Sign in to follow this  
KakOkA

Ads by lowprices/buzzwok Malware ?

Recommended Posts

Hello,

 

I'm struggling since a few weeks getting rid of these ads and questionnaries randomly popping when I go into regular website.. "ads by lowprices" is what appear on the top right corner of each add. And I have a lot of advertisment links to "buzzwok.com"

 

I've done a complete scan with Ad Aware, and here are the reports from FRST.

 

FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by neidk_000 (administrator) on AYYA-LAPTOP on 11-01-2015 21:43:13
Running from C:\Users\neidk_000\Downloads
Loaded Profile: neidk_000 (Available profiles: neidk_000)
Platform: Windows 8.1 (X64) OS Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxdncoms.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{566FF924-4929-471D-A511-91D26E3B30EC}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * bddel.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30]
CHR Extension: (Google Docs) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30]
CHR Extension: (YouTube) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30]
CHR Extension: (Recherche Google) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30]
CHR Extension: (Google Sheets) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30]
CHR Extension: (Barre de Confiance CM-CIC) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjkhaeogkeelkioellpgcebmekedpag [2014-08-30]
CHR Extension: (1click timer) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3885264 2013-08-29] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300352 2014-11-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 Razerlow; C:\Windows\system32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 21:43 - 2015-01-11 21:43 - 00018727 _____ () C:\Users\neidk_000\Downloads\FRST.txt
2015-01-11 21:43 - 2015-01-11 21:43 - 00000000 ____D () C:\FRST
2015-01-11 21:42 - 2015-01-11 21:42 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe
2015-01-11 21:40 - 2015-01-11 21:40 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Lavasoft
2015-01-11 21:38 - 2015-01-11 21:38 - 00027112 _____ () C:\WINDOWS\system32\bddel.exe
2015-01-11 21:38 - 2015-01-11 21:38 - 00008556 _____ () C:\WINDOWS\system32\bddel.dat
2015-01-11 21:25 - 2015-01-11 21:25 - 00002355 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\LavasoftStatistics
2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-11 21:23 - 2015-01-11 21:23 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-11 21:21 - 2015-01-11 21:21 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (1).exe
2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-11 21:20 - 2015-01-11 21:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-11 21:19 - 2015-01-11 21:19 - 01707144 _____ () C:\Users\neidk_000\Downloads\Adaware_Installer-11.2.5952.exe
2015-01-11 21:18 - 2015-01-11 21:18 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64.exe
2015-01-11 21:10 - 2015-01-11 21:12 - 00000000 ____D () C:\AdwCleaner
2015-01-11 21:08 - 2015-01-11 21:09 - 02173952 _____ () C:\Users\neidk_000\Downloads\AdwCleaner-4.106.exe
2015-01-11 20:10 - 2015-01-11 20:10 - 00775968 _____ (Reimage®) C:\Users\neidk_000\Downloads\ReimageRepair.exe
2015-01-11 18:12 - 2015-01-11 21:13 - 00007438 _____ () C:\WINDOWS\PFRO.log
2015-01-11 18:12 - 2015-01-11 18:13 - 00480024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-11 17:56 - 2015-01-11 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 17:48 - 2015-01-11 17:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\Program Files (x86)\sAlEpruizEss
2015-01-09 19:13 - 2015-01-09 19:13 - 00000000 ____D () C:\Program Files (x86)\brOOwwseaandshoP
2015-01-08 19:08 - 2015-01-11 18:12 - 00000000 ____D () C:\ProgramData\sAlEpruizEss
2015-01-08 19:08 - 2015-01-11 18:12 - 00000000 ____D () C:\ProgramData\brOOwwseaandshoP
2015-01-08 19:08 - 2015-01-08 19:08 - 00000000 ____D () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb
2015-01-07 17:58 - 2015-01-11 21:38 - 00000000 ____D () C:\Program Files (x86)\desktopbeautifier
2015-01-06 21:39 - 2015-01-06 21:39 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Macromedia
2015-01-02 16:54 - 2015-01-02 16:54 - 00002393 _____ () C:\Users\neidk_000\Documents\MumbleAutomaticCertificateBackup.p12
2015-01-02 16:53 - 2015-01-03 14:12 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mumble
2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-01-02 16:35 - 2015-01-02 16:36 - 16232960 _____ () C:\Users\neidk_000\Downloads\mumble_1-2-7_fr_43179.msi
2015-01-02 12:38 - 2015-01-02 12:38 - 00011361 _____ () C:\Users\neidk_000\Downloads\WarriorProcAlert-r67.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 01322876 _____ () C:\Users\neidk_000\Downloads\DBM-4.52-r4442-Core-and-##No spam-Mods.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 00357076 _____ () C:\Users\neidk_000\Downloads\Recount-v4.0.1_release.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 00071612 _____ () C:\Users\neidk_000\Downloads\omnicc-6.0.10.zip
2015-01-01 16:34 - 2015-01-01 16:34 - 00000000 ____D () C:\Users\neidk_000\Downloads\realmlist
2015-01-01 16:33 - 2015-01-01 16:33 - 00000117 _____ () C:\Users\neidk_000\Downloads\realmlist.rar
2015-01-01 16:27 - 2015-01-01 16:27 - 00002030 _____ () C:\Users\neidk_000\Desktop\World of Warcraft 3.3.5 Ivalice - Raccourci.lnk
2015-01-01 16:27 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment
2014-12-29 18:07 - 2014-12-29 18:07 - 00063589 _____ () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice_open.torrent
2014-12-29 18:07 - 2014-12-29 18:07 - 00000000 ____D () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice
2014-12-22 18:35 - 2014-12-22 18:35 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\4kdownload.com
2014-12-22 18:27 - 2014-12-22 18:29 - 23859608 _____ (Open Media LLC ) C:\Users\neidk_000\Downloads\4kvideodownloader_3.4.exe
