Undisputed Posted October 31, 2015 ID:998932 Share Posted October 31, 2015 I'm just copying and pasting what i posted in another thread. Was asked to make my own topic. It was about ninthclub.com and camelcap.com being blocked with malwarebytes every time I try to browse on firefox or chrome, but when I scan my computer with malwarebytes, it doesn't find and remove the issue. I'm having the same issue on firefox and chrome. My IE wont even open. Malwarebytes blocks something from ninthclub.com and sometimes something from camelcap.com. There has been a couple others but i dont remember them and these are the main 2. Also, video stopped working on firefox everywhere except youtube and chrome stopped loading pages all together. It's like its not even trying to load them. I don't even get to an error message or anything and this also includes the settings page. So I gathered the information that you asked the other guy for and here it is: (In the FRST log I highlighted, underlined and enlarged a line of text for a file that kept popping up with "ydsGNMAAUWqgBBt.exe has stopped working". It stopped happening when I bought malewarebytes but its obviously still affecting something. Every time I track down a version of that file and delete it, it comes back.) Malewarebytes log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/30/2015Scan Time: 6:41 PMLogfile:Administrator: YesVersion: 2.2.0.1024Malware Database: v2015.10.30.07Rootkit Database: v2015.10.28.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MacedizzleScan Type: Threat ScanResult: CompletedObjects Scanned: 367331Time Elapsed: 53 min, 21 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) _______________________________________________________ FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015Ran by Macedizzle (administrator) on MACEDIZZLE (30-10-2015 19:40:23)Running from C:\Users\Macedizzle\DownloadsLoaded Profiles: Macedizzle (Available Profiles: Macedizzle & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe() C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe() C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-27] (Synaptics Incorporated)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Run: [3690935216] => regsvr32.exe "C:\ProgramData\Vohve\DehbOmvob.dll"HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{FE07A412-2512-4951-83FE-14D65E5606C6}: [DhcpNameServer] 71.10.216.1 71.10.216.2Internet Explorer:==================URLSearchHook: HKU\S-1-5-21-579903058-137395532-2418355931-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No FileSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =SearchScopes: HKLM-x32 -> DefaultScope {C25F7D09-7224-4827-97F2-7D895BB05BEB} URL =SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-20] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No FileBHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-20] (Oracle Corporation)Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No FileFilter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No FileStartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Users\Macedizzle\AppData\Roaming\Mozilla\Firefox\Profiles\6bggr8l0.default-1446244318840FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-30] ()FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [No File]FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not foundFF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not foundChrome:=======CHR HomePage: Default -> about:homeCHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN33899355722046212&ctid=CT3279141&SearchSource=48","hxxp://search.conduit.com/?CUI=UN29598048081466128&ctid=CT3279141&SearchSource=48","hxxp://mysearch.avg.com?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26 23:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3279412&SearchSource=48&CUI=UN39575475273011824&UM=2&sspv=TB_CNI1","hxxp://start.mysearchdial.com/?f=1&a=suma0103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0E0AzzyC0C0BtCtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=145805346&ir=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://mysearch.avg.com/?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26%2023:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"CHR Profile: C:\Users\Macedizzle\AppData\Local\Google\Chrome\User Data\Default==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-30] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)S3 avchv; system32\DRIVERS\avchv.sys [X]S1 qknfd; system32\drivers\qknfd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-30 19:40 - 2015-10-30 19:40 - 00012421 _____ C:\Users\Macedizzle\Downloads\FRST.txt2015-10-30 19:39 - 2015-10-30 19:40 - 00000000 ____D C:\FRST2015-10-30 19:39 - 2015-10-30 19:39 - 02198016 _____ (Farbar) C:\Users\Macedizzle\Downloads\FRST64.exe2015-10-30 18:32 - 2015-10-30 18:32 - 00000000 ____D C:\Users\Macedizzle\Desktop\Old Firefox Data2015-10-30 17:52 - 2015-10-30 17:52 - 28849904 _____ C:\Users\Macedizzle\Downloads\vlc-2.2.1-win32.exe2015-10-30 17:49 - 2015-10-30 17:49 - 13155552 _____ (Microsoft Corporation) C:\Users\Macedizzle\Downloads\Silverlight_x64.exe2015-10-30 17:45 - 2015-10-30 17:45 - 00584288 _____ (Oracle Corporation) C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe2015-10-30 