpdate.log2015-11-05 13:29 - 2015-03-12 17:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-05 13:26 - 2014-11-15 17:35 - 00701022 _____ C:\Windows\PFRO.log2015-11-05 13:26 - 2014-09-30 17:06 - 00006968 _____ C:\Windows\setupact.log2015-11-05 13:26 - 2011-03-11 19:47 - 00000000 ____D C:\Windows\Sun2015-11-05 12:36 - 2012-08-21 20:40 - 00007602 _____ C:\Users\Master\AppData\Local\Resmon.ResmonCfg2015-11-05 12:19 - 2013-11-26 21:32 - 00000000 ____D C:\Users\Master\AppData\Roaming\uTorrent2015-11-05 12:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss2015-10-29 22:31 - 2012-08-18 10:20 - 00000000 ____D C:\Users\Master2015-10-29 19:22 - 2013-12-17 21:56 - 00118216 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT2015-10-29 19:22 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-10-29 19:15 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup2015-10-28 16:02 - 2012-08-18 10:21 - 00000000 ____D C:\Users\Master\AppData\Roaming\Apple Computer2015-10-28 16:02 - 2011-02-22 21:02 - 00000000 ____D C:\Program Files\Common Files\Apple2015-10-28 15:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\addins2015-10-28 15:41 - 2014-09-11 20:39 - 00001816 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-10-28 15:41 - 2014-04-26 09:28 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-10-28 15:41 - 2012-08-18 10:20 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk2015-10-28 15:41 - 2011-12-01 19:36 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk2015-10-28 15:41 - 2011-02-24 14:00 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk2015-10-28 15:41 - 2011-02-22 21:03 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-10-28 15:41 - 2010-12-04 04:26 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk2015-10-28 15:41 - 2010-08-30 09:26 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk2015-10-28 15:41 - 2010-08-30 08:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk2015-10-28 15:41 - 2010-08-30 08:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk2015-10-28 15:41 - 2009-07-14 04:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk2015-10-28 15:40 - 2015-09-04 10:13 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk2015-10-28 15:40 - 2015-08-31 19:43 - 00001803 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-10-28 15:40 - 2014-08-27 00:37 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-28 15:40 - 2014-04-26 09:28 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-10-28 15:40 - 2013-12-21 18:08 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk2015-10-28 15:40 - 2013-12-15 10:12 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk2015-10-28 15:40 - 2012-09-06 06:04 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk2015-10-28 15:40 - 2011-12-01 19:36 - 00002485 _____ C:\Users\Public\Desktop\Safari.lnk2015-10-28 15:40 - 2011-03-15 19:13 - 00001972 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk2015-10-28 15:40 - 2009-07-14 05:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk2015-10-28 15:40 - 2009-07-14 04:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk2015-10-28 13:40 - 2015-03-12 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-10-28 13:40 - 2014-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-10-28 13:34 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\Local\Unity2015-10-28 13:15 - 2012-08-18 10:21 - 00118608 _____ C:\Users\Master\AppData\Local\GDIPFONTCACHEV1.DAT2015-10-28 13:14 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Unity2015-10-15 10:05 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps ==================== Files in the root of some directories ======= 2014-05-12 18:52 - 2014-03-16 01:22 - 0003541 _____ () C:\Program Files (x86)\NA_Network_Diagnostic_Test_v6.bat2014-05-12 18:53 - 2014-05-12 18:57 - 0015204 _____ () C:\Program Files (x86)\riot-lol-results-pc-v6.txt2013-05-11 18:00 - 2013-05-10 05:06 - 0011855 _____ () C:\Users\Master\AppData\Roaming\photo.jpeg2013-12-11 21:25 - 2014-06-02 20:57 - 0034816 _____ () C:\Users\Master\AppData\Roaming\RZR_0060a48d4361bf547311ce97226c.db2014-08-26 23:19 - 2014-08-26 23:19 - 0000047 _____ () C:\Users\Master\AppData\Roaming\WB.CFG2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log2015-08-14 10:47 - 2015-08-14 10:47 - 0004608 _____ () C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log2012-08-21 20:40 - 2015-11-05 12:36 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log Some files in TEMP:====================C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exeC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exeC:\Users\Master\AppData\Local\temp\lowproc.exeC:\Users\Master\AppData\Local\temp\qdAstsetup13.exeC:\Users\Master\AppData\Local\temp\stubhelper.dllC:\Users\Master\AppData\Local\temp\tu17p84.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 18:16 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kgh5219 Posted November 5, 2015 Author ID:999907 Share Posted November 5, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015Ran by Master (2015-11-05 13:38:35)Running from C:\Users\Master\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled)Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled)Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\MasterRuke (S-1-5-21-2562538608-3379174730-3565747309-1006 - Administrator - Enabled) => C:\Users\Ruke ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) HiddenBing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) HiddenBlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDaum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.)Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) HiddenFarm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenHeroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) HiddenhppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) HiddenhppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) HiddenHPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: - )Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMalwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMerriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Excel 2007 Help 업데이트 (KB963678) (HKLM-x32\...\{90120000-0016-0412-0000-0000000FF1CE}_ENTERPRISE_{DEA3DED2-5CB8-4FD3-BE1B-7C0412D4117F}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Powerpoint 2007 Help 업데이트 (KB963669) (HKLM-x32\...\{90120000-0018-0412-0000-0000000FF1CE}_ENTERPRISE_{98189FA0-E081-4DBD-84DE-8FB66BF4AC6C}) (Version: - Microsoft)Microsoft Office Word 2007 Help 업데이트 (KB963665) (HKLM-x32\...