2014-12-20 01:36 - 2014-12-20 01:36 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-15 23:21 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-15 23:21 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-14 18:59 - 2015-01-09 21:01 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\TS3Client
2014-12-14 12:00 - 2015-01-11 20:57 - 01430513 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 11:34 - 2014-12-14 11:34 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\GlarySoft
2014-12-14 10:37 - 2014-12-14 10:37 - 00000000 ____D () C:\ProgramData\IObit
2014-12-14 10:37 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-12-14 10:37 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\IObit
2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-14 10:35 - 2014-12-14 10:36 - 12270960 _____ (IObit ) C:\Users\neidk_000\Downloads\smart-defrag-setup.exe
2014-12-14 09:51 - 2014-12-14 09:51 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-14 09:50 - 2014-12-14 09:52 - 17528608 _____ (IObit) C:\Users\neidk_000\Downloads\iobituninstaller.exe
2014-12-14 09:49 - 2014-12-14 09:50 - 05162080 _____ (Piriform Ltd) C:\Users\neidk_000\Downloads\ccsetup500.exe
2014-12-14 09:47 - 2015-01-11 21:04 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\DigitalVolcano
2014-12-14 09:45 - 2014-12-14 09:45 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\neidk_000\Downloads\DuplicateCleaner_setup [1].exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 21:36 - 2014-10-13 11:39 - 00005098 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop
2015-01-11 21:27 - 2014-08-30 10:11 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 21:18 - 2014-08-29 19:00 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2221901762-3814291360-2724073944-1008
2015-01-11 21:15 - 2014-05-10 22:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-11 21:14 - 2014-08-29 18:57 - 00000000 ___DO () C:\Users\neidk_000\OneDrive
2015-01-11 21:13 - 2014-08-30 10:11 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 21:13 - 2014-03-09 04:26 - 00000360 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job
2015-01-11 21:13 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-11 21:12 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-11 21:05 - 2014-09-15 14:54 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mozilla
2015-01-11 21:05 - 2014-06-30 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-11 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-11 18:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-01-11 17:45 - 2014-08-29 20:21 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\CrashDumps
2015-01-11 17:36 - 2014-08-29 20:22 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C1D29E9-C5FF-48A4-BBAC-153ABBB78187}
2015-01-09 21:01 - 2014-09-16 22:59 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\uTorrent
2015-01-09 17:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-31 12:14 - 2014-05-12 19:19 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-23 19:25 - 2014-09-25 08:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-20 13:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-19 23:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 18:06 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-16 20:12 - 2014-09-28 17:53 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Battle.net
2014-12-15 18:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 10:30 - 2014-03-09 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-12-14 10:14 - 2014-05-12 20:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-14 10:14 - 2014-03-09 03:33 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-14 10:14 - 2013-04-25 00:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-13 17:28 - 2014-08-30 10:21 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 18:33 - 2014-03-08 21:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-12 18:28 - 2014-03-08 21:28 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-12 18:10 - 2013-11-14 08:28 - 02048344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-12 18:10 - 2013-02-22 10:19 - 00992884 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-12 18:10 - 2013-02-22 10:19 - 00205286 _____ () C:\WINDOWS\system32\perfc00C.dat
Some content of TEMP:
====================
C:\Users\neidk_000\AppData\Local\Temp\Quarantine.exe
C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe
C:\Users\neidk_000\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-02 16:17
==================== End Of Log ============================
Addition.txt :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by neidk_000 at 2015-01-11 21:43:45
Running from C:\Users\neidk_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\{1AE65157-6E14-49AF-98DF-447927FBC142}) (Version: 0.7.9.844 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1304.1501 - Micro-Star International Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hybrid Power (HKLM-x32\...\InstallShield_{C07F934A-3253-4740-86B8-22BA5F571E6E}) (Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.)
Hybrid Power (x32 Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mises à jour NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI)
MSI Social Media Collection (HKLM-x32\...\{5EE31A9B-EA26-41EA-B4B6-73910C5E06DC}) (Version: 1.13.0123 - MSI)
Mumble 1.2.7 (HKLM-x32\...\{1FC198EF-5C3F-4C2A-99AC-22DE9B3FBFDE}) (Version: 1.2.7 - Thorvald Natvig)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Pilote graphique 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Panneau de configuration NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1027 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{5172DE8A-2640-474E-B89F-A04A90312A74}) (Version: 10.013.04183 - Application)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
Xilisoft Convertisseur Audio Pro (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Xilisoft Convertisseur Audio Pro) (Version: 6.5.0.20131129 - Xilisoft)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