17:45 - 2015-10-30 17:45 - 00003194 _____ C:\Windows\System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB}2015-10-30 16:40 - 2015-10-30 16:45 - 01068672 _____ C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a172015-10-30 16:39 - 2015-10-30 18:10 - 00570915 _____ C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe2015-10-30 13:00 - 2015-10-30 13:00 - 00000000 _____ C:\autoexec.bat2015-10-30 12:56 - 2015-10-30 12:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Macedizzle\Downloads\SpyHunter-Installer.exe2015-10-30 10:31 - 2015-10-30 19:36 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-30 10:31 - 2015-10-30 18:17 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-30 10:31 - 2015-10-30 10:31 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-10-30 10:31 - 2015-10-30 10:31 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-10-30 10:31 - 2015-10-30 10:31 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-30 10:31 - 2015-10-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-10-30 10:30 - 2015-10-30 10:30 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup(1).exe2015-10-30 09:52 - 2015-10-30 18:16 - 00000280 _____ C:\Windows\setupact.log2015-10-30 09:52 - 2015-10-30 15:53 - 00003532 _____ C:\Windows\PFRO.log2015-10-30 09:52 - 2015-10-30 09:52 - 00000000 _____ C:\Windows\setuperr.log2015-10-30 09:40 - 2015-10-30 09:40 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\VS Revo Group2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\VS Revo Group2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Program Files\VS Revo Group2015-10-30 09:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys2015-10-30 09:39 - 2015-10-30 09:39 - 11069616 _____ (VS Revo Group ) C:\Users\Macedizzle\Downloads\RevoUninProSetup.exe2015-10-29 13:44 - 2015-10-29 13:44 - 00004096 _____ C:\ProgramData\VVQZZGrPEC94.dll2015-10-29 13:43 - 2015-10-29 13:43 - 00450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe2015-10-28 10:43 - 2015-10-28 10:43 - 01781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe2015-10-28 10:42 - 2015-10-28 10:42 - 01794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe2015-10-28 10:42 - 2015-10-28 10:42 - 01765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe2015-10-28 08:05 - 2015-10-28 08:05 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup.exe2015-10-28 06:15 - 2015-10-28 06:16 - 343784991 ____R C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[eztv].mp42015-10-28 05:36 - 2015-10-30 18:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-28 05:35 - 2015-10-28 05:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-10-28 05:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-10-28 05:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-10-28 05:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-10-28 05:34 - 2015-10-28 05:35 - 22908888 _____ (Malwarebytes ) C:\Users\Macedizzle\Downloads\mbam-setup-2.2.0.1024.exe2015-10-28 05:22 - 2015-10-28 05:22 - 00003512 _____ C:\Windows\System32\Tasks\ydsGNMAAUWqgBBt2015-10-26 10:22 - 2015-10-26 10:22 - 00004096 _____ C:\ProgramData\wk4BzK3g0CCA.dll2015-10-26 02:53 - 2015-10-26 02:54 - 00000000 ____D C:\ProgramData\Vohve2015-10-26 02:52 - 2015-10-28 06:07 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}2015-10-26 02:50 - 2015-10-26 02:56 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Walking.Dead.S06E03.HDTV.x264-KILLERS[ettv]2015-10-22 07:27 - 2015-10-22 07:27 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv]2015-10-21 07:53 - 2015-10-21 07:53 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv]2015-10-14 21:23 - 2015-10-14 21:23 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E02.HDTV.x264-LOL[ettv]2015-10-14 07:54 - 2015-10-14 07:54 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E02.HDTV.x264-LOL[ettv]2015-10-07 21:05 - 2015-10-07 21:05 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E01.HDTV.x264-LOL[ettv]2015-10-06 21:13 - 2015-10-06 21:45 - 269859594 _____ C:\Users\Macedizzle\Downloads\The Flash 2014 S02E01 HDTV x264-LOL.mp42015-10-05 08:20 - 2015-10-05 08:22 - 00000000 ____D C:\Users\Macedizzle\Downloads\Fear.The.Walking.Dead.S01E06.HDTV.x264-KILLERS[ettv]2015-10-04 20:16 - 2015-10-04 20:17 - 00000000 ____D C:\Users\Macedizzle\Downloads\Heroes Reborn S01E03 HDTV XviD-FUM[ettv]==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-30 19:34 - 2013-07-15 03:56 - 01712303 _____ C:\Windows\WindowsUpdate.log2015-10-30 18:44 - 2013-11-15 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-10-30 18:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-10-30 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions2015-10-30 17:52 - 2013-07-15 14:47 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\vlc2015-10-30 17:50 - 2013-07-17 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-10-30 16:36 - 2015-05-21 22:21 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\CrashDumps2015-10-30 16:25 - 2009-07-14 01:08 - 00026436 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-10-30 12:07 - 2013-07-15 02:17 - 00000000 ____D C:\Users\Macedizzle2015-10-30 12:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss2015-10-30 10:32 - 2013-07-15 02:25 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Google2015-10-30 