\{90120000-001B-0412-0000-0000000FF1CE}_ENTERPRISE_{15B9412E-6769-4CEA-8A83-39FEDB1F3499}) (Version: - Microsoft)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems)MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) HiddenNexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation)Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) HiddenRealDownloader (x32 Version: 18.0.2.60 - RealNetworks) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenSafari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTIONShredder (Version: 2.0.8.3 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) HiddenSK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version: - Verified Publisher)Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - )Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVeraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera)Video Downloader (x32 Version: 1.0.0 - RealNetworks) HiddenVLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTIONTask: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=DefaultTask: {117987D2-0CDD-424B-8F35-E501D4C15F83} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {1BF6F709-663B-4985-967D-18DF3E1A68AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=DefaultTask: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder"Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"Task: {426F6309-9A90-4293-9CF5-AF85B53C0171} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exeTask: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONTask: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTIONTask: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTIONTask: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory"Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exeTask: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"Task: {E3D86EE5-3B45-4A8C-92B8-1099DF26175D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTIONTask: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exeTask: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll2015-09-04 10:13 - 2015-09-04 10:13 - 00089152 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll2009-08-04 16:23 - 2009-08-04 16:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll2009-08-04 16:23 - 2009-08-04 16:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2015-10-28 05:07 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll2015-10-28 05:07 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:4D066AD2AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2AlternateDataStreams: C:\ProgramData\Temp:E1F04E8DAlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: DaumCleanerService => 3MSCONFIG\Services: EFS => 3MSCONFIG\Services: eventlog => 2MSCONFIG\Services: Fax => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: PCSUService => 2MSCONFIG\Services: Razer Game Scanner Service => 2MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2MSCONFIG\Services: RealPlayer Cloud Service => 2MSCONFIG\Services: RzMaelstromVADStreamingService => 2MSCONFIG\Services: RzOvlMon => 2MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: SDRSVC => 3MSCONFIG\Services: SeaPort => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: Steam Client Service => 3MSCONFIG\Services: SysMain => 2MSCONFIG\Services: Updater Service => 2MSCONFIG\Services: Wecsvc => 3MSCONFIG\Services: wlidsvc => 2MSCONFIG\Services: WMPNetworkSvc => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\Services: wuauserv => 2MSCONFIG\Services: YahooAUService => 2MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kMSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXEMSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exeFirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exeFirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exeFirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exeFirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exeFirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exeFirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exeFirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exeFirewallRules: [{8C0A2E64-DA6C-4A3F-A4A8-10D58D036AC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= Name: BlueStacks HypervisorDescription: BlueStacks HypervisorClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: BstHdDrvProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (02/07/2015 07:41:46 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acFaulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acException code: 0xc0000005Fault offset: 0x000b8554Faulting process id: 0x2a70Faulting application start time: 0xrads_user_kernel.exe0Faulting application path: rads_user_kernel.exe1Faulting module path: rads_user_kernel.exe2Report Id: rads_user_kernel.exe3 Error: (02/06/2015 06:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acFaulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acException code: 0xc0000005Fault offset: 0x000b8554Faulting process id: 0x2c10Faulting application start time: 0xrads_user_kernel.exe0Faulting application path: rads_user_kernel.exe1Faulting module path: rads_user_kernel.exe2Report Id: rads_user_kernel.exe3 Error: (02/05/2015 09:54:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acFaulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acException code: 0xc0000005Fault offset: 0x000b8554Faulting process id: 0x105cFaulting application start time: 0xrads_user_kernel.exe0Faulting application path: rads_user_kernel.exe1Faulting module path: rads_user_kernel.exe2Report Id: rads_user_kernel.exe3 Error: (01/31/2015 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acFaulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acException code: 0xc0000005Fault offset: 0x000b8554Faulting process id: 0x1f74Faulting application start time: 0xrads_user_kernel.exe0Faulting application path: rads_user_kernel.exe1Faulting module path: rads_user_kernel.exe2Report Id: rads_user_kernel.exe3 Error: (01/23/2015 12:52:40 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acFaulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1acException code: 0xc0000005Fault offset: 0x000b8554Faulting process id: 0x18e4Faulting application start time: 0xrads_user_kernel.exe0Faulting application path: rads_user_kernel.exe1Faulting module path: rads_user_kernel.exe2Report Id: rads_user_kernel.exe3 Error: (01/21/2015 06:03:28 PM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program PMM Update Application because of this error. Program: PMM Update ApplicationFile: The error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and- It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted.- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance. Additional DataError value: 00000000Disk type: 0 System errors:=============Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:18:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 CodeIntegrity:=================================== Date: 2013-03-22 17:19:39.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-22 17:19:38.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.606 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:56.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:55.949 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.679 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.492 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.465 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.278 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHzPercentage of memory in use: 61%Total physical RAM: 2806.71 MBAvailable physical RAM: 1074 MBTotal Virtual: 7412.9 MBAvailable Virtual: 5266.92 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:165.41 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted November 5, 2015 ID:999912 Share Posted November 5, 2015 Thanks for those logs, unfortunately there is evidence of installed and active illegal software. That is a direct breach of forum protocol, I cannot offer any further help, if you do not agree with that action you willhave to contact a forum moderator.. Thank you, Kevin. Link to post Share on other sites More sharing options...
kgh5219 Posted November 5, 2015 Author ID:999914 Share Posted November 5, 2015 Um, I'm not actually sure what illegal software I have... could you please tell me? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 5, 2015 Root Admin ID:999963 Share Posted November 5, 2015 Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 5, 2015 Root Admin ID:999964 Share Posted November 5, 2015 This topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Link to post Share on other sites More sharing options...