28-12-2014 17:53:32 Scheduled Checkpoint
02-01-2015 16:41:40 Installed Mumble 1.2.7
11-01-2015 18:56:53 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {085681CF-C1D6-4990-93B8-550EACEC6D27} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: {0A9CA613-AEEE-46B3-983B-059BB605F10F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {33AC9125-901C-4F49-B513-3B0E318B3CB0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {411DB85B-A13D-4B3D-A66B-5844C944FD4E} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: {42D418C7-EED1-49A6-A203-0F73C3E9C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {470FC0D9-ECC6-423D-AE36-A5BACB5A6364} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4C4A48F0-005C-44E6-A3E3-F4542B3A9CD8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {84DBC868-4B4A-4CBF-AC88-213B1FD13728} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {CEF85E56-852B-44AA-B5B9-6973659344AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {D8032F32-6996-4163-BF44-03E846086D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {DA52A849-A2FB-46D4-815C-65D8D8312F2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {DF9A794A-A359-4224-8994-F97663F8FC6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {EE4CFE7A-1166-4536-B24B-060F687413AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {FA2926E2-7D40-473A-AA33-51FF71C33274} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {FBF221CE-6C8C-4ABB-8932-7CFA023FD5E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?
==================== Loaded Modules (whitelisted) =============
2014-03-24 23:29 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-24 23:35 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-10 12:21 - 2009-08-13 11:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-09-26 11:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-24 23:29 - 2012-11-01 19:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-09-20 16:51 - 2013-09-20 16:51 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 23:29 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2013-04-24 23:12 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\neidk_000\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2221901762-3814291360-2724073944-500 - Administrator - Disabled)
Guest (S-1-5-21-2221901762-3814291360-2724073944-501 - Limited - Disabled)
neidk_000 (S-1-5-21-2221901762-3814291360-2724073944-1008 - Administrator - Enabled) => C:\Users\neidk_000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01
Nom du module défaillant : delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00037db3
ID du processus défaillant : 0x1964
Heure de début de l’application défaillante : 0xdelegate_execute.exe0
Chemin d’accès de l’application défaillante : delegate_execute.exe1
Chemin d’accès du module défaillant: delegate_execute.exe2
ID de rapport : delegate_execute.exe3
Nom complet du package défaillant : delegate_execute.exe4
ID de l’application relative au package défaillant : delegate_execute.exe5
Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/06/2015 09:48:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/06/2015 09:38:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme LiveComm.exe version 17.5.9600.20689 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
ID de processus : 1194
Heure de début : 01d029d7f08801ee
Heure de fin : 4294967295
Chemin d’accès de l’application : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
ID de rapport : f9277efe-95e3-11e4-bea9-8c89a50b21a3
Nom complet du package défaillant : microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (01/11/2015 09:13:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/11/2015 09:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/11/2015 09:12:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Service de l’iPod s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Restart the service.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® ME Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® Rapid Storage Technology s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Bluetooth OBEX Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Bluetooth Device Monitor s’est terminé de façon inattendue pour la 1ème fois.
Microsoft Office Sessions:
=========================
Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db3196401d02dbde9974f2fC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe2bd7641c-99b1-11e4-bea9-8c89a50b21a3
Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/06/2015 09:48:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/06/2015 09:38:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689119401d029d7f08801ee4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef9277efe-95e3-11e4-bea9-8c89a50b21a3microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
CodeIntegrity Errors:
===================================
Date: 2015-01-02 16:54:33.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:17.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:16.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:15.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-31 23:17:42.454
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-31 23:17:42.325
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-26 14:06:50.111
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-26 14:06:49.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-14 19:02:14.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 19:01:33.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8079.39 MB
Available physical RAM: 4364.36 MB
Total Pagefile: 9359.39 MB
Available Pagefile: 5965.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:418.84 GB) (Free:305.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:259.59 GB) (Free:152.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 457CE740)
Partition: GPT Partition Type.
==================== End Of Log ============================
Thanks a lot for your much appreciated work.
KakOkA