10:31 - 2013-07-15 02:25 - 00000000 ____D C:\Program Files (x86)\Google2015-10-30 10:21 - 2013-07-15 14:08 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\uTorrent2015-10-30 10:20 - 2015-08-03 09:43 - 00000000 ____D C:\Program Files (x86)\Steam2015-10-30 10:14 - 2015-07-22 10:46 - 00000000 ____D C:\Program Files\Highresolution Enterprises2015-10-30 10:04 - 2013-11-15 08:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-10-30 10:04 - 2013-11-15 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-10-30 10:04 - 2013-11-15 08:24 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Adobe2015-10-30 10:04 - 2011-11-04 01:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-10-28 09:10 - 2015-08-13 03:11 - 00000000 ____D C:\Program Files\CCleaner2015-10-28 06:07 - 2014-01-30 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-10-28 06:07 - 2013-11-15 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-10-28 06:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports2015-10-28 06:03 - 2013-11-30 17:45 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\NativeMessaging2015-10-26 07:22 - 2013-08-01 15:35 - 00000000 ___HD C:\Users\Macedizzle\Downloads\~Hidden2015-10-26 07:18 - 2015-06-23 12:48 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\TS3Client2015-10-25 14:24 - 2013-11-29 23:17 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Battle.net2015-10-25 13:19 - 2013-11-29 23:32 - 00000000 ____D C:\Program Files (x86)\Hearthstone2015-10-25 12:58 - 2013-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-10-15 07:44 - 2009-07-14 01:13 - 00833076 _____ C:\Windows\system32\PerfStringBackup.INI2015-10-15 07:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF==================== Files in the root of some directories =======2015-10-28 10:42 - 2015-10-28 10:42 - 1765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe2015-10-28 10:42 - 2015-10-28 10:42 - 1794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe2015-10-28 10:43 - 2015-10-28 10:43 - 1781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe2014-02-19 03:07 - 2014-02-19 03:07 - 0000047 _____ () C:\Users\Macedizzle\AppData\Roaming\WB.CFG2015-10-29 13:43 - 2015-10-29 13:43 - 0450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe2015-10-30 16:40 - 2015-10-30 16:45 - 1068672 _____ () C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a172015-05-02 17:55 - 2015-05-02 17:55 - 0000036 _____ () C:\Users\Macedizzle\AppData\Local\housecall.guid.cache2014-02-10 16:02 - 2014-02-10 16:02 - 0007606 _____ () C:\Users\Macedizzle\AppData\Local\Resmon.ResmonCfg2015-10-30 16:39 - 2015-10-30 18:10 - 0570915 _____ () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe2013-07-15 04:22 - 2013-07-15 04:29 - 0015221 _____ () C:\ProgramData\ArcadeDeluxe5.log2015-08-26 14:56 - 2015-08-26 14:58 - 0000032 _____ () C:\ProgramData\PS.log2015-10-29 13:44 - 2015-10-29 13:44 - 0004096 _____ () C:\ProgramData\VVQZZGrPEC94.dll2015-10-26 10:22 - 2015-10-26 10:22 - 0004096 _____ () C:\ProgramData\wk4BzK3g0CCA.dllFiles to move or delete:====================C:\ProgramData\VVQZZGrPEC94.dllC:\ProgramData\wk4BzK3g0CCA.dllSome files in TEMP:====================C:\Users\Macedizzle\AppData\Local\Temp\vlc-2.2.1-win32.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-10-30 11:29==================== End of FRST.txt ============================ ___________________________________________________________________________ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015Ran by Macedizzle (2015-10-30 19:41:49)Running from C:\Users\Macedizzle\DownloadsWindows 7 Home Premium Service Pack 1 (X64) (2013-07-15 06:17:32)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-579903058-137395532-2418355931-500 - Administrator - Disabled)Guest (S-1-5-21-579903058-137395532-2418355931-501 - Limited - Disabled)Macedizzle (S-1-5-21-579903058-137395532-2418355931-1000 - Administrator - Enabled) => C:\Users\Macedizzle==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) HiddenAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) HiddenBattle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) HiddenCCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenEvernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) HiddenFinal Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenFTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) HiddenMyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) HiddenMyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) HiddenNorton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)Shredder (Version: 2.0.8.9 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) HiddenSkype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)Torchlight (x32 Version: 2.2.0.97 - WildTangent) HiddenVirtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) HiddenVisual Boy Advance Packages (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Visual Boy Advance Packages) (Version: - ) <==== ATTENTIONVLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================28-10-2015 05:30:28 AA1130-10-2015 09:42:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 19 NPAPI30-10-2015 09:45:59 Revo Uninstaller Pro's restore point - Acrylic Wi-Fi Free v2.330-10-2015 09:48:35 Revo Uninstaller Pro's