Jump to content

kgh5219

Honorary Members
 View Profile  See their activity

  • Posts

    35

  • Joined

  • Last visited

Reputation

0 Neutral
  1. kgh5219
    cureit.log
  2. kgh5219
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.0 (11.12.2015) Operating System: Windows 7 Home Premium x64 Ran by Master (Administrator) on 17/11/2015 at 14:58:17.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 6 Successfully deleted: C:\Users\Master\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Master\AppData\Local\cre (Folder) Successfully deleted: C:\Users\Master\AppData\Local\installer (Folder) Successfully deleted: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\extensions\staged (Folder) Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf (File) Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File) Registry: 1 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/11/2015 at 15:01:02.68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. kgh5219
    # AdwCleaner v5.021 - Logfile created 17/11/2015 at 14:43:21 # Updated 14/11/2015 by Xplode # Database : 2015-11-13.3 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Master - LUKE # Running from : C:\Users\Master\Desktop\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\SearchProtect [-] Folder Deleted : C:\Program Files (x86)\globalUpdate [-] Folder Deleted : C:\Program Files (x86)\predm [-] Folder Deleted : C:\Program Files (x86)\SearchProtect [-] Folder Deleted : C:\Program Files (x86)\SimilarSites [-] Folder Deleted : C:\Program Files (x86)\Sk-Enhancer [-] Folder Deleted : C:\Program Files (x86)\ToggleMark [-] Folder Deleted : C:\Program Files (x86)\w3i [-] Folder Deleted : C:\Program Files (x86)\WebSearch [-] Folder Deleted : C:\ProgramData\Ask [-] Folder Deleted : C:\ProgramData\Babylon [-] Folder Deleted : C:\ProgramData\TVWizard [-] Folder Deleted : C:\ProgramData\w3i [-] Folder Deleted : C:\ProgramData\Suurf and kEep [-] Folder Deleted : C:\ProgramData\519817776577d2c8 [-] Folder Deleted : C:\Users\Master\AppData\Local\Bundled software uninstaller [-] Folder Deleted : C:\Users\Master\AppData\Local\globalUpdate [-] Folder Deleted : C:\Users\Master\AppData\Local\Zoom_Downloader [-] Folder Deleted : C:\Users\Master\AppData\Local\DeskBar [-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Conduit [-] Folder Deleted : C:\Users\Master\AppData\LocalLow\mixidj [-] Folder Deleted : C:\Users\Master\AppData\LocalLow\Yahoo!\Companion [-] Folder Deleted : C:\Users\Master\AppData\LocalLow\B5T [-] Folder Deleted : C:\Users\Master\AppData\Roaming\Activeris [-] Folder Deleted : C:\Users\Master\AppData\Roaming\eType [-] Folder Deleted : C:\Users\Master\AppData\Roaming\SkypEmoticons ***** [ Files ] ***** [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml [-] File Deleted : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [-] File Deleted : C:\Windows\SysNative\roboot64.exe ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : RunAsStdUser Task ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap [-] Key Deleted : HKCU\Software\Mozilla\Extends [-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils [-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient [-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{646BAAE7-7538-4866-8EEE-974C0AA910AB}] [-] Key Deleted : HKLM\SOFTWARE\Classes\ppsmb [-] Key Deleted : HKCU\Software\90dfdbb43cbf12 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_617c7ac4 [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\nklfajnmfbchcceflgddnkignfheooic [-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} [-] Key Deleted : HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT} [-] Key Deleted : HKCU\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58} [-] Key Deleted : HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF} [-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} [-] Key Deleted : HKCU\Software\Classes\CLSID\{58D47FFF-63EF-572E-843F-E5DD6AA0005D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D47FFF-63EF-572E-843F-E5DD6AA0005D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FE69C007-C452-4D3E-86D2-1730DF8BC871}] [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\BI [-] Key Deleted : HKCU\Software\GlobalUpdate [-] Key Deleted : HKCU\Software\IM [-] Key Deleted : HKCU\Software\ImInstaller [-] Key Deleted : HKCU\Software\RegisteredApplicationsEx [-] Key Deleted : HKCU\Software\Store [-] Key Deleted : HKCU\Software\DAILYPCCLEAN [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\PPStream [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\__SP__browser_name__SP__ [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\Babylon [-] Key Deleted : HKLM\SOFTWARE\Conduit [-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate [-] Key Deleted : HKLM\SOFTWARE\Sk-Enhancer [-] Key Deleted : HKLM\SOFTWARE\SP Global [-] Key Deleted : HKLM\SOFTWARE\W3I [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\B5TService [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} [-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer [-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F445C8D2-5860-4978-A564-0D8F36A879E4} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} [-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ***** [ Web browsers ] ***** [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : apjkpjchfbckhjhokinlgdbmibpbbjak [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blmchfpimpbbdmgpcieclabeafkljbhm [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eooncjejnppfjjklapaamhcdmjbilmde [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jojhdgnandjllaeaaccnkddgieegmljj [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpmbfleldcgkldadpdinhjjopdfpjfjp [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mkndcbhcgphcfkkddanakjiepeknbgle [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nklfajnmfbchcceflgddnkignfheooic [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogccgbmabaphcakpiclgcnmcnimhokcj [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pelmeidfhdlhlbjimpabfcbnnojbboma [-] [C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16992 bytes] ##########
  4. kgh5219
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17/11/2015 Scan Time: 13:38 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.11.17.03 Rootkit Database: v2015.11.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Master Scan Type: Threat Scan Result: Completed Objects Scanned: 422351 Time Elapsed: 45 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 15 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [55c21d62b5d64aec5061a59f847e9b65], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [35e298e7d7b4c076ebc9d76de02230d0], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [c453a0dfe0ab6fc708aa0c3814ee32ce], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [0e09156a17745ed8b10850f4ac56fd03], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [27f03c4392f986b0feb7c77d32d0b848], Registry Values: 2 Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [43d42d528b00ff37204ad9633fc3e818], Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [35e21c6363283105016966d642c039c7], Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. kgh5219
    Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015 Ran by Master (2015-11-17 13:13:59) Run:1Running from C:\Users\Master\DesktopLoaded Profiles: Master (Available Profiles: Master)Boot Mode: Normal============================================== fixlist content:*****************StartCloseProcesses:CreateRestorePoint:HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] ()C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exeC:\Users\Master\AppData\Roaming\afghtShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No FileShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No FileShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No FileShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No FileShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No FileCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi)cmd: netsh winsock resetHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONS2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X]S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]S0 TfFsMon; system32\drivers\TfFsMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]S0 TfSysMon; system32\drivers\TfSysMon.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 wanatw; system32\DRIVERS\wanatw64.sys [X]S3 xspirit; \??\C:\Windows\xspirit.sys [X]2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log2012-08-21 20:40 - 2015-11-05 12:36 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.logC:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exeC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exeC:\Users\Master\AppData\Local\temp\lowproc.exeC:\Users\Master\AppData\Local\temp\qdAstsetup13.exeC:\Users\Master\AppData\Local\temp\stubhelper.dllC:\Users\Master\AppData\Local\temp\tu17p84.exeTask: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONC:\Program Files (x86)\MyPC BackupTask: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTIONTask: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\AutoKMSTask: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTIONTask: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTIONc:\programdata\quicksetAlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:4D066AD2AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2AlternateDataStreams: C:\ProgramData\Temp:E1F04E8DAlternateDataStreams: C:\ProgramData\Temp:E36F5B57EmptyTemp:End***************** Processes closed successfully.Restore point was successfully created.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ldkxa => value removed successfullyC:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe => moved successfullyC:\Users\Master\AppData\Roaming\afght => moved successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay1" => key removed successfully"HKCR\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay2" => key removed successfully"HKCR\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay3" => key removed successfully"HKCR\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay4" => key removed successfully"HKCR\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfullyHKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfullyHKCR\Wow6432Node\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfullyHKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyBstHdAndroidSvc => service not found.BstHdLogRotatorSvc => service not found.BstHdUpdaterSvc => service not found.Razer Game Scanner Service => service removed successfullyRzMaelstromVADStreamingService => service removed successfullyAhnFlt2K => service removed successfullyAhnRec2K => service removed successfullyBstHdDrv => service not found.dump_wmimmc => service removed successfullyEagleX64 => service removed successfullyJRSKD24 => service removed successfullyTfFsMon => service removed successfullyTfNetMon => service removed successfullyTfSysMon => service removed successfullyvtany => service removed successfullywanatw => service removed successfullyxspirit => service removed successfullyC:\Users\Master\AppData\Local\aqgghxya.log => moved successfullyC:\Users\Master\AppData\Local\kxolkgoj.log => moved successfullyC:\Users\Master\AppData\Local\mmxikddc.log => moved successfullyC:\Users\Master\AppData\Local\qdavljxb.log => moved successfullyC:\Users\Master\AppData\Local\Resmon.ResmonCfg => moved successfullyC:\ProgramData\243c3831_c => moved successfullyC:\ProgramData\cytkwumn.log => moved successfullyC:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe => moved successfullyC:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe => moved successfullyC:\Users\Master\AppData\Local\temp\lowproc.exe => moved successfullyC:\Users\Master\AppData\Local\temp\qdAstsetup13.exe => moved successfullyC:\Users\Master\AppData\Local\temp\stubhelper.dll => moved successfullyC:\Users\Master\AppData\Local\temp\tu17p84.exe => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D5203D-3311-45EB-8A8B-04BAC7D3DA1C}" => key removed successfullyC:\Windows\System32\Tasks\LaunchSignup => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully"C:\Program Files (x86)\MyPC Backup" => not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57C9741-35DC-4282-91B9-F3AFC4C1D3D6}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7D21CA1-A678-4A5C-96C3-1E0E7A07061E}" => key removed successfullyC:\Windows\System32\Tasks\AutoKMSCustom => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSCustom" => key removed successfully"C:\Windows\AutoKMS" => not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAD81C2C-00E4-4F71-AD56-1285B0033072}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found. C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => moved successfullyc:\programdata\quickset => moved successfullyC:\ProgramData\Temp => ":373E1720" ADS removed successfully.C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.EmptyTemp: => 2.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 13:19:05 ====
  6. kgh5219
    RogueKiller V10.11.5.0 (x64) [Nov 9 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Master [Administrator] Started from : C:\Users\Master\Desktop\RogueKillerX64.exe Mode : Scan -- Date : 11/14/2015 20:48:14 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤ [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn | (default) : {646BAAE7-7538-4866-8EEE-974C0AA910AB} -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} -> Found [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kvrrwkon (System32\drivers\avvifrad.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vtany (\??\C:\Windows\vtany.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtany (\??\C:\Windows\vtany.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vtany (\??\C:\Windows\vtany.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xspirit (\??\C:\Windows\xspirit.sys) -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444 -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤ [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\Program Files (x86)\globalUpdate -> Found [PUP][Folder] C:\Program Files (x86)\predm -> Found [PUP][Folder] C:\Program Files (x86)\SearchProtect -> Found [PUP][Folder] C:\Program Files (x86)\SimilarSites -> Found [PUP][Folder] C:\Program Files (x86)\Sk-Enhancer -> Found [PUP][Folder] C:\Program Files (x86)\ToggleMark -> Found [PUP][Folder] C:\Program Files (x86)\W3i -> Found [PUP][Folder] C:\Program Files (x86)\WebSearch -> Found ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] wkwtgo1d.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224");-> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 950f05daa3c404232d19ff8ca44b1749 [bSP] 16176d5abc32588c5d7e90f1b6e320f1 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  7. kgh5219
    Users shortcut scan result (x64) Version:07-11-2015 Ran by Master (2015-11-14 20:05:36) Running from C:\Users\Master\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes (RealPlayer).lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Downloader.lnk -> C:\Windows\Installer\{B0235718-21E0-4A90-A42F-9C64C1B531CD}\recordingmanager.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealTimes Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\RichText.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\QTPlayer.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Mplayer.lnk -> C:\Program Files (x86)\Mplayer\smplayer_portable.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer\Uninstall.lnk -> C:\Program Files (x86)\Mplayer\uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP ePrint.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\HP ePrint.exe (HP - TEST) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP LaserJet Guide.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\C_help\Help.exe (Hewlett-Packard Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Install Notes.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\English\Manuals\1100SeriesInstallNotes.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Uninstall.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\Uninstall.exe (HP) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Wireless Configuration.