Share this post


Link to post
Share on other sites

Hi KakOkA,

 

Did you let AdwCleaner removed everything it found?

 

Did the ads start when you installed the "1click timer" extension in Google Chrome January 8th?

I can't find much information about that extension.

 

Do you have synchronization in Firefox or in Chrome?

Synchronization can restore unwanted settings and add-ons.

 

Please, start Notepad.

Copy all text that is in the box:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL = 
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Folder: C:\Program Files (x86)\sAlEpruizEss
Folder: C:\Program Files (x86)\brOOwwseaandshoP
Folder: C:\ProgramData\sAlEpruizEss
Folder: C:\ProgramData\brOOwwseaandshoP
Folder: C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites

Thanks for your prompt response.

 

Yes, I let Adwcleaner remove everything it found.

 

I have taken off the synchronization for extensions/parameters in Chrome, and deleted Firefox from my computer, as I have no use for it.

 

Here is the fixlog report:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by neidk_000 at 2015-01-12 18:51:34 Run:1
Running from C:\Users\neidk_000\Desktop
Loaded Profile: neidk_000 (Available profiles: neidk_000)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Folder: C:\Program Files (x86)\sAlEpruizEss
Folder: C:\Program Files (x86)\brOOwwseaandshoP
Folder: C:\ProgramData\sAlEpruizEss
Folder: C:\ProgramData\brOOwwseaandshoP
Folder: C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B525AD4-BE12-4287-BFEC-8D30A20D68B5}" => Key deleted successfully.
HKCR\CLSID\{4B525AD4-BE12-4287-BFEC-8D30A20D68B5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
========================= Folder: C:\Program Files (x86)\sAlEpruizEss ========================
====== End of Folder: ======
========================= Folder: C:\Program Files (x86)\brOOwwseaandshoP ========================
====== End of Folder: ======
========================= Folder: C:\ProgramData\sAlEpruizEss ========================
====== End of Folder: ======
========================= Folder: C:\ProgramData\brOOwwseaandshoP ========================
====== End of Folder: ======
========================= Folder: C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb ========================
2015-01-08 19:08 - 2015-01-08 19:08 - 0022155 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\Az2al.js
2015-01-08 19:08 - 2015-01-08 19:08 - 0000112 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\background.html
2015-01-08 19:08 - 2015-01-08 19:08 - 0000360 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\IDskf4E7u.js
2015-01-08 19:08 - 2015-01-08 19:08 - 0000364 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\lS8kn0.js
2015-01-08 19:08 - 2015-01-08 19:08 - 0000839 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\manifest.json
====== End of Folder: ======
The system needed a reboot.
==== End of Fixlog 18:51:34 ====

Share this post


Link to post
Share on other sites

1. Those folders can be removed, too.

 

Please, start Notepad.

Copy all text that is in the box:

C:\Program Files (x86)\sAlEpruizEss
C:\Program Files (x86)\brOOwwseaandshoP
C:\ProgramData\sAlEpruizEss
C:\ProgramData\brOOwwseaandshoP
C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

 

2. Let Ad-Aware and Malwarebytes Anti-Malware do a full scan of your computer.

Tell us the result, please

 

 

3. To get one more opinion, you need to do an online scan.

Please, run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/

To shorten the scanning time disable your antivirus program while scanning.