restore point - Google Chrome30-10-2015 10:13:58 Revo Uninstaller Pro's restore point - X-Mouse Button Control 2.10.230-10-2015 18:12:08 Windows Modules Installer==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {1E3E602C-A623-42F4-81B8-1564B1988E4A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)Task: {46032276-9B26-4ABD-B05D-FE5583D76AF3} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exeTask: {46C37929-0ACC-4B53-B25B-5FCA5EF5B2B2} - System32\Tasks\ydsGNMAAUWqgBBt => C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe [2015-10-30] ()Task: {47547F90-BA48-4A60-993E-B78FC98D59D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)Task: {890096E1-FC22-4A68-B5EE-6EAA767D1D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-30] (Adobe Systems Incorporated)Task: {C64F497E-BC0F-4B8D-ACCB-A3F60A2B02A5} - System32\Tasks\{A02E7E3D-E73B-4BA8-935B-10B325559EBF} => pcalua.exe -a C:\Users\Macedizzle\Downloads\pecsetup.exe -d C:\Users\Macedizzle\DownloadsTask: {C72F5CD0-DF14-4E80-9415-9A3CC83A3F79} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)Task: {C87DE2F2-701B-47CA-8468-E9773B647207} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)Task: {CE164FF5-71D4-4146-AA1D-C026D30C8951} - System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} => pcalua.exe -a C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe -d C:\Users\Macedizzle\DownloadsTask: {CFFB314E-8A98-4E03-A973-4A12B4CB7143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (Whitelisted) ================================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\ProgramData\Temp:2CB9631FAlternateDataStreams: C:\ProgramData\Temp:48081133==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-579903058-137395532-2418355931-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Macedizzle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 71.10.216.1 - 71.10.216.2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\Services: 0184491392062471mcinstcleanup => 2MSCONFIG\Services: 70e6ca8c => 2MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AMD External Events Utility => 2MSCONFIG\Services: DsiWMIService => 2MSCONFIG\Services: EgisTec Ticket Service => 3MSCONFIG\Services: ePowerSvc => 2MSCONFIG\Services: FLEXnet Licensing Service => 3MSCONFIG\Services: GamesAppIntegrationService => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: GREGService => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: HTCMonitorService => 2MSCONFIG\Services: LavasoftAdAwareService11 => 2MSCONFIG\Services: Live Updater Service => 2MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: NOBU => 2MSCONFIG\Services: NTI IScheduleSvc => 2MSCONFIG\Services: PassThru Service => 2MSCONFIG\Services: SbieSvc => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: Update FindRight => 2MSCONFIG\Services: Util FindRight => 2MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -kMSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORMSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exeMSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exeMSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyMSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeMSCONFIG\startupreg: RSA3122687153 => C:\Windows\system32\rundll32.exe "C:\Users\Macedizzle\AppData\Roaming\Microsoft\Crypto\RSA\RSA3122687153.dll",DllInitializeMSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{77A7AFCC-285F-4841-922D-B331F77B3E12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{E8D2277F-8CC4-49EC-B03D-0BF488B8C886}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{1D833432-CB72-4F8F-87E3-6BFCA9CDD8A6}] => (Allow) LPort=2869FirewallRules: [{07470B16-D9EC-428B-9862-19EBA9785956}] => (Allow) LPort=1900FirewallRules: [{807E4311-70F0-4F3C-93DA-0B3B445AF9DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{83755AC7-12BF-4B96-9A08-2BE3559E36C4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exeFirewallRules: [{907EFCD7-4FAF-4EE3-9D59-1E381CCC8ABE}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{6D21687B-6CED-4971-9FAC-5C0230F93FA0}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{6DD02DE4-D1C6-4A8B-89DD-9B7B2044B25A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{22595AD7-CFDC-4321-8FEA-F159A88A0760}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{9AE41DF3-45C9-46B9-98F5-A33799712766}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{6C9CCB56-7F13-4CEB-ACE1-3DF73433F2A2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{FA39B24B-CCA8-4838-BE65-7640ADA7E817}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exeFirewallRules: [{F0386638-F287-4428-BEF4-D06FD51730DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exeFirewallRules: [{F02C0E6A-912A-480B-B8A9-A6AF60FA268B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exeFirewallRules: [{F341DEEF-E55C-4CDF-9ABF-5C3E0E6EE3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exeFirewallRules: [TCP Query User{CF05B211-94C5-4EC2-AB8C-F105FA427A69}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [uDP Query User{D66A0195-AE25-496A-9438-BA28A28C95D2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [TCP Query User{5594012D-A185-422C-9BB9-C7C176EB0F14}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exeFirewallRules: [uDP Query