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2\eSobi v2.lnk -> C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe (Macrovision Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\MyWinLocker.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\Launcher\x86\MiniLauncher.exe (Egis Technology Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker\Online Help.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\x86\OnlineHelp.exe (Egis Technology Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너 제거.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum 클리너\Daum 클리너.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê Á¦°Å.lnk -> C:\Program Files\Daum\Cleaner\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\Daum Ŭ¸®³Ê\Daum Ŭ¸®³Ê.lnk -> C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Online registration.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\OLRSubmission\OLRSubmission.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Read Me.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\Readme.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Guide.lnk -> C:\book\Generic_User_Guide.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Quick Guide.lnk -> C:\book\Quick_Guide.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Acer GameZone Console.lnk -> C:\Program Files (x86)\Acer GameZone\GameConsole\Acer Game Console.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Spin & Win.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Spin & Win\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Spin & Win\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Poker Pop.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Poker Pop\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Poker Pop\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Merriam Websters Spell Jam.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Merriam Websters Spell Jam\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Heroes of Hellas.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Heroes of Hellas\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Galapago.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Galapago\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Galapago\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Farm Frenzy 2.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Farm Frenzy 2\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Dream Day First Home.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Dream Day First Home\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Cake Mania.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Cake Mania\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Cake Mania\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Amazonia.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Amazonia\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Amazonia\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Airport Mania First Flight.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Launch.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone\Airport Mania First Flight\Uninstall.lnk -> C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Acer Crystal Eye webcam.lnk -> C:\Program Files (x86)\Acer Crystal Eye webcam\CrystalEye.exe (Liteon) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Uninstall Acer Crystal Eye webcam.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager\Acer Backup Manager.lnk -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManager.exe (NewTech Infosystems, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer eRecovery Management.lnk -> C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe (Acer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Updater.lnk -> C:\Program Files\Acer\Acer Updater\ALU.exe (Acer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IdentityCard.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Welcome Center.lnk -> C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe (Acer Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Master\Links\Desktop.lnk -> C:\Users\Master\Desktop () Shortcut: C:\Users\Master\Links\Downloads.lnk -> C:\Users\Master\Downloads () Shortcut: C:\Users\Master\Links\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Master\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Drive.lnk -> C:\Users\Master\iCloudDrive (No File) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet-Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Master\4Sync\Getting Started with 4Sync.lnk -> C:\Program Files (x86)\4Sync\Getting Started with 4Sync.pdf (No File) Shortcut: C:\Users\Public\Desktop\Adobe Reader 9.lnk -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe () Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe () Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos#channel-popular.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/Music ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?market=en-gb&cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DGB&OC=T10UKDFT&PV=18.0.2.59&PBR=10485800&CO=gb&LI=en%2Dgb&PN=RealPlayer&DC=T10UKDFT&DT=040915&u=cff5bbed6a7047759b4236b80913b3c2#channel/popular ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Cigarettes In the Theatre.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/01 - Cigarettes In the Theatre.mp3 ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Real\RealPlayer\History\Come Back Home.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/Master/Music/New folder/Two Door Cinema Club - Discography (2008-2012) [MP3 V0]/2010 - Tourist History (Japan Edition)/02 - Come Back Home.mp3 ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Master\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: InternetURL: C:\Users\Master\Music\New folder\music\CODE KUNST - PARACHUTE [www.k2nblog.com]\K2NBLOG.com - visit for more albums, singles, MVs.url -> hxxp://k2nblog.com/ InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728 InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698 InternetURL: C:\Users\Master\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271 InternetURL: C:\Users\Master\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/ InternetURL: C:\Users\Master\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/messages InternetURL: C:\Users\Master\Favorites\Links\Froggie.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539 InternetURL: C:\Users\Master\Favorites\Links\Google.url -> hxxps://www.google.co.uk/ InternetURL: C:\Users\Master\Favorites\Links\Suggested Sites (2).url -> hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Master\Favorites\Links\Suggested Sites.url -> 0 InternetURL: C:\Users\Master\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\Houston Koreatown - Daum 카페.url -> hxxp://cafe.daum.net/txhouston InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\I LOVE HOUSTON 2011년 12월 휴스턴 지역 룸메이트, 하숙, 렌트관련 정보 - Daum 카페.url -> hxxp://cafe.daum.net/Houston/T5MM/42?docid=7Q6kT5MM4220111215120833 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\미국관련\코리안 휴스턴 메인홈.url -> hxxp://korean-houston.com/cafexe/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links for United Kingdom\Welcome to 04UK.COM.url -> hxxp://www.04uk.com/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\BBC - Homepage.url -> hxxp://www.bbc.co.uk/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Facebook.url -> hxxps://www.facebook.com/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Google.url -> hxxps://www.google.co.uk/ InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Student Home Page NEW.url -> hxxp://vle.tiffin.kingston.sch.uk/index.phtml?d=556539 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Master\Desktop\Dad\Dad\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/?gl=GB&hl=en-GB InternetURL: C:\Users\Master\4Sync\100GB Storage.url -> hxxp://www.4sync.com ==================== End of Shortcut.txt =============================
  8. kgh5219