 

Select Enable detection of potentially unwanted applications.

Click Advanced Settings.

 

Deselect Remove found threats.

 

Select:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Click Start.

 

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply, please.

 

 

4. Please, start FRST.

Select Addition.txt.

Let FRST scan the computer.

Paste the two log files into your reply and I'll check if they are clean.

Share this post


Link to post
Share on other sites

Thanks again for your quick response.

 

1. Here is the fixlog report:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by neidk_000 at 2015-01-12 20:59:58 Run:2
Running from C:\Users\neidk_000\Desktop
Loaded Profile: neidk_000 (Available profiles: neidk_000)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files (x86)\sAlEpruizEss
C:\Program Files (x86)\brOOwwseaandshoP
C:\ProgramData\sAlEpruizEss
C:\ProgramData\brOOwwseaandshoP
C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb
*****************
C:\Program Files (x86)\sAlEpruizEss => Moved successfully.
C:\Program Files (x86)\brOOwwseaandshoP => Moved successfully.
C:\ProgramData\sAlEpruizEss => Moved successfully.
C:\ProgramData\brOOwwseaandshoP => Moved successfully.
C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb => Moved successfully.
==== End of Fixlog 20:59:58 ====
2. I've done a full scan with both of these and there was nothing infected and/or malicious found. Here is the report from Malwarebytes :
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/01/2015
Scan Time: 21:05:00
Logfile: Malwarebytes.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.12.08
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: neidk_000
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363202
Time Elapsed: 8 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
3. Here is the report from ESET Online Scanner, these were the threats found (haven't removed them yet) :
C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf\163\KtbcxK.js JS/Kryptik.ATB trojan
C:\Users\neidk_000\AppData\Local\Microsoft\Windows\INetCache\IE\5PTUR3TZ\ReimagePackage1803x64b[1].exe a variant of Win32/ReImageRepair.B potentially unwanted application
C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe a variant of Win32/ReImageRepair.B potentially unwanted application
C:\Users\neidk_000\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\neidk_000\Downloads\setup_syncios.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\neidk_000\Downloads\smart-defrag-setup.exe a variant of Win32/OpenCandy.C potentially unsafe application
4. FRST.TXT:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by neidk_000 (administrator) on AYYA-LAPTOP on 12-01-2015 22:54:50
Running from C:\Users\neidk_000\Desktop
Loaded Profile: neidk_000 (Available profiles: neidk_000)
Platform: Windows 8.1 (X64) OS Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxdncoms.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\neidk_000\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{566FF924-4929-471D-A511-91D26E3B30EC}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> DefaultScope {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL =
SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30]
CHR Extension: (Google Docs) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30]
CHR Extension: (YouTube) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30]
CHR Extension: (Recherche Google) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30]
CHR Extension: (Google Sheets) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30]
CHR Extension: (Barre de Confiance CM-CIC) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjkhaeogkeelkioellpgcebmekedpag [2014-08-30]
CHR Extension: (1click timer) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3885264 2013-08-29] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300352 2014-11-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 Razerlow; C:\Windows\system32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 22:54 - 2015-01-12 22:55 - 00018627 _____ () C:\Users\neidk_000\Desktop\FRST.txt
2015-01-12 22:52 - 2015-01-12 22:52 - 00000776 _____ () C:\Users\neidk_000\Desktop\EST Report.txt
2015-01-12 21:16 - 2015-01-12 21:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-12 21:15 - 2015-01-12 21:15 - 00000000 __SHD () C:\Users\neidk_000\AppData\Local\EmieBrowserModeList
2015-01-12 21:14 - 2015-01-12 21:14 - 00001053 _____ () C:\Users\neidk_000\Desktop\Malwarebytes.txt
2015-01-12 21:03 - 2015-01-12 21:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 21:03 - 2015-01-12 21:03 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-12 21:03 - 2015-01-12 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 21:03 - 2015-01-12 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 21:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-12 21:03 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-12 21:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-12 21:00 - 2015-01-12 21:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-11 21:43 - 2015-01-12 22:54 - 00000000 ____D () C:\FRST
2015-01-11 21:43 - 2015-01-11 21:44 - 00039321 _____ () C:\Users\neidk_000\Downloads\Addition.txt
2015-01-11 21:43 - 2015-01-11 21:44 - 00030864 _____ () C:\Users\neidk_000\Downloads\FRST.txt
2015-01-11 21:42 - 2015-01-11 21:42 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe
2015-01-11 21:40 - 2015-01-11 21:40 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Lavasoft
2015-01-11 21:25 - 2015-01-12 18:52 - 00002355 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\LavasoftStatistics
2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-11 21:23 - 2015-01-11 21:23 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-11 21:21 - 2015-01-11 21:21 - 02124288 _____ (Farbar) C:\Users\neidk_000\Desktop\FRST64 (1).exe
2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-11 21:20 - 2015-01-11 21:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-11 21:19 - 2015-01-11 21:19 - 01707144 _____ () C:\Users\neidk_000\Downloads\Adaware_Installer-11.2.5952.exe
2015-01-11 21:18 - 2015-01-11 21:18 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64.exe
2015-01-11 21:10 - 2015-01-11 21:12 - 00000000 ____D () C:\AdwCleaner
2015-01-11 21:08 - 2015-01-11 21:09 - 02173952 _____ () C:\Users\neidk_000\Downloads\AdwCleaner-4.106.exe
2015-01-11 20:10 - 2015-01-11 20:10 - 00775968 _____ (Reimage®) C:\Users\neidk_000\Downloads\ReimageRepair.exe
2015-01-11 18:12 - 2015-01-12 18:11 - 00014744 _____ () C:\WINDOWS\PFRO.log