kgh5219 Posted November 5, 2015 Author ID:999980 Share Posted November 5, 2015 Caught a virus that downloaded a bunch of other nasty stuff. Also changed my windows key or something so my computer tells me that I dont have genuine windows the virus hides as other processes, eg. chrome.exe. i know this because there are like 10 chrome processes when i just open it. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 6, 2015 Root Admin ID:1000045 Share Posted November 6, 2015 I'm sorry but AutoKMS is not due to an infection. One has to read where and how to download and then how to install it. It's done on purpose. The best thing to do is backup your data and format the drive and install Windows 10 or contact Microsoft who can work with you to change your Windows to a legitimate licensed version. https://forums.malwarebytes.org/index.php?/topic/174566-new-virus-that-wont-go-away/ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 12, 2015 Root Admin ID:1001413 Share Posted November 12, 2015 Topic reopened per request Link to post Share on other sites More sharing options...
kgh5219 Posted November 12, 2015 Author ID:1001463 Share Posted November 12, 2015 So, should I redo all the steps again? The adware is still coming up on scans Link to post Share on other sites More sharing options...
kevinf80 Posted November 12, 2015 ID:1001467 Share Posted November 12, 2015 Which scans show the adware? can you post logs? Link to post Share on other sites More sharing options...
kgh5219 Posted November 13, 2015 Author ID:1001549 Share Posted November 13, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 13/11/2015Scan Time: 13:22Logfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2015.11.13.04Rootkit Database: v2015.11.13.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Master Scan Type: Threat ScanResult: CompletedObjects Scanned: 433489Time Elapsed: 48 min, 0 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 4Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [682038453358cb6b08e896a248babb45], Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [91f7e39aabe07eb8ba36b0886b97ca36], PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyClient.exe, 9000, Quarantined, [7f09a1dcd2b9270fb611f9de28db43bd]PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe, 9000, Quarantined, [c4c4443905868aac2b9b667140c30cf4] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted November 13, 2015 ID:1001550 Share Posted November 13, 2015 Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs.... Next, Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open. Close the program > Don't Fix anything! Thank you, Kevin... Link to post Share on other sites More sharing options...
kgh5219 Posted November 14, 2015 Author ID:1001743 Share Posted November 14, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015Ran by Master (administrator) on LUKE (14-11-2015 20:02:16)Running from C:\Users\Master\DesktopLoaded Profiles: Master (Available Profiles: Master)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Windows\SysWOW64\DM.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(HP) C:\Windows\System32\HPSIsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Spotify Ltd) C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286784 2015-09-04] (RealNetworks, Inc.)HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [spotify Web Helper] => C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd)HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exeHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exeAppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => No FileShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No FileShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No FileShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No FileShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No FileShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-28]ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [DhcpNameServer] 192.168.0.1 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {F445C8D2-5860-4978-A564-0D8F36A879E4} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EGB&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=241C9536-6D17-4B8D-ABB1-7395AE106732&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_10.0.9200.16635&doi=2013-07-15&trgb=IE&q={searchTerms}&psv=BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)BHO-x32: Daum 클리너 -> {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} -> C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll [2012-08-01] (Daum Communications Corp.)BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No FileToolbar: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cabDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SKV67EK\TouchEnKey_Installer.exeDPF: HKLM-x32 {8C96AC47-F768-47F5-95C2-24018E6674C5} hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cabDPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2015-02-23] (© INITECH)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.defaultFF SelectedSearchEngine: v9FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File]FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2011-11-16] (Nexon)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-04] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-04] (RealTimes)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [No File]FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2562538608-3379174730-3565747309-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [2015-02-23]FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not foundFF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtensionFF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-04] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtensionFF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not foundFF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtensionFF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=setCHR StartupUrls: Default -> "hxxp://google.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No FileCHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No FileCHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No FileCHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No FileCHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No FileCHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No FileCHR Plugin: (Unity Player) - C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No FileCHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)CHR Profile: C:\Users\Master\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]CHR Extension: (YouTube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]CHR Extension: (Adblock Plus) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]CHR Extension: (Google Search) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]CHR Extension: (Google Docs Offline) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]CHR Extension: (Chrome Web Store Payments) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]CHR Extension: (Gmail) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]CHR HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - C:\Users\Master\AppData\Local\B5T\6.0.5.2\Extensions\B5TShoppingAssistantNativeMsg.crx <not found>StartMenuInternet: Google Chrome.I7TI3I7QGXMC6GV4VF542MKHD4 - C:\Users\luk\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)S4 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [199088 2012-08-01] (Daum Communications Corp.)R2 DM; C:\Windows\SysWOW64\DM.exe [2535424 2011-06-07] () [File not signed]S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3963248 2011-01-12] (INCA Internet Co., Ltd.) [File not signed]S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-20] (Wellbia.com Co., Ltd.) [File not signed]S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)R2 clunet; C:\Windows\system32\drivers\clunet.sys [49224 2010-10-18] (Windows ® Win 7 DDK provider)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-02-28] (RaonSecure Co., Ltd.)S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-02-28] (Kings Information & Network)S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) [File not signed]U0 kvrrwkon; C:\Windows\System32\drivers\avvifrad.sys [79064 2015-11-13] (Malwarebytes)S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-15] (AhnLab, Inc.)S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-15] (AhnLab, Inc.)S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98040 2012-03-07] (AhnLab, Inc.)S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107768 2012-03-07] (AhnLab, Inc.)S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [183544 2012-03-07] (AhnLab, Inc.)S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2015-05-15] ()S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21432 2015-02-23] (SoftCamp)S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [42352 2015-02-23] (SoftCamp)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-05] ()S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]R0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]S0 TfFsMon; system32\drivers\TfFsMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]S0 TfSysMon; system32\drivers\TfSysMon.