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015 Ran by Master (2015-11-14 20:03:26) Running from C:\Users\Master\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled) Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled) Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\Master ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Daum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.) Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: - ) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - ) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTION Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden SK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version: - Verified Publisher) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - ) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Veraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 05-11-2015 14:23:04 Removed BlueStacks Notification Center 05-11-2015 21:48:25 Removed Microsoft Office Enterprise 2007 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11" Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION Task: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default Task: {1A0F294A-62E5-4661-9BC3-2B5494A90A06} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default Task: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {26FFE70F-9E70-4FD2-A01C-38E918613B88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder" Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe Task: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {9028F171-E8B5-40A3-A587-E10E689549BF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.) Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTION Task: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTION Task: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated) Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory" Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe Task: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11" Task: {E42141DC-00C5-4400-AFC8-1F6710D1E5B5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION Task: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL 2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe 2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll 2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll 2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: DaumCleanerService => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: Razer Game Scanner Service => 2 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2 MSCONFIG\Services: RealPlayer Cloud Service => 2 MSCONFIG\Services: RzMaelstromVADStreamingService => 2 MSCONFIG\Services: RzOvlMon => 2 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SeaPort => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wlidsvc => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: YahooAUService => 2 MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe FirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe FirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe FirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100 FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427 FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161 FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{66A45832-78DF-4DF5-AEE5-152E4DD6BD7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/14/2015 08:01:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1bfc Start Time: 01d11f1700714260 Termination Time: 8 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 856caaf1-8b0a-11e5-8141-1c750843763f Error: (11/14/2015 07:59:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4068 Start Time: 01d11f16dbf2d7d7 Termination Time: 12 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 354f39cc-8b0a-11e5-8141-1c750843763f Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 43214040 Error: (11/14/2015 05:19:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 43214040 Error: (11/14/2015 05:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 122273 Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 122273 Error: (11/12/2015 10:53:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 121275 Error: (11/12/2015 10:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 121275 System errors: ============= Error: (11/14/2015 05:19:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service. Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer. Error: (11/13/2015 12:39:30 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer. Error: (11/12/2015 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 4 time(s). Error: (11/12/2015 05:00:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/12/2015 04:59:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/12/2015 04:59:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/10/2015 11:10:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (11/09/2015 10:55:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 3 time(s). Error: (11/09/2015 10:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2013-03-22 17:19:39.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-22 17:19:38.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.606 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:56.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:55.949 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.679 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.492 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.465 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.278 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 35% Total physical RAM: 2806.71 MB Available physical RAM: 1799.65 MB Total Virtual: 7412.9 MB Available Virtual: 6012.91 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:167.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. kgh5219
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by Master (administrator) on LUKE (14-11-2015 20:02:16) Running from C:\Users\Master\Desktop Loaded Profiles: Master (Available Profiles: Master) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\DM.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286784 2015-09-04] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] () HKLM-x32\...\Run: [ldkxa] => C:\Users\Master\AppData\Roaming\afght\onhbdi\gzsir.exe [261440 2015-10-28] () HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [spotify Web Helper] => C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe AppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => No File ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No File ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.) ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No File ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-28] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-2562538608-3379174730-3565747309-1005] => http=127.0.0.1:4444;https=127.0.0.1:4445;ftp=127.0.0.1:4444 Winsock: Catalog9 01 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi) Winsock: Catalog9 02 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi) Winsock: Catalog9 03 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi) Winsock: Catalog9 04 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi) Winsock: Catalog9 15 C:\Windows\SysWOW64\mintcastnetworks.dll [295736 2014-06-11] (AdwareRoi) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> {F445C8D2-5860-4978-A564-0D8F36A879E4} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EGB&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=241C9536-6D17-4B8D-ABB1-7395AE106732&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_10.0.9200.16635&doi=2013-07-15&trgb=IE&q={searchTerms}&psv= BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader) BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO-x32: Daum 클리너 -> {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} -> C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll [2012-08-01] (Daum Communications Corp.) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File Toolbar: HKU\S-1-5-21-2562538608-3379174730-3565747309-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SKV67EK\TouchEnKey_Installer.exe DPF: HKLM-x32 {8C96AC47-F768-47F5-95C2-24018E6674C5} hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4 Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2015-02-23] (© INITECH) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default FF SelectedSearchEngine: v9 FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File] FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File] FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File] FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2011-11-16] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-04] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2562538608-3379174730-3565747309-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\wkwtgo1d.default\user.js [2015-02-23] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-04] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FASzamobl06092,a494acb5-76a5-49e5-81a7-c146c5d77224&vp=ch&prd=set CHR StartupUrls: Default -> "hxxp://google.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File CHR Plugin: (Unity Player) - C:\Users\Master\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes) CHR Profile: C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Adblock Plus) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22] CHR Extension: (Google Search) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Google Docs Offline) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (Gmail) - C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - C:\Users\Master\AppData\Local\B5T\6.0.5.2\Extensions\B5TShoppingAssistantNativeMsg.crx <not found> StartMenuInternet: Google Chrome.I7TI3I7QGXMC6GV4VF542MKHD4 - C:\Users\luk\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S4 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [199088 2012-08-01] (Daum Communications Corp.) R2 DM; C:\Windows\SysWOW64\DM.exe [2535424 2011-06-07] () [File not signed] S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3963248 2011-01-12] (INCA Internet Co., Ltd.) [File not signed] S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.) S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] () R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-04] (RealNetworks, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-20] (Wellbia.com Co., Ltd.) [File not signed] S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X] S4 RzMaelstromVADStreamingService; "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.) R2 clunet; C:\Windows\system32\drivers\clunet.sys [49224 2010-10-18] (Windows ® Win 7 DDK provider) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-02-28] (RaonSecure Co., Ltd.) S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-02-28] (Kings Information & Network) S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) [File not signed] U0 kvrrwkon; C:\Windows\System32\drivers\avvifrad.sys [79064 2015-11-13] (Malwarebytes) S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-15] (AhnLab, Inc.) S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-15] (AhnLab, Inc.) S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98040 2012-03-07] (AhnLab, Inc.) S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107768 2012-03-07] (AhnLab, Inc.) S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [183544 2012-03-07] (AhnLab, Inc.) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed] R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2015-05-15] () S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21432 2015-02-23] (SoftCamp) S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [42352 2015-02-23] (SoftCamp) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-05] () S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X] S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X] S3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X] R0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X] S0 TfFsMon; system32\drivers\TfFsMon.sys [X] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X] S0 TfSysMon; system32\drivers\TfSysMon.sys [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 wanatw; system32\DRIVERS\wanatw64.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 20:02 - 2015-11-14 20:02 - 00031286 _____ C:\Users\Master\Desktop\FRST.txt 2015-11-14 19:51 - 2015-11-14 19:51 - 00000000 ____D C:\Users\Master\Desktop\FRST-OlderVersion 2015-11-13 14:59 - 2015-11-13 14:59 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\avvifrad.sys 2015-11-05 22:45 - 2015-11-12 22:46 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-11-05 13:47 - 2015-11-05 13:47 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-11-05 13:47 - 2015-11-05 13:47 - 00000000 ____D C:\ProgramData\RogueKiller 2015-11-05 13:46 - 2015-11-05 13:46 - 18969672 _____ C:\Users\Master\Desktop\RogueKiller.exe 2015-11-05 13:37 - 2015-11-14 20:02 - 00000000 ____D C:\FRST 2015-11-05 13:36 - 2015-11-14 19:51 - 02198528 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe 2015-11-05 12:15 - 2015-11-05 12:15 - 00000000 ____D C:\MGADiagToolOutput 2015-11-05 12:13 - 2015-11-05 12:13 - 02031992 _____ (Microsoft Corporation) C:\Users\Master\Downloads\MGADiag.exe 2015-11-05 12:13 - 2015-11-05 12:13 - 00000000 ____D C:\ProgramData\Office Genuine Advantage 2015-11-05 12:10 - 2015-11-07 17:12 - 00006424 _____ C:\Windows\system32\PerfStringBackup.TMP 2015-11-05 12:10 - 2015-11-05 12:10 - 00002709 _____ C:\Users\Master\Downloads\legitcheck.hta 2015-11-05 12:08 - 2015-11-05 12:08 - 00000552 _____ C:\Windows\system32\spsys.log 2015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-05 12:07 - 2015-11-14 19:54 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-05 12:03 - 2015-11-05 22:01 - 00466456 _____ C:\Windows\system32\FNTCACHE.DAT 2015-10-29 19:32 - 2015-10-29 19:32 - 00000000 __SHD C:\found.001 2015-10-29 18:26 - 2015-10-29 18:26 - 00000000 ____D C:\Windows\Minidump 2015-10-28 15:40 - 2015-10-28 15:40 - 00000080 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk 2015-10-28 13:33 - 2015-10-28 15:41 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-10-28 13:14 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\LocalLow\B5T 2015-10-28 13:14 - 2015-10-28 13:14 - 00000000 ____D C:\Users\Master\AppData\Roaming\afght 2015-10-28 13:11 - 2015-10-28 13:15 - 00000000 ____D C:\Users\Master\AppData\Local\DeskBar 2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud 2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\Apple Inc 2015-10-28 11:54 - 2015-10-28 11:54 - 00000000 ____D C:\Users\Master\AppData\Local\7AC9325A-5313-488A-9DB0-D0B71223D70B.aplzod 2015-10-28 11:38 - 2015-10-28 15:40 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-10-28 11:38 - 2015-10-28 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-10-28 11:37 - 2015-10-28 11:38 - 00000000 ____D C:\Program Files\iTunes 2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files\iPod 2015-10-28 11:37 - 2015-10-28 11:37 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files\Bonjour 2015-10-28 11:32 - 2015-10-28 11:32 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-10-28 11:29 - 2015-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-10-27 10:58 - 2015-10-27 10:58 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll 2015-10-23 21:40 - 2015-10-23 21:40 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Oracle ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 20:02 - 2012-08-21 20:40 - 00007602 _____ C:\Users\Master\AppData\Local\Resmon.ResmonCfg 2015-11-14 19:45 - 2013-06-15 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-14 19:10 - 2011-12-23 16:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-14 18:48 - 2014-06-21 11:23 - 00003334 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 2015-11-14 18:48 - 2013-11-29 19:35 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 2015-11-14 18:48 - 2011-12-23 16:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-14 18:48 - 2010-12-04 04:05 - 01219057 _____ C:\Windows\WindowsUpdate.log 2015-11-13 15:04 - 2014-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-12 23:17 - 2014-08-27 00:37 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-12 22:47 - 2015-01-30 19:10 - 00003356 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 2015-11-12 22:47 - 2015-01-30 19:10 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 2015-11-12 22:46 - 2013-06-15 18:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-12 22:46 - 2012-05-12 16:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-12 22:46 - 2011-05-17 17:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-06 22:49 - 2014-09-30 17:06 - 00007080 _____ C:\Windows\setupact.log 2015-11-06 22:49 - 2013-12-02 20:39 - 00000454 ____H C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job 2015-11-06 22:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-05 22:38 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps 2015-11-05 22:03 - 2012-08-18 10:21 - 00116184 _____ C:\Users\Master\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-05 22:00 - 2014-11-15 17:35 - 00701374 _____ C:\Windows\PFRO.log 2015-11-05 21:56 - 2011-02-19 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-05 21:56 - 2010-12-04 04:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-05 21:56 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\ShellNew 2015-11-05 21:56 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-11-05 21:51 - 2009-07-14 02:34 - 00000387 _____ C:\Windows\win.ini 2015-11-05 21:48 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-11-05 14:24 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries 2015-11-05 13:26 - 2011-03-11 19:47 - 00000000 ____D C:\Windows\Sun 2015-11-05 12:19 - 2013-11-26 21:32 - 00000000 ____D C:\Users\Master\AppData\Roaming\uTorrent 2015-11-05 12:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss 2015-10-29 22:31 - 2012-08-18 10:20 - 00000000 ____D C:\Users\Master 2015-10-29 19:22 - 2013-12-17 21:56 - 00118216 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-10-29 19:22 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-10-29 19:15 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup 2015-10-28 16:02 - 2012-08-18 10:21 - 00000000 ____D C:\Users\Master\AppData\Roaming\Apple Computer 2015-10-28 16:02 - 2011-02-22 21:02 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-10-28 15:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\addins 2015-10-28 15:41 - 2014-09-11 20:39 - 00001816 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-10-28 15:41 - 2014-04-26 09:28 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-10-28 15:41 - 2012-08-18 10:20 - 00001397 _____ C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk 2015-10-28 15:41 - 2011-12-01 19:36 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2015-10-28 15:41 - 2011-02-24 14:00 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-10-28 15:41 - 2011-02-24 13:59 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-10-28 15:41 - 2011-02-24 13:59 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-10-28 15:41 - 2011-02-24 13:59 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-10-28 15:41 - 2011-02-22 21:03 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-10-28 15:41 - 2010-12-04 04:26 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk 2015-10-28 15:41 - 2010-08-30 09:26 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk 2015-10-28 15:41 - 2010-08-30 08:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-10-28 15:41 - 2010-08-30 08:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-10-28 15:41 - 2009-07-14 04:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-10-28 15:41 - 2009-07-14 04:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-10-28 15:41 - 2009-07-14 04:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-10-28 15:41 - 2009-07-14 04:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-10-28 15:40 - 2015-09-04 10:13 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk 2015-10-28 15:40 - 2015-08-31 19:43 - 00001803 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-10-28 15:40 - 2014-04-26 09:28 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-10-28 15:40 - 2013-12-21 18:08 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-10-28 15:40 - 2013-12-15 10:12 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk 2015-10-28 15:40 - 2012-09-06 06:04 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk 2015-10-28 15:40 - 2011-12-01 19:36 - 00002485 _____ C:\Users\Public\Desktop\Safari.lnk 2015-10-28 15:40 - 2011-03-15 19:13 - 00001972 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2015-10-28 15:40 - 2009-07-14 05:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-10-28 15:40 - 2009-07-14 04:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-10-28 13:34 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\Local\Unity 2015-10-28 13:14 - 2014-11-16 18:50 - 00000000 ____D C:\Users\Master\AppData\LocalLow\Unity ==================== Files in the root of some directories ======= 2014-05-12 18:52 - 2014-03-16 01:22 - 0003541 _____ () C:\Program Files (x86)\NA_Network_Diagnostic_Test_v6.bat 2014-05-12 18:53 - 2014-05-12 18:57 - 0015204 _____ () C:\Program Files (x86)\riot-lol-results-pc-v6.txt 2013-05-11 18:00 - 2013-05-10 05:06 - 0011855 _____ () C:\Users\Master\AppData\Roaming\photo.jpeg 2013-12-11 21:25 - 2014-06-02 20:57 - 0034816 _____ () C:\Users\Master\AppData\Roaming\RZR_0060a48d4361bf547311ce97226c.db 2014-08-26 23:19 - 2014-08-26 23:19 - 0000047 _____ () C:\Users\Master\AppData\Roaming\WB.CFG 2013-01-26 14:46 - 2013-01-30 21:23 - 0000004 _____ () C:\Users\Master\AppData\Local\aqgghxya.log 2015-08-14 10:47 - 2015-08-14 10:47 - 0004608 _____ () C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\kxolkgoj.log 2013-01-26 14:54 - 2013-01-30 21:22 - 0000000 _____ () C:\Users\Master\AppData\Local\mmxikddc.log 2013-01-26 14:46 - 2013-01-26 14:46 - 0000000 _____ () C:\Users\Master\AppData\Local\qdavljxb.log 2012-08-21 20:40 - 2015-11-14 20:02 - 0007602 _____ () C:\Users\Master\AppData\Local\Resmon.ResmonCfg 2013-04-16 17:03 - 2013-04-16 17:03 - 0000000 _____ () C:\ProgramData\243c3831_c 2012-08-14 11:01 - 2012-08-14 11:01 - 0000064 _____ () C:\ProgramData\cytkwumn.log Some files in TEMP: ==================== C:\Users\Master\AppData\Local\temp\dllnt_dump.dll C:\Users\Master\AppData\Local\temp\jre-8u51-windows-au.exe C:\Users\Master\AppData\Local\temp\jre-8u65-windows-au.exe C:\Users\Master\AppData\Local\temp\lowproc.exe C:\Users\Master\AppData\Local\temp\qdAstsetup13.exe C:\Users\Master\AppData\Local\temp\stubhelper.dll C:\Users\Master\AppData\Local\temp\tu17p84.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 18:16 ==================== End of FRST.txt ============================
  10. kgh5219
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/11/2015 Scan Time: 13:22 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.11.13.04 Rootkit Database: v2015.11.13.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Master Scan Type: Threat Scan Result: Completed Objects Scanned: 433489 Time Elapsed: 48 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 4 Adware.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [682038453358cb6b08e896a248babb45], Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB}, Quarantined, [91f7e39aabe07eb8ba36b0886b97ca36], PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyClient.exe, 9000, Quarantined, [7f09a1dcd2b9270fb611f9de28db43bd] PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe, 9000, Quarantined, [c4c4443905868aac2b9b667140c30cf4] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. kgh5219
    So, should I redo all the steps again? The adware is still coming up on scans
  12. kgh5219
    Um my last topic was locked or something because of some software... I deleted it so can I get some help? Malwarebyte keeps finding some chinad in its scans even though I quarantine them... Started off with some virus that downloaded a bunch of other ones. Seems to be Chinese. Some process called gzsir.exe used up like 1 gb of ram, seems to be no info on the Internet on that... It seems to have changed something on my Windows 7 product key or something because the laptop is now telling me that it's not genuine or something pls help
  13. kgh5219
    Caught a virus that downloaded a bunch of other nasty stuff. Also changed my windows key or something so my computer tells me that I dont have genuine windows the virus hides as other processes, eg. chrome.exe. i know this because there are like 10 chrome processes when i just open it.