2015-01-11 18:12 - 2015-01-11 18:13 - 00480024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-11 17:56 - 2015-01-11 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 17:48 - 2015-01-11 17:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-07 17:58 - 2015-01-11 21:38 - 00000000 ____D () C:\Program Files (x86)\desktopbeautifier
2015-01-06 21:39 - 2015-01-06 21:39 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Macromedia
2015-01-02 16:54 - 2015-01-02 16:54 - 00002393 _____ () C:\Users\neidk_000\Documents\MumbleAutomaticCertificateBackup.p12
2015-01-02 16:53 - 2015-01-03 14:12 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mumble
2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-01-02 16:35 - 2015-01-02 16:36 - 16232960 _____ () C:\Users\neidk_000\Downloads\mumble_1-2-7_fr_43179.msi
2015-01-02 12:38 - 2015-01-02 12:38 - 00011361 _____ () C:\Users\neidk_000\Downloads\WarriorProcAlert-r67.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 01322876 _____ () C:\Users\neidk_000\Downloads\DBM-4.52-r4442-Core-and-##No spam-Mods.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 00357076 _____ () C:\Users\neidk_000\Downloads\Recount-v4.0.1_release.zip
2015-01-01 23:44 - 2015-01-01 23:44 - 00071612 _____ () C:\Users\neidk_000\Downloads\omnicc-6.0.10.zip
2015-01-01 16:34 - 2015-01-01 16:34 - 00000000 ____D () C:\Users\neidk_000\Downloads\realmlist
2015-01-01 16:33 - 2015-01-01 16:33 - 00000117 _____ () C:\Users\neidk_000\Downloads\realmlist.rar
2015-01-01 16:27 - 2015-01-01 16:27 - 00002030 _____ () C:\Users\neidk_000\Desktop\World of Warcraft 3.3.5 Ivalice - Raccourci.lnk
2015-01-01 16:27 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment
2014-12-29 18:07 - 2014-12-29 18:07 - 00063589 _____ () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice_open.torrent
2014-12-29 18:07 - 2014-12-29 18:07 - 00000000 ____D () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice
2014-12-22 18:35 - 2014-12-22 18:35 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\4kdownload.com
2014-12-22 18:27 - 2014-12-22 18:29 - 23859608 _____ (Open Media LLC ) C:\Users\neidk_000\Downloads\4kvideodownloader_3.4.exe
2014-12-20 01:36 - 2015-01-12 18:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-15 23:21 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-15 23:21 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-14 18:59 - 2015-01-09 21:01 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\TS3Client
2014-12-14 12:00 - 2015-01-12 19:32 - 01626159 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 11:34 - 2014-12-14 11:34 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\GlarySoft
2014-12-14 10:37 - 2014-12-14 10:37 - 00000000 ____D () C:\ProgramData\IObit
2014-12-14 10:37 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-12-14 10:37 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\IObit
2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-14 10:35 - 2014-12-14 10:36 - 12270960 _____ (IObit ) C:\Users\neidk_000\Downloads\smart-defrag-setup.exe
2014-12-14 09:51 - 2014-12-14 09:51 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-14 09:50 - 2014-12-14 09:52 - 17528608 _____ (IObit) C:\Users\neidk_000\Downloads\iobituninstaller.exe
2014-12-14 09:49 - 2014-12-14 09:50 - 05162080 _____ (Piriform Ltd) C:\Users\neidk_000\Downloads\ccsetup500.exe
2014-12-14 09:47 - 2015-01-11 21:04 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\DigitalVolcano
2014-12-14 09:45 - 2014-12-14 09:45 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\neidk_000\Downloads\DuplicateCleaner_setup [1].exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 22:27 - 2014-08-30 10:11 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 22:15 - 2014-05-10 22:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-12 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-12 21:48 - 2014-08-29 19:00 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2221901762-3814291360-2724073944-1008
2015-01-12 19:04 - 2014-10-13 11:39 - 00005100 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop
2015-01-12 18:58 - 2014-08-30 10:11 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 18:53 - 2014-08-29 18:57 - 00000000 ___DO () C:\Users\neidk_000\OneDrive
2015-01-12 18:52 - 2014-03-09 04:26 - 00000360 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job
2015-01-12 18:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-12 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-01-12 18:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-12 18:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-12 18:14 - 2014-08-29 20:22 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C1D29E9-C5FF-48A4-BBAC-153ABBB78187}
2015-01-11 21:05 - 2014-09-15 14:54 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mozilla
2015-01-11 21:05 - 2014-06-30 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-11 18:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-01-11 17:45 - 2014-08-29 20:21 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\CrashDumps
2015-01-09 21:01 - 2014-09-16 22:59 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\uTorrent
2014-12-31 12:14 - 2014-05-12 19:19 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-23 19:25 - 2014-09-25 08:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-20 13:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-19 23:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 18:06 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-16 20:12 - 2014-09-28 17:53 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Battle.net
2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 10:30 - 2014-03-09 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-12-14 10:14 - 2014-05-12 20:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-14 10:14 - 2014-03-09 03:33 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-14 10:14 - 2013-04-25 00:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-13 17:28 - 2014-08-30 10:21 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
Some content of TEMP:
====================
C:\Users\neidk_000\AppData\Local\Temp\Quarantine.exe
C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe
C:\Users\neidk_000\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-12 18:21
==================== End Of Log ============================
Addition.txt :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by neidk_000 at 2015-01-12 22:55:19
