TechSpot

Conhost.exe virus

By eroamago
May 11, 2015
  1. Hello there, I'd like a little help here
    There are dozens of conhost.exe instances running, dozens of cmd.exe, ctfmon even notepad and others system processes, I can't stop them, I cant kill the processes outside the safe mode, in the safe mode I can kill all of them, and after some seconds one will appear and will start to replicate into others.

    They are drawing almost 100% from CPU. The PC is really slow, I am using anti-virus ESET NOD32 Antivirus 8, the scans do not detect viruses, they dont even detect most of the processes running, I am fightining against this thing already for ten hours, no "normal way" can make it go away. (it will only run if the internet is on)
    I think they are downloading more viruses; malwarebytes anti malware detected more than 30 viruses named trojanfakeMS.ed and is still finding more since last night, sometimes pops out that it blocked a suspicious internet adress, they are always different (the adresses).

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
    Ran by TheThunderT (administrator) on THETHUNDERTMACH on 11-05-2015 01:19:43
    Running from C:\Users\TheThunderT\Downloads
    Loaded Profiles: TheThunderT (Available profiles: TheThunderT & Thunder`s Disciple)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-09-22] (Speedbit Ltd.)
    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\MountPoints2: {facf3b77-23dd-11e3-ad63-002354fbdf37} - G:\SETUP.EXE
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-05-18] (IObit)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
    BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-09-22] (Speedbit Ltd.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Hosts: 91.121.69.54 l2authd.lineage2.com
    Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.107