  14. kgh5219
    Um, I'm not actually sure what illegal software I have... could you please tell me?
  15. kgh5219
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015 Ran by Master (2015-11-05 13:38:35) Running from C:\Users\Master\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-02-19 20:57:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2562538608-3379174730-3565747309-500 - Administrator - Disabled) Guest (S-1-5-21-2562538608-3379174730-3565747309-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2562538608-3379174730-3565747309-1002 - Limited - Enabled) Master (S-1-5-21-2562538608-3379174730-3565747309-1005 - Administrator - Enabled) => C:\Users\Master Ruke (S-1-5-21-2562538608-3379174730-3565747309-1006 - Administrator - Enabled) => C:\Users\Ruke ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Daum 클리너 (HKLM\...\DaumCleaner) (Version: 1.5 - Daum Communications Corp.) Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) INISafe SFilter 7.2 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: - ) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Excel 2007 Help 업데이트 (KB963678) (HKLM-x32\...\{90120000-0016-0412-0000-0000000FF1CE}_ENTERPRISE_{DEA3DED2-5CB8-4FD3-BE1B-7C0412D4117F}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Powerpoint 2007 Help 업데이트 (KB963669) (HKLM-x32\...\{90120000-0018-0412-0000-0000000FF1CE}_ENTERPRISE_{98189FA0-E081-4DBD-84DE-8FB66BF4AC6C}) (Version: - Microsoft) Microsoft Office Word 2007 Help 업데이트 (KB963665) (HKLM-x32\...\{90120000-001B-0412-0000-0000000FF1CE}_ENTERPRISE_{15B9412E-6769-4CEA-8A83-39FEDB1F3499}) (Version: - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MLS AD Integration (HKLM-x32\...\{4F517950-16E9-49A5-B3B1-91E100604B29}) (Version: 1.0.0 - Micro Librarian Systems) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - ) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTION Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden SK-Helper 1.74 (HKLM-x32\...\SP_617c7ac4) (Version: - Verified Publisher) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - ) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Spotify (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Veraport20(Security module management) - 2,5,1,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,1,6 - Wizvera) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2013-01-31 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04026F6F-526F-4096-A160-5CEB98E55FD1} - System32\Tasks\{591457EB-5077-43BA-B069-AF13F542FB09} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11" Task: {09172A5F-209C-4779-A8B9-EAE7B1D18F4B} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION Task: {0A06C8E9-F35C-4414-9365-62C6D6E45629} - System32\Tasks\{81EC26CB-FC62-4850-B73F-9EC046D5EDBB} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default Task: {117987D2-0CDD-424B-8F35-E501D4C15F83} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {1BF6F709-663B-4985-967D-18DF3E1A68AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {2013D8E8-C751-4A3E-A865-0577C252F603} - System32\Tasks\{FB587424-E5B5-4F20-A9CE-07D6EBBD00E0} => pcalua.exe -a "C:\Remote Programs\Leeloo's Talent Agency\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=721750;name=Leeloo's Talent Agency;dir=C:\Remote Programs\Leeloo's Talent Agency\;prvid=143;cmdid=1;prvdir=Default Task: {222A3CCF-44BC-4B3A-AD32-218514666674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {3F631565-51F6-419F-8352-E826F02614A8} - System32\Tasks\{34DA9454-7B6A-43C0-85AD-BE1306D9F696} => pcalua.exe -a "C:\Users\luk\Downloads\New folder\MSSetupv83.exe" -d "C:\Users\luk\Downloads\New folder" Task: {40FDAE7E-05DC-48EA-B9BE-EFEDAEB7B1B5} - System32\Tasks\{2A82FD18-9598-4C49-9C06-14BD8DDA6834} => pcalua.exe -a "C:\Users\Master\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {426F6309-9A90-4293-9CF5-AF85B53C0171} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {4CF65650-702F-4DEF-BFFE-FE6F6B6A7485} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe Task: {6E0DDEAC-0C7C-4FA8-A3DF-A4D67560D64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {88D5203D-3311-45EB-8A8B-04BAC7D3DA1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {92559B97-FA4F-49DE-A58A-5E287C7FF5D1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.) Task: {93083D06-A07A-4884-9DF9-6867455C9669} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {99F3F955-35DE-4A16-AB5E-A1BD0EF3A80A} - System32\Tasks\RunAsStdUser Task => C:\Users\Master\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe <==== ATTENTION Task: {B57C9741-35DC-4282-91B9-F3AFC4C1D3D6} - \Test TimeTrigger -> No File <==== ATTENTION Task: {BB48DAD0-51EF-49DB-8F72-38A3DAC3A931} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated) Task: {BC47FA25-9DBB-49D8-A2DB-DCF5C3580CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {C630D205-6042-4008-87C5-A17EC56B55F5} - System32\Tasks\{4F2BA3FA-C0A0-49B9-A270-D21866EE47A5} => pcalua.exe -a "C:\Nexon\Europe MapleStory\Setup.exe" -d "C:\Nexon\Europe MapleStory" Task: {C7D21CA1-A678-4A5C-96C3-1E0E7A07061E} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe Task: {DF013C53-02CE-4492-9B67-3680F10C16A9} - System32\Tasks\{41154EC5-E06D-4263-9390-ADF52902598E} => pcalua.exe -a C:\Users\luk\Downloads\jre-6u24-windows-i586-iftw(3).exe -d "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11" Task: {E3D86EE5-3B45-4A8C-92B8-1099DF26175D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {EAD81C2C-00E4-4F71-AD56-1285B0033072} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION Task: {FCC49B66-B670-488E-A906-ACD04858F400} - System32\Tasks\{43683F31-E93C-4C68-8FBA-2777FF3B7A2D} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0b409cef98cef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c01bea26f8b4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4075456c35.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1663bc0b05c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RealDownloader Update Check.job => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2562538608-3379174730-3565747309-1005.job => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exeH/schedule /profile c:\programdata\quickset\sk-enhancer\5902107913.