Running from C:\Users\neidk_000\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\{1AE65157-6E14-49AF-98DF-447927FBC142}) (Version: 0.7.9.844 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1304.1501 - Micro-Star International Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hybrid Power (HKLM-x32\...\InstallShield_{C07F934A-3253-4740-86B8-22BA5F571E6E}) (Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.)
Hybrid Power (x32 Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mises à jour NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI)
MSI Social Media Collection (HKLM-x32\...\{5EE31A9B-EA26-41EA-B4B6-73910C5E06DC}) (Version: 1.13.0123 - MSI)
Mumble 1.2.7 (HKLM-x32\...\{1FC198EF-5C3F-4C2A-99AC-22DE9B3FBFDE}) (Version: 1.2.7 - Thorvald Natvig)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Pilote graphique 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Panneau de configuration NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1027 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{5172DE8A-2640-474E-B89F-A04A90312A74}) (Version: 10.013.04183 - Application)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
Xilisoft Convertisseur Audio Pro (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Xilisoft Convertisseur Audio Pro) (Version: 6.5.0.20131129 - Xilisoft)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
28-12-2014 17:53:32 Scheduled Checkpoint
02-01-2015 16:41:40 Installed Mumble 1.2.7
11-01-2015 18:56:53 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A9CA613-AEEE-46B3-983B-059BB605F10F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {33AC9125-901C-4F49-B513-3B0E318B3CB0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {411DB85B-A13D-4B3D-A66B-5844C944FD4E} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: {42D418C7-EED1-49A6-A203-0F73C3E9C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {470FC0D9-ECC6-423D-AE36-A5BACB5A6364} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4C4A48F0-005C-44E6-A3E3-F4542B3A9CD8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {84DBC868-4B4A-4CBF-AC88-213B1FD13728} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B00C335E-DB90-4A25-BF31-DEC2515093AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: {CEF85E56-852B-44AA-B5B9-6973659344AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {D8032F32-6996-4163-BF44-03E846086D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {DA52A849-A2FB-46D4-815C-65D8D8312F2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {DF9A794A-A359-4224-8994-F97663F8FC6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {EE4CFE7A-1166-4536-B24B-060F687413AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {FA2926E2-7D40-473A-AA33-51FF71C33274} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {FBF221CE-6C8C-4ABB-8932-7CFA023FD5E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-03-24 23:29 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-24 23:35 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-10 12:21 - 2009-08-13 11:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-09-26 11:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-24 23:29 - 2012-11-01 19:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2013-09-20 16:51 - 2013-09-20 16:51 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 23:29 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-24 23:12 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\neidk_000\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2221901762-3814291360-2724073944-500 - Administrator - Disabled)
Guest (S-1-5-21-2221901762-3814291360-2724073944-501 - Limited - Disabled)
neidk_000 (S-1-5-21-2221901762-3814291360-2724073944-1008 - Administrator - Enabled) => C:\Users\neidk_000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/12/2015 09:16:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: La création du contexte d’activation a échoué pour « C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2 » à la ligne C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (01/12/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01
Nom du module défaillant : delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00037db3
ID du processus défaillant : 0x1964
Heure de début de l’application défaillante : 0xdelegate_execute.exe0
Chemin d’accès de l’application défaillante : delegate_execute.exe1
Chemin d’accès du module défaillant: delegate_execute.exe2
ID de rapport : delegate_execute.exe3
Nom complet du package défaillant : delegate_execute.exe4
ID de l’application relative au package défaillant : delegate_execute.exe5
Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
System errors:
=============
Error: (01/12/2015 06:52:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/12/2015 06:52:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/12/2015 06:11:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/12/2015 06:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (01/11/2015 10:16:45 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/11/2015 10:16:45 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/11/2015 10:16:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (01/12/2015 09:16:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\neidk_000\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe
Error: (01/12/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db3196401d02dbde9974f2fC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe2bd7641c-99b1-11e4-bea9-8c89a50b21a3
Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
CodeIntegrity Errors:
===================================
Date: 2015-01-02 16:54:33.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:17.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:16.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-02 16:54:15.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-31 23:17:42.454
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-31 23:17:42.325
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-26 14:06:50.111
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-26 14:06:49.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-14 19:02:14.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 19:01:33.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8079.39 MB
Available physical RAM: 4685.48 MB
Total Pagefile: 9359.39 MB
Available Pagefile: 6452.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:418.84 GB) (Free:303.65 GB) NTFS
Drive d: (Data) (Fixed) (Total:259.59 GB) (Free:152.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 457CE740)
Partition: GPT Partition Type.
==================== End Of Log ============================
Thanks for the work ! ☺