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 wanatw; system32\DRIVERS\wanatw64.sys [X]S3 xspirit; \??\C:\Windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 20:02 - 2015-11-14 20:02 - 00031286 _____ C:\Users\Master\Desktop\FRST.txt2015-11-14 19:51 - 2015-11-14 19:51 - 00000000 ____D C:\Users\Master\Desktop\FRST-OlderVersion2015-11-13 14:59 - 2015-11-13 14:59 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\avvifrad.sys2015-11-05 22:45 - 2015-11-12 22:46 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2015-11-05 13:47 - 2015-11-05 13:47 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-11-05 13:47 - 2015-11-05 13:47 - 00000000 ____D C:\ProgramData\RogueKiller2015-11-05 13:46 - 2015-11-05 13:46 - 18969672 _____ C:\Users\Master\Desktop\RogueKiller.exe2015-11-05 13:37 - 2015-11-14 20:02 - 00000000 ____D C:\FRST2015-11-05 13:36 - 2015-11-14 19:51 - 02198528 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe2015-11-05 12:15 - 2015-11-05 12:15 - 00000000 ____D C:\MGADiagToolOutput2015-11-05 12:13 - 2015-11-05 12:13 - 02031992 _____ (Microsoft Corporation) C:\Users\Master\Downloads\MGADiag.exe2015-11-05 12:13 - 2015-11-05 12:13 - 00000000 ____D C:\ProgramData\Office Genuine Advantage2015-11-05 12:10 - 2015-11-07 17:12 - 00006424 _____ C:\Windows\system32\PerfStringBackup.TMP2015-11-05 12:10 - 2015-11-05 12:10 - 00002709 _____ C:\Users\Master\Downloads\legitcheck.hta2015-11-05 12:08 - 2015-11-05 12:08 - 00000552 _____ C:\Windows\system32\spsys.log2015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-11-05 12:03 - 2015-11-05 22:01 - 00466456 _____ C:\Windows\system32\FNTCACHE.DAT2015-10-29 19:32 - 2015-10-29 19:32 - 00000000 __SHD C:\found.0012015-10-29 18:26 - 2015-10-29 18:26 - 00000000 ____D C:\Windows\Minidump2015-10-28 15:40 - 2015-10-28 15:40 - 00000080 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk2015-10-28 13:33 - 2015-10-28 15:41 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-10-28 13:14 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\LocalLow\B5T2015-10-28 13:14 - 2015-10-28 13:14 - 00000000 ____D C:\Users\Master\AppData\Roaming\afght2015-10-28 13:11 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\Local\DeskBar2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\Apple Inc2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\7AC9325A-5313-488A-9DB0-D0B71223D70B.aplzod2015-10-28 11:38 - 2015-10-28 15:40 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk2015-10-28 11:38 - 2015-10-28 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-10-28 11:37 - 2015-10-28 11:38 - 00000000 ____D C:\Program Files\iTunes2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files\iPod2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files (x86)\iTunes2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files\Bonjour2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-10-28 11:29 - 2015-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-10-27 10:58 - 2015-10-27 10:58 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll2015-10-23 21:40 - 2015-10-23 21:40 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Oracle ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 20:02 - 2012-08-21 20:40 - 00007602 _____ C:\Users\Master\AppData\Local\Resmon.ResmonCfg2015-11-14 19:45 - 2013-06-15 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-11-14 19:10 - 2011-12-23 16:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-14 18:48 - 2014-06-21 11:23 - 00003334 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-10052015-11-14 18:48 - 2013-11-29 19:35 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-10052015-11-14 18:48 - 2011-12-23 16:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-14 18:48 - 2010-12-04 04:05 - 01219057 _____ C:\Windows\WindowsUpdate.log2015-11-13 15:04 - 2014-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-12 23:17 - 2014-08-27 00:37 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-12 22:47 - 2015-01-30 19:10 - 00003356 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-10052015-11-12 22:47 - 2015-01-30 19:10 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-10052015-11-12 22:46 - 2013-06-15 18:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-11-12 22:46 - 2012-05-12 16:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-12 22:46 - 2011-05-17 17:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-06 22:49 - 2014-09-30 17:06 - 00007080 _____ C:\Windows\setupact.log2015-11-06 22:49 - 2013-12-02 20:39 - 00000454 ____H C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job2015-11-06 22:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-05 22:38 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps2015-11-05 22:03 - 2012-08-18 10:21 - 00116184 _____ C:\Users\Master\AppData\Local\GDIPFONTCACHEV1.DAT2015-11-05 22:00 - 2014-11-15 17:35 - 00701374 _____ C:\Windows\PFRO.log2015-11-05 21:56 - 2011-02-19 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-05 21:56 - 2010-12-04 04:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2015-11-05 21:56 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\ShellNew2015-11-05 21:56 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild2015-11-05 21:51 - 2009-07-14 02:34 - 00000387 _____ C:\Windows\win.ini2015-11-05 21:48 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2015-11-05 14:24 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries2015-11-05 13:26 - 2011-03-11 19:47 - 00000000 ____D C:\Windows\Sun2015-11-05 12:19 - 2013-11-26 21:32 - 00000000 ____D C:\Users\Master\AppData\Roaming\uTorrent2015-11-05 12:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss2015-10-29 22:31 - 2012-08-18 10:20 - 00000000 ____D C:\Users\Master2015-10-29 19:22 - 2013-12-17 21:56 - 00118216 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT2015-10-29 19:22 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-10-29 19:15 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup2015-10-28 16:02 - 2012-08-18 10:21 - 00000000 ____D C:\Users\Master\AppData\Roaming\Apple Computer2015-10-28 16:02 - 2011-02-22 21:02 - 00000000 ____D C:\Program Files\Common Files\Apple2015-10-28 15:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\addins2015-10-28 15:41 - 2014-09-11 20:39 - 00001816 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-10-28 15:41 - 2014-04-26 09:28 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-10-28 15:41 - 2012-08-18 10:20 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk2015-10-28 15:41 - 2011-12-01 19:36 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk2015-10-28 15:41 - 2011-02-24 14:00 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk2015-10-28 15:41 - 2011-02-24 13:59 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk2015-10-28 15:41 - 2011-02-22 21:03 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-10-28 15:41 - 2010-12-04 04:26 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk2015-10-28 15:41 - 2010-08-30 09:26 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk2015-10-28 15:41 - 2010-08-30 08:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk2015-10-28 15:41 - 2010-08-30 08:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk2015-10-28 15:41 - 2009-07-14 04:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk2015-10-28 15:41 - 2009-07-14 04:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk2015-10-28 15:40 - 2015-09-04 10:13 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk2015-10-28 15:40 - 2015-08-31 19:43 - 00001803 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-10-28 15:40 - 2014-04-26 09:28 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-10-28 15:40 - 2013-12-21 18:08 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk2015-10-28 15:40 - 2013-12-15 10:12 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk2015-10-28 15:40 - 2012-09-06 06:04 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk2015-10-28 15:40 - 2011-12-01 19:36 - 00002485 _____ C:\Users\Public\Desktop\Safari.lnk2015-10-28 15:40 - 2011-03-15 19:13 - 00001972 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk2015-10-28 15:40 - 2009-07-14 05:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk2015-10-28 15:40 - 2009-07-14 04:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk2015-10-28 13:34 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\Local\Unity2015-10-28 13:14 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Unity ==================== Files in the root of some directories ======= 2014-05-12 18:52 - 2014-03-16 01:22 - 0003541 _____ () C:\Program Files (x86)\NA_Network_Diagnostic_Test_v6.bat2014-05-12 18:53 - 2014-05-12 18:57 - 0015204 _____ () C:\Program Files (x86)\riot-lol-results-pc-v6.txt2013-05-11 18:00 - 2013-05-10 05:06 - 0011855 _____ () C:\Users\Master\AppData\Roaming\photo.jpeg2013-12-11 21:25 - 2014-06-02 20:57 - 0034816 _____ () C:\Users\Master\AppData\Roaming\RZR_0060a48d4361bf547311ce97226c.db2014-08-26 23:19 - 2014-08-26 23:19 - 0000047 _____ () C:\Users\Master\AppData\Roaming\WB.CFG2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log2015-08-14 10:47 - 2015-08-14 10:47 - 0004608 _____ () C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log2012-08-21 20:40 - 2015-11-14 20:02 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log Some files in TEMP:====================C:\Users\Master\AppData\Local\temp\dllnt_dump.dllC:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exeC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exeC:\Users\Master\AppData\Local\temp\lowproc.exeC:\Users\Master\AppData\Local\temp\qdAstsetup13.exeC:\Users\Master\AppData\Local\temp\stubhelper.dllC:\Users\Master\AppData\Local\temp\tu17p84.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 18:16 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kgh5219 Posted November 14, 2015 Author ID:1001746 Share Posted November 14, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015Ran by Master (2015-11-14 20:03:26)Running from C:\Users\Master\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled)Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled)Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\Master ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) HiddenBing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) HiddenBonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDaum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.)Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) HiddenFarm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenHeroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) HiddenhppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) HiddenhppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) HiddenHPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: - )Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMerriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems)MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) HiddenNexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation)Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) HiddenRealDownloader (x32 Version: 18.0.2.60 - RealNetworks) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenSafari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTIONShredder (Version: 2.0.8.3 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) HiddenSK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version: - Verified Publisher)Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - )Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVeraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera)Video Downloader (x32 Version: 1.0.0 - RealNetworks) HiddenVLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 05-11-2015 14:23:04 Removed BlueStacks Notification Center05-11-2015 21:48:25 Removed Microsoft Office Enterprise 2007 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTIONTask: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=DefaultTask: {1A0F294A-62E5-4661-9BC3-2B5494A90A06} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=DefaultTask: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)Task: {26FFE70F-9E70-4FD2-A01C-38E918613B88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder"Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exeTask: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONTask: {9028F171-E8B5-40A3-A587-E10E689549BF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTIONTask: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTIONTask: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory"Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exeTask: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11"Task: {E42141DC-00C5-4400-AFC8-1F6710D1E5B5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTIONTask: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exeTask: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:4D066AD2AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2AlternateDataStreams: C:\ProgramData\Temp:E1F04E8DAlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: DaumCleanerService => 3MSCONFIG\Services: EFS => 3MSCONFIG\Services: eventlog => 2MSCONFIG\Services: Fax => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: PCSUService => 2MSCONFIG\Services: Razer Game Scanner Service => 2MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2MSCONFIG\Services: RealPlayer Cloud Service => 2MSCONFIG\Services: RzMaelstromVADStreamingService => 2MSCONFIG\Services: RzOvlMon => 2MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: SDRSVC => 3MSCONFIG\Services: SeaPort => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: Steam Client Service => 3MSCONFIG\Services: SysMain => 2MSCONFIG\Services: Updater Service => 2MSCONFIG\Services: Wecsvc => 3MSCONFIG\Services: wlidsvc => 2MSCONFIG\Services: WMPNetworkSvc => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\Services: wuauserv => 2MSCONFIG\Services: YahooAUService => 2MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kMSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXEMSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exeFirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exeFirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exeFirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exeFirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exeFirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exeFirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exeFirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exeFirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{66A45832-78DF-4DF5-AEE5-152E4DD6BD7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/14/2015 08:01:44 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1bfc Start Time: 01d11f1700714260 Termination Time: 8 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 856caaf1-8b0a-11e5-8141-1c750843763f Error: (11/14/2015 07:59:34 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4068 Start Time: 01d11f16dbf2d7d7 Termination Time: 12 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 354f39cc-8b0a-11e5-8141-1c750843763f Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 43214040 Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 43214040 Error: (11/14/2015 05:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 122273 Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 122273 Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 121275 Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 121275 System errors:=============Error: (11/14/2015 05:19:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service. Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.4.The computer with the IP address 192.168.0.12 did not allow the name to be claimed bythis computer. Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.4.The computer with the IP address 192.168.0.12 did not allow the name to be claimed bythis computer. Error: (11/12/2015 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 4 time(s). Error: (11/12/2015 05:00:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/12/2015 04:59:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/12/2015 04:59:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/10/2015 11:10:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (11/09/2015 10:55:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 3 time(s). Error: (11/09/2015 10:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity:=================================== Date: 2013-03-22 17:19:39.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-22 17:19:38.