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 19:25 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL 2014-06-02 19:25 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-06-07 07:08 - 2011-06-07 07:08 - 02535424 _____ () C:\Windows\SysWOW64\DM.exe 2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2010-09-01 07:18 - 2010-09-01 07:18 - 00033792 _____ () C:\Windows\SysWOW64\clunet.dll 2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll 2015-09-04 10:13 - 2015-09-04 10:13 - 00089152 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll 2009-08-04 16:23 - 2009-08-04 16:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll 2009-08-04 16:23 - 2009-08-04 16:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll 2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-10-23 20:43 - 2014-10-23 20:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll 2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2015-10-28 05:07 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll 2015-10-28 05:07 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll 2015-02-15 00:40 - 2015-02-15 00:40 - 00381440 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mintcastnetworks => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2562538608-3379174730-3565747309-1005\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: DaumCleanerService => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: Razer Game Scanner Service => 2 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2 MSCONFIG\Services: RealPlayer Cloud Service => 2 MSCONFIG\Services: RzMaelstromVADStreamingService => 2 MSCONFIG\Services: RzOvlMon => 2 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SeaPort => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wlidsvc => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: YahooAUService => 2 MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6CDDC26C-3BD0-4BC3-967C-1438DD8B77B7}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{6DF5C7AC-1BFB-4CDB-960C-5106C8B4FDB4}] => (Allow) C:\Users\Master\AppData\Roaming\Spotify\spotify.exe FirewallRules: [TCP Query User{185A6A5E-38FC-4AD5-95C7-6A8B5E3E5FFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{36D473F5-5B43-4922-8651-559D5A0C1FDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FE5E4F67-745F-4536-BCA9-E142F4436D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6DFAB8CA-6A61-4428-A283-A151756F7D29}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{53E0B21D-CEC5-4064-80AB-9D36E57868AA}] => (Allow) C:\Users\Master\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{14108F18-1108-4814-AB3C-6439FD3E8753}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe FirewallRules: [{E4A53963-EA44-42D4-95B7-2E7FD14C45B9}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe FirewallRules: [{588C52AA-34EA-4DA2-A3D9-A7BC0BA3D950}] => (Allow) LPort=9100 FirewallRules: [{C51128F3-23C1-455C-B134-5B3640B38E94}] => (Allow) LPort=427 FirewallRules: [{496815FA-1809-4B4E-BD22-E232CA9340C5}] => (Allow) LPort=161 FirewallRules: [{19D58FB3-99CF-4C24-A4E9-99311B4DFA07}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [TCP Query User{1126BF81-3B4F-4A67-9DF4-7E178378BBC0}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [uDP Query User{CE5BCA81-96DC-458D-B4C2-13BCAA979042}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{8B27FB08-C4B2-4E03-9564-B9989E7B95E7}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [uDP Query User{61BC8FF8-D3D8-4AB1-9C61-7AC4B5F1504D}C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\master\desktop\0\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{5C66CE2D-CE06-4601-913B-9B61C0A4984E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3A0E4610-C87D-43A6-AA7E-07666FC665B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B8446F95-6B62-4440-9BA5-B7B03CC4C5ED}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [uDP Query User{F17F00C0-7D8D-4250-B1BE-CCD4B6F52F03}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [{053168E4-AAD5-4387-9BE2-FFA8574066C4}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{8C0A2E64-DA6C-4A3F-A4A8-10D58D036AC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{38F89912-3940-4291-9ECF-BEA0D6F1CA72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AC2AAB7C-5BF6-405D-8EC2-432DE0F36ADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E8D0901A-F879-4CA4-A951-80A807382B90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CA83269A-0098-4451-86C4-A293834B1731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{240EB17C-6EA4-476F-9806-F241EE40314E}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= Name: BlueStacks Hypervisor Description: BlueStacks Hypervisor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BstHdDrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 01:33:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/05/2015 12:10:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (02/07/2015 07:41:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x2a70 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Error: (02/06/2015 06:53:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x2c10 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Error: (02/05/2015 09:54:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x105c Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Error: (01/31/2015 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x1f74 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Error: (01/23/2015 12:52:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x18e4 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Error: (01/21/2015 06:03:28 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program PMM Update Application because of this error. Program: PMM Update Application File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 System errors: ============= Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:25:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/30/2015 01:18:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 CodeIntegrity: =================================== Date: 2013-03-22 17:19:39.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-22 17:19:38.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 18:44:53.606 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:56.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-30 19:22:55.949 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.679 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-29 21:45:18.492 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.465 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-28 19:53:18.278 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Master\AppData\Local\Temp\ugabgegf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 61% Total physical RAM: 2806.71 MB Available physical RAM: 1074 MB Total Virtual: 7412.9 MB Available Virtual: 5266.92 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:165.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A022D740) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.