    FireFox:
    ========
    FF ProfilePath: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default
    FF NewTab: about:blank
    FF SelectedSearchEngine: Google
    FF NetworkProxy: "autoconfig_url", "http://111.13.109.51/"
    FF NetworkProxy: "type", 2
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: facebook.com/fbDesktopPlugin -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
    FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\searchplugins\ZenSearch.xml [2014-05-12]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-11-29]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-11-29]
    FF Extension: ZenSearch - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\Extensions\ZenSearch@ZenSearch.com [2014-04-30]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-29]
    FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
    FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-09-22]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-21]
    FF HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: No Name - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\extensions\ascsurfingprotection@iobit.com [Not Found]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR DefaultSearchKeyword: Default ->
    CHR DefaultSearchURL: Default ->
    CHR Profile: C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (AdBlock) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
    CHR Extension: (Bookmark Manager) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
    CHR Extension: (Skype Click to Call) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-09]
    CHR Extension: (Google Wallet) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-12]
    CHR Extension: (Speedbit New Tab) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo [2014-09-12]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
    S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
    S4 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
    R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 MySQL; C:\Program Files\MySQL\MySQL Server 6.0\my.ini [9258 2014-06-25] () [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
    S4 npggsvc; C:\Windows\system32\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-09-25] () [File not signed]
    S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-06-16] ()
    R3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-04] (Disc Soft Ltd)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
    R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-22] (GFI Software)
    S3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [29824 2007-09-03] (IC Plus Corp. )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
    S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2009-04-06] (INCA Internet Co., Ltd.) [File not signed]
    S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
    S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
    U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
    S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
    S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
    S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-11 01:19 - 2015-05-11 01:20 - 00017055 _____ () C:\Users\TheThunderT\Downloads\FRST.txt
    2015-05-11 01:19 - 2015-05-11 01:19 - 00000000 ____D () C:\FRST
    2015-05-11 01:09 - 2015-05-11 01:09 - 01141248 _____ (Farbar) C:\Users\TheThunderT\Downloads\FRST.exe
    2015-05-11 00:59 - 2015-05-11 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-11 00:57 - 2015-05-11 00:57 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-05-11 00:57 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-11 00:57 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-05-11 00:57 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022 (1).exe
    2015-05-11 00:41 - 2015-05-11 00:41 - 00114384 _____ () C:\Users\TheThunderT\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-11 00:41 - 2015-05-11 00:41 - 00000552 _____ () C:\Windows\system32\spsys.log
    2015-05-11 00:40 - 2015-05-11 00:40 - 00444656 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-11 00:18 - 2015-05-11 00:18 - 00001603 _____ () C:\Users\TheThunderT\Documents\asdsagadfgdafg.txt
    2015-05-10 19:42 - 2015-05-10 20:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-10 19:15 - 2015-05-10 19:16 - 04993624 _____ () C:\Users\TheThunderT\Desktop\RogueKillerCMD.exe
    2015-05-10 17:21 - 2015-05-10 17:21 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\ESET
    2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\ESET
    2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Program Files\ESET
    2015-05-10 15:40 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-05-10 15:38 - 2015-05-11 00:47 - 00459599 _____ () C:\Windows\WindowsUpdate.log
    2015-05-10 15:30 - 2015-05-11 00:40 - 00000327 _____ () C:\Windows\setupact.log
    2015-05-10 15:30 - 2015-05-10 15:30 - 00000000 _____ () C:\Windows\setuperr.log
    2015-05-10 15:29 - 2015-05-10 18:51 - 00478386 _____ () C:\Windows\PFRO.log
    2015-05-10 15:24 - 2015-05-10 15:25 - 67321856 _____ () C:\Users\TheThunderT\Downloads\eav_nt32_enu.msi
    2015-05-10 15:20 - 2015-05-10 15:20 - 00000000 ____D () C:\zoek_backup
    2015-05-10 15:14 - 2015-05-10 15:14 - 01308672 _____ () C:\Users\TheThunderT\Downloads\zoek.exe
    2015-05-10 15:12 - 2015-05-10 15:27 - 00000000 ____D () C:\AdwCleaner
    2015-05-10 15:09 - 2015-05-10 15:09 - 02204160 _____ () C:\Users\TheThunderT\Downloads\adwcleaner_4.203.exe
    2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-05-10 14:58 - 2015-05-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\TheThunderT\Downloads\revosetup.exe
    2015-05-10 14:34 - 2015-05-10 14:34 - 00001374 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143334.reg
    2015-05-10 14:33 - 2015-05-10 14:33 - 00010220 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143220.reg
    2015-05-10 14:31 - 2015-05-10 14:31 - 00030098 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143042.reg
    2015-05-10 14:19 - 2015-05-10 14:19 - 00000000 ____D () C:\Windows\system32\vbox
    2015-05-10 13:57 - 2015-05-10 13:59 - 00372182 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_135544.reg
    2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-10 13:11 - 2015-05-10 13:12 - 06484352 _____ (Piriform Ltd) C:\Users\TheThunderT\Downloads\ccsetup505 (1).exe
    2015-05-10 00:49 - 2015-05-10 00:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2015-05-10 00:45 - 2015-05-10 00:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\TheThunderT\Downloads\tdsskiller.exe
    2015-05-09 23:45 - 2015-05-10 18:51 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-05-09 23:44 - 2015-05-09 23:44 - 05481336 _____ (Avast Software s.r.o.) C:\Users\TheThunderT\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-05-09 22:45 - 2015-05-10 00:54 - 00000000 __SHD () C:\ProgramData\Windows Search 5.3.10
    2015-05-09 21:18 - 2015-05-09 21:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
    2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 ____D () C:\Users\TheThunderT\Downloads\l2tower
    2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p.txt
    2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p (1).txt
    2015-04-29 22:33 - 2015-04-29 22:33 - 00021782 _____ () C:\Users\TheThunderT\Downloads\game.of.thrones.high.sparrow.(2015).por.1cd.(6116667).zip
    2015-04-28 22:29 - 2015-05-04 03:31 - 00048640 _____ () C:\Users\TheThunderT\Downloads\BPS.xls
    2015-04-24 00:13 - 2015-04-24 00:21 - 540805585 _____ () C:\Users\TheThunderT\Downloads\l2WoE-Pach 2.1.rar
    2015-04-22 21:47 - 2015-04-22 21:47 - 00000000 __SHD () C:\Users\TheThunderT\AppData\Local\EmieBrowserModeList
    2015-04-17 14:38 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-17 14:38 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-17 14:38 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-17 14:38 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-17 14:38 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-17 14:38 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-17 14:38 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-11 01:01 - 2013-09-22 19:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-11 00:47 - 2013-09-22 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-11 00:40 - 2014-04-30 18:46 - 00000390 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-05-11 00:40 - 2013-09-22 20:29 - 00000000 ____D () C:\ProgramData\TEMP
    2015-05-11 00:40 - 2013-09-22 19:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-11 00:40 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-10 23:57 - 2013-08-30 00:43 - 00000000 ____D () C:\Users\TheThunderT
    2015-05-10 23:56 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
    2015-05-10 18:00 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
    2015-05-10 17:23 - 2013-09-22 20:18 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job
    2015-05-10 15:30 - 2013-09-22 21:02 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\adawarebp
    2015-05-10 15:27 - 2013-09-24 22:28 - 00000000 ____D () C:\Users\Thunder`s Disciple
    2015-05-10 15:00 - 2013-10-23 09:05 - 00000000 ____D () C:\Program Files\Wondershare
    2015-05-10 14:50 - 2013-09-22 23:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-05-10 14:47 - 2013-09-22 20:04 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\uTorrent
    2015-05-10 14:41 - 2015-03-21 11:18 - 00000000 ____D () C:\Program Files\Yahoo!
    2015-05-10 14:36 - 2013-09-22 21:02 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
    2015-05-10 13:43 - 2014-10-01 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\PhotoScape
    2015-05-10 13:43 - 2014-09-12 22:02 - 00000000 ____D () C:\Program Files\Steam
    2015-05-10 13:43 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\DAEMON Tools Lite
    2015-05-10 13:42 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\TS3Client
    2015-05-10 13:40 - 2013-09-22 20:23 - 00000000 ____D () C:\Windows\Minidump
    2015-05-10 13:40 - 2013-09-22 09:25 - 00000000 ____D () C:\Windows\Panther
    2015-05-10 12:39 - 2013-09-22 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-05-10 12:39 - 2013-09-22 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-05-10 01:16 - 2015-01-18 15:35 - 00000000 ____D () C:\Program Files\BEAST Cabal
    2015-05-09 21:55 - 2013-09-22 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\Skype
    2015-05-09 21:20 - 2015-01-29 01:58 - 00000000 ____D () C:\Program Files\Lineage II
    2015-05-09 20:23 - 2013-09-22 20:18 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job
    2015-05-04 10:04 - 2013-09-22 21:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-05-04 10:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-05-04 10:03 - 2013-09-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-04 10:02 - 2009-07-13 23:04 - 00000513 _____ () C:\Windows\win.ini
    2015-05-04 09:52 - 2014-10-03 20:53 - 00000000 ___RD () C:\Program Files\Skype
    2015-05-04 09:52 - 2013-09-22 23:07 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-22 15:28 - 2009-07-14 01:53 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-21 21:53 - 2015-03-28 19:50 - 00000109 _____ () C:\Users\TheThunderT\Documents\aaaaaaaaaaaaaa.txt
    2015-04-19 13:39 - 2013-11-06 15:47 - 00000000 ____D () C:\Program Files\VDownloader
    2015-04-17 17:46 - 2013-11-06 15:47 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\VDownloader
    2015-04-17 00:55 - 2014-04-20 01:48 - 00000000 ____D () C:\Program Files\Common Files\Steam