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.606 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:56.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:55.949 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.679 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.492 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.465 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.278 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHzPercentage of memory in use: 35%Total physical RAM: 2806.71 MBAvailable physical RAM: 1799.65 MBTotal Virtual: 7412.9 MBAvailable Virtual: 6012.91 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:167.11 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kgh5219 Posted November 14, 2015 Author ID:1001747 Share Posted November 14, 2015 Users shortcut scan result (x64) Version:07-11-2015Ran by Master (2015-11-14 20:05:36)Running from C:\Users\Master\DesktopBoot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes (RealPlayer).lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Downloader.lnk -> C:\Windows\Installer\{B0235718-21E0-4A90-A42F-9C64C1B531CD}\recordingmanager.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\RichText.ico ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\QTPlayer.ico ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Mplayer.lnk -> C:\Program Files (x86)\Mplayer\smplayer_portable.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Uninstall.lnk -> C:\Program Files (x86)\Mplayer\uninstall.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP ePrint.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\HP ePrint.exe (HP - TEST)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP LaserJet Guide.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\C_help\Help.exe (Hewlett-Packard Company)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Install Notes.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\English\Manuals\1100SeriesInstallNotes.htm ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Uninstall.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\Uninstall.exe (HP)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Wireless Configuration.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett Packard)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2\eSobi v2.lnk -> C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe (Macrovision Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\MyWinLocker.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\Launcher\x86\MiniLauncher.exe (Egis Technology Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\Online Help.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\x86\OnlineHelp.exe (Egis Technology Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너 제거.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê Á¦°Å.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe (CyberLink Corp.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Online registration.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\OLRSubmission\OLRSubmission.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Read Me.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\Readme.htm ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Guide.lnk -> C:\book\Generic_User_Guide.pdf (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Quick Guide.lnk -> C:\book\Quick_Guide.pdf (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Acer GameZone Console.lnk -> C:\Program Files (x86)\Acer GameZone\GameConsole\Acer Game Console.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Spin & Win.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Poker Pop.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Merriam Websters Spell Jam.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Heroes of Hellas.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Galapago.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Farm Frenzy 2.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Dream Day First Home.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Cake Mania.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Amazonia.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Airport Mania First Flight.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Launch.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe (No File)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Acer Crystal Eye webcam.lnk -> C:\Program Files (x86)\Acer Crystal Eye webcam\CrystalEye.exe (Liteon)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Uninstall Acer Crystal Eye webcam.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager\Acer Backup Manager.lnk -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManager.exe (NewTech Infosystems, Inc.)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer eRecovery Management.lnk -> C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe (Acer)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Updater.lnk -> C:\Program Files\Acer\Acer Updater\ALU.exe (Acer)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IdentityCard.exe ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Welcome Center.lnk -> C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe (Acer Incorporated)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc ()Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)Shortcut: C:\Users\Master\Links\Desktop.lnk -> C:\Users\Master\Desktop ()Shortcut: C:\Users\Master\Links\Downloads.lnk -> C:\Users\Master\Downloads ()Shortcut: C:\Users\Master\Links\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Master\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet-Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)Shortcut: C:\Users\Master\4Sync\Getting Started with 4Sync.lnk -> C:\Program Files (x86)\4Sync\Getting Started with 4Sync.pdf (No File)Shortcut: C:\Users\Public\Desktop\Adobe Reader 9.lnk -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)Shortcut: C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.)Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos#channel-popular.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/MusicShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/popular ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenterShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendToShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Cigarettes In the Theatre.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/01 - Cigarettes In the Theatre.mp3ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Come Back Home.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/02 - Come Back Home.mp3ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendToShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: InternetURL: C:\Users\Master\Music\New folder\music\CODE KUNST - PARACHUTE [www.k2nblog.com]\K2NBLOG.com - visit for more albums, singles, MVs.url -> hxxp://k2nblog.com/InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271InternetURL: C:\Users\Master\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/InternetURL: C:\Users\Master\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/messagesInternetURL: C:\Users\Master\Favorites\Links\Froggie.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539InternetURL: C:\Users\Master\Favorites\Links\Google.url -> hxxps://www.google.co.uk/InternetURL: C:\Users\Master\Favorites\Links\Suggested Sites (2).url -> hxxps://ieonline.microsoft.com/#iesliceInternetURL: C:\Users\Master\Favorites\Links\Suggested Sites.url -> 0InternetURL: C:\Users\Master\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\Houston Koreatown - Daum 카페.url -> hxxp://cafe.daum.net/txhoustonInternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\I LOVE HOUSTON 2011년 12월 휴스턴 지역 룸메이트, 하숙, 렌트관련 정보 - Daum 카페.url -> hxxp://cafe.daum.net/Houston/T5MM/42?docid=7Q6kT5MM4220111215120833InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\코리안 휴스턴 메인홈.url -> hxxp://korean-houston.com/cafexe/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Welcome to 04UK.COM.url -> hxxp://www.04uk.com/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Google.url -> hxxps://www.google.co.uk/InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Student Home Page NEW.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#iesliceInternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/?gl=GB&hl=en-GBInternetURL: C:\Users\Master\4Sync\100GB Storage.url -> hxxp://www.4sync.com ==================== End of Shortcut.txt ============================= Link to post Share on other sites More sharing options...