User{71F82D1B-6C9E-4B9E-9797-C774B0D01B90}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exeFirewallRules: [{DE4A492B-EEC1-4BC8-BD5A-DB47E1661CDC}] => (Block) C:\program files (x86)\mirc\mirc.exeFirewallRules: [{EC6C2429-E83F-4E5A-B1A2-B8B45A9D6C9D}] => (Block) C:\program files (x86)\mirc\mirc.exeFirewallRules: [{B8DF9CC2-9DDA-4B36-B5AE-6B9AB186641D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{5F6EAB6A-FD0A-4C24-BF2A-2965BF94ACBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{6474AF94-D384-4C90-9196-16FC7E89B164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [uDP Query User{261863D2-2FF5-4007-AEE6-03AF6745515E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [{BC027C95-0F26-402D-BBBA-44099290F89B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{3786E820-8DE4-4E7A-AEAE-C7DB32B8E1C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{7FE48A35-881B-4251-9FBD-72E81A68BC05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{4F8EBE22-2F25-4AE2-8100-FB5482BF8200}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [TCP Query User{29BE87DA-494D-4B62-96AB-15D3A78EDD9F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exeFirewallRules: [uDP Query User{3C1345B3-D857-4DEE-B48A-5C9315DA83B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exeFirewallRules: [{F2317EF6-8A0B-4538-A84C-A1726E0E07C8}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exeFirewallRules: [{F47988AC-3091-49D6-83A0-2CF6B32F7156}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exeFirewallRules: [{0C819B4F-CDDF-4A2E-91C8-4264FB72AD71}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exeFirewallRules: [{B5F372F3-46EE-4733-88BC-814CCE286E89}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exeFirewallRules: [TCP Query User{A389A0F7-9882-456E-A8AC-E70A919EDE03}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exeFirewallRules: [uDP Query User{8A1606BE-D026-4DF0-A868-C53E489EADFF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exeFirewallRules: [{E3B236AE-FDC3-4A85-BC62-A6E070B02ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Faulty Device Manager Devices =============Name: qknfdDescription: qknfdClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: qknfdProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================Error: (10/30/2015 06:18:22 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )Description: The index cannot be initialized.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )Description: The application cannot be initialized.Context: Windows ApplicationDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )Description: The gatherer object cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: Element not found. (HRESULT : 0x80070490) (0x80070490)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )Description: The Windows Search Service cannot load the property store information.Context: Windows Application, SystemIndex CatalogDetails: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (10/30/2015 06:17:33 PM) (Source: Windows Search Service) (EventID: 9000) (User: )Description: The Windows Search Service cannot open the Jet property store.Details: 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))System errors:=============Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473535.Error: (10/30/2015 06:17:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:qknfdError: (10/30/2015 04:27:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:%%1056Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.==================== Memory info ===========================Processor: AMD E-350 ProcessorPercentage of memory in use: 44%Total physical RAM: 2793.9 MBAvailable physical RAM: 1543.56 MBTotal Virtual: 5586.01 MBAvailable Virtual: 3758.41 MB==================== Drives ================================Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:71.34 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1F6C7E49)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================ Any help would be awesome. Thanks for any effort put to this very annoying problem.TDSSKiller.3.1.0.5_30.10.2015_20.09.53_log.txt Link to post Share on other sites More sharing options...
Undisputed Posted October 31, 2015 Author ID:998933 Share Posted October 31, 2015 I feel like I might need to clarify that I wasn't trying to go to ninthclub or camelcap. I was just doing regular browsing and malwarebytes would pop up saying it was blocking them from doing something. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 31, 2015 ID:998944 Share Posted October 31, 2015 Hello, I spotted some pirated content on your machine and we cannot offer you our help in this condition. Piracy Policy Link to post Share on other sites More sharing options...
Undisputed Posted October 31, 2015 Author ID:998999 Share Posted October 31, 2015 ...riiight. Thanks a ton. Link to post Share on other sites More sharing options...
Undisputed Posted October 31, 2015 Author ID:999000 Share Posted October 31, 2015 Delete this thread please. Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 3, 2015 Root Admin ID:999370 Share Posted November 3, 2015 This topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Link to post Share on other sites More sharing options...
Recommended Posts