 

Share this post


Link to post
Share on other sites

1.

C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf\163\KtbcxK.js JS/Kryptik.ATB trojan

A malicious extension to Chrome, it will be removed with the script below. It's the "1click timer" extension I asked you about in a previous post.

 

C:\Users\neidk_000\AppData\Local\Microsoft\Windows\INetCache\IE\5PTUR3TZ\ReimagePackage1803x64b[1].exe a variant of Win32/ReImageRepair.B potentially unwanted application

A file downloaded by Internet Explorer.

 

C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe a variant of Win32/ReImageRepair.B potentially unwanted application

Stored in a temporary folder, probably during installation.

 

C:\Users\neidk_000\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\neidk_000\Downloads\setup_syncios.exe a variant of Win32/OpenCandy.C potentially unsafe application

C:\Users\neidk_000\Downloads\smart-defrag-setup.exe a variant of Win32/OpenCandy.C potentially unsafe application

Installation files in the Downloads folder that have bundled toolbar or other unnecessary programs. You have to decide if you want to keep them.

 

 

2. Please, start Notepad.

Copy all text that is in the box:

CHR Extension: (1click timer) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-01-08]
C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

 

3. Have all ads by lowprices/buzzwok disappeared now?

Do you have any other questions before I give you the instructions for uninstallation of FRST?

Share this post


Link to post
Share on other sites

Everything seems to be smooth now.. No more ads from these guys, thank you very much for your work !!

 

Awaiting your instructions for uninstallation of FRST.

Share this post


Link to post
Share on other sites

Great!

You're welcome :)

 

Time for final clean-up.

 

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

 

You uninstall AdwCleaner by starting it and then clicking its Uninstall button.

 

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this