kgh5219 Posted November 14, 2015 Author ID:1001759 Share Posted November 14, 2015 RogueKiller V10.11.5.0 (x64) [Nov 9 2015] (Free) by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/software/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Master [Administrator]Started from : C:\Users\Master\Desktop\RogueKillerX64.exeMode : Scan -- Date : 11/14/2015 20:48:14 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB} -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB} -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} -> Found[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kvrrwkon (System32\drivers\avvifrad.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vtany (\??\C:\Windows\vtany.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtany (\??\C:\Windows\vtany.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vtany (\??\C:\Windows\vtany.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444 -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found[PUP][Folder] C:\Program Files (x86)\globalUpdate -> Found[PUP][Folder] C:\Program Files (x86)\predm -> Found[PUP][Folder] C:\Program Files (x86)\SearchProtect -> Found[PUP][Folder] C:\Program Files (x86)\SimilarSites -> Found[PUP][Folder] C:\Program Files (x86)\Sk-Enhancer -> Found[PUP][Folder] C:\Program Files (x86)\ToggleMark -> Found[PUP][Folder] C:\Program Files (x86)\W3i -> Found[PUP][Folder] C:\Program Files (x86)\WebSearch -> Found ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤[PUM.HomePage][FIREFX:Config] wkwtgo1d.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224");-> Found ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] 950f05daa3c404232d19ff8ca44b1749[bSP] 16176d5abc32588c5d7e90f1b6e320f1 : Windows Vista/7/8|VT.Unknown MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2015 ID:1001823 Share Posted November 15, 2015 Thanks for the logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Attach it to your next reply… Let me see those logs, also give an update on any remaining issues or concerns.... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
kgh5219 Posted November 17, 2015 Author ID:1002179 Share Posted November 17, 2015 Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015Ran by Master (2015-11-17 13:13:59) Run:1Running from C:\Users\Master\DesktopLoaded Profiles: Master (Available Profiles: Master)Boot Mode: Normal============================================== fixlist content:*****************StartCloseProcesses:CreateRestorePoint:HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exeC:\Users\Master\AppData\Roaming\afghtShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No FileShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No FileShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No FileShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No FileShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)cmd: netsh winsock resetHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONS2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X]S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]S0 TfFsMon; system32\drivers\TfFsMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]S0 TfSysMon; system32\drivers\TfSysMon.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 wanatw; system32\DRIVERS\wanatw64.sys [X]S3 xspirit; \??\C:\Windows\xspirit.sys [X]2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log2012-08-21 20:40 - 2015-11-05 12:36 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.logC:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exeC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exeC:\Users\Master\AppData\Local\temp\lowproc.exeC:\Users\Master\AppData\Local\temp\qdAstsetup13.exeC:\Users\Master\AppData\Local\temp\stubhelper.dllC:\Users\Master\AppData\Local\temp\tu17p84.exeTask: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONC:\Program Files (x86)\MyPC BackupTask: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTIONTask: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\AutoKMSTask: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTIONTask: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTIONc:\programdata\quicksetAlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:4D066AD2AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2AlternateDataStreams: C:\ProgramData\Temp:E1F04E8DAlternateDataStreams: C:\ProgramData\Temp:E36F5B57EmptyTemp:End***************** Processes closed successfully.Restore point was successfully created.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ldkxa => value removed successfullyC:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe => moved successfullyC:\Users\Master\AppData\Roaming\afght => moved successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay1" => key removed successfully"HKCR\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay2" => key removed successfully"HKCR\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay3" => key removed successfully"HKCR\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay4" => key removed successfully"HKCR\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfullyHKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfullyHKCR\Wow6432Node\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfullyHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyBstHdAndroidSvc => service not found.BstHdLogRotatorSvc => service not found.BstHdUpdaterSvc => service not found.Razer Game Scanner Service => service removed successfullyRzMaelstromVADStreamingService => service removed successfullyAhnFlt2K => service removed successfullyAhnRec2K => service removed successfullyBstHdDrv => service not found.dump_wmimmc => service removed successfullyEagleX64 => service removed successfullyJRSKD24 => service removed successfullyTfFsMon => service removed successfullyTfNetMon => service removed successfullyTfSysMon => service removed successfullyvtany => service removed successfullywanatw => service removed successfullyxspirit => service removed successfullyC:\Users\Master\AppData\Local\aqgghxya.log => moved successfullyC:\Users\Master\AppData\Local\kxolkgoj.log => moved successfullyC:\Users\Master\AppData\Local\mmxikddc.log => moved successfullyC:\Users\Master\AppData\Local\qdavljxb.log => moved successfullyC:\Users\Master\AppData\Local\Resmon.ResmonCfg => moved successfullyC:\ProgramData\243c3831_c => moved successfullyC:\ProgramData\cytkwumn.log => moved successfullyC:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe => moved successfullyC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe => moved successfullyC:\Users\Master\AppData\Local\temp\lowproc.exe => moved successfullyC:\Users\Master\AppData\Local\temp\qdAstsetup13.exe => moved successfullyC:\Users\Master\AppData\Local\temp\stubhelper.dll => moved successfullyC:\Users\Master\AppData\Local\temp\tu17p84.exe => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfullyC:\Windows\System32\Tasks\LaunchSignup => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully"C:\Program Files (x86)\MyPC Backup" => not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfullyC:\Windows\System32\Tasks\AutoKMSCustom => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSCustom" => key removed successfully"C:\Windows\AutoKMS" => not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found. C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => moved successfullyc:\programdata\quickset => moved successfullyC:\ProgramData\Temp => ":373E1720" ADS removed successfully.C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.EmptyTemp: => 2.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 13:19:05 ==== Link to post Share on other sites More sharing options...
kgh5219 Posted November 17, 2015 Author ID:1002185 Share Posted November 17, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 17/11/2015Scan Time: 13:38Logfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2015.11.17.03Rootkit Database: v2015.11.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Master Scan Type: Threat ScanResult: CompletedObjects Scanned: 422351Time Elapsed: 45 min, 10 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 15PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [27f03c4392f986b0feb7c77d32d0b848], Registry Values: 2Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [43d42d528b00ff37204ad9633fc3e818], Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [35e21c6363283105016966d642c039c7], Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kgh5219 Posted November 17, 2015 Author ID:1002189 Share Posted November 17, 2015 # AdwCleaner v5.021 - Logfile created 17/11/2015 at 14:43:21# Updated 14/11/2015 by Xplode# Database : 2015-11-13.3 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Master - LUKE# Running from : C:\Users\Master\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\SearchProtect[-] Folder Deleted : C:\Program Files (x86)\globalUpdate[-] Folder Deleted : C:\Program Files (x86)\predm[-] Folder Deleted : C:\Program Files (x86)\SearchProtect[-] Folder Deleted : C:\Program Files (x86)\SimilarSites[-] Folder Deleted : C:\Program Files (x86)\Sk-Enhancer[-] Folder Deleted : C:\Program Files (x86)\ToggleMark[-] Folder Deleted : C:\Program Files (x86)\w3i[-] Folder Deleted : C:\Program Files (x86)\WebSearch[-] Folder Deleted : C:\ProgramData\Ask[-] Folder Deleted : C:\ProgramData\Babylon[-] Folder Deleted : C:\ProgramData\TVWizard[-] Folder Deleted : C:\ProgramData\w3i[-] Folder Deleted : C:\ProgramData\Suurf and kEep[-] Folder Deleted : C:\ProgramData\519817776577d2c8[-] Folder Deleted : C:\Users\Master\AppData\Local\Bundled software uninstaller[-] Folder Deleted : C:\Users\Master\AppData\Local\globalUpdate[-] Folder Deleted : C:\Users\Master\AppData\Local\Zoom_Downloader[-] Folder Deleted : C:\Users\Master\AppData\Local\DeskBar[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Conduit[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\mixidj[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Yahoo!\Companion[-] Folder Deleted : C:\Users\Master\AppData\LocalLow\B5T[-] Folder Deleted : C:\Users\Master\AppData\Roaming\Activeris[-] Folder Deleted : C:\Users\Master\AppData\Roaming\eType[-] Folder Deleted : C:\Users\Master\AppData\Roaming\SkypEmoticons ***** [ Files ] ***** [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml[-] File Deleted : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js[-] File Deleted : C:\Windows\SysNative\roboot64.exe ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : RunAsStdUser Task ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap[-] Key Deleted : HKCU\Software\Mozilla\Extends[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{646BAAE7-7538-4866-8EEE-974C0AA910AB}][-] Key Deleted : HKLM\SOFTWARE\Classes\ppsmb[-] Key Deleted : HKCU\Software\90dfdbb43cbf12[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_617c7ac4[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\nklfajnmfbchcceflgddnkignfheooic[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}[-] Key Deleted : HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}[-] Key Deleted : HKCU\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}[-] Key Deleted : HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}[-] Key Deleted : HKCU\Software\Classes\CLSID\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FE69C007-C452-4D3E-86D2-1730DF8BC871}][-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}[-] Key Deleted : HKCU\Software\APN PIP[-] Key Deleted : HKCU\Software\BI[-] Key Deleted : HKCU\Software\GlobalUpdate[-] Key Deleted : HKCU\Software\IM[-] Key Deleted : HKCU\Software\ImInstaller[-] Key Deleted : HKCU\Software\RegisteredApplicationsEx[-] Key Deleted : HKCU\Software\Store[-] Key Deleted : HKCU\Software\DAILYPCCLEAN[-] Key Deleted : HKCU\Software\Yahoo\Companion[-] Key Deleted : HKCU\Software\PPStream[-] Key Deleted : HKCU\Software\WEBAPP[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion[-] Key Deleted : HKLM\SOFTWARE\Babylon[-] Key Deleted : HKLM\SOFTWARE\Conduit[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate[-] Key Deleted : HKLM\SOFTWARE\Sk-Enhancer[-] Key Deleted : HKLM\SOFTWARE\SP Global[-] Key Deleted : HKLM\SOFTWARE\W3I[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion[-] Key Deleted : HKLM\SOFTWARE\B5TService[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F445C8D2-5860-4978-A564-0D8F36A879E4}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ***** [ Web browsers ] ***** [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : apjkpjchfbckhjhokinlgdbmibpbbjak[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blmchfpimpbbdmgpcieclabeafkljbhm[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eooncjejnppfjjklapaamhcdmjbilmde[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jojhdgnandjllaeaaccnkddgieegmljj[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpmbfleldcgkldadpdinhjjopdfpjfjp[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mkndcbhcgphcfkkddanakjiepeknbgle[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nklfajnmfbchcceflgddnkignfheooic[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogccgbmabaphcakpiclgcnmcnimhokcj[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pelmeidfhdlhlbjimpabfcbnnojbboma[-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16992 bytes] ########## Link to post Share on other sites More sharing options...
kgh5219 Posted November 17, 2015 Author ID:1002192 Share Posted November 17, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.0 (11.12.2015)Operating System: Windows 7 Home Premium x64 Ran by Master (Administrator) on 17/11/2015 at 14:58:17.68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 6 Successfully deleted: C:\Users\Master\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Master\AppData\Local\cre (Folder) Successfully deleted: C:\Users\Master\AppData\Local\installer (Folder) Successfully deleted: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\extensions\staged (Folder) Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf (File) Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File) Registry: 1 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 17/11/2015 at 15:01:02.68End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Recommended Posts