    ==================== Files in the root of some directories =======

    2013-11-06 15:47 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
    2014-11-27 23:24 - 2014-11-27 23:24 - 0000017 _____ () C:\Users\TheThunderT\AppData\Local\resmon.resmoncfg
    2013-11-06 15:47 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
    2014-03-21 10:27 - 2014-03-21 10:27 - 0000464 _____ () C:\ProgramData\HirezPipeError.txt
    2015-03-21 10:51 - 2015-03-21 11:21 - 0000363 _____ () C:\ProgramData\hpzinstall.log
    2013-11-06 15:47 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico

    Some content of TEMP:
    ====================
    C:\Users\TheThunderT\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\TheThunderT\AppData\Local\Temp\InstHelper.exe
    C:\Users\TheThunderT\AppData\Local\Temp\Quarantine.exe
    C:\Users\TheThunderT\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-04 08:11

    ==================== End Of Log ============================
     
  2. eroamago

    eroamago TS Rookie Topic Starter

    #############################################ADDITION

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
    Ran by TheThunderT at 2015-05-11 01:21:01
    Running from C:\Users\TheThunderT\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-954720486-3091679152-3473616162-500 - Administrator - Disabled)
    Guest (S-1-5-21-954720486-3091679152-3473616162-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-954720486-3091679152-3473616162-1002 - Limited - Enabled)
    TheThunderT (S-1-5-21-954720486-3091679152-3473616162-1001 - Administrator - Enabled) => C:\Users\TheThunderT
    Thunder`s Disciple (S-1-5-21-954720486-3091679152-3473616162-1003 - Limited - Enabled) => C:\Users\Thunder`s Disciple

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
    32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    AMD Catalyst Install Manager (HKLM\...\{12D800D0-F5F0-7B02-9876-D3EFF5B1FFDF}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AP Tuner 3.08 (HKLM\...\AP Tuner 3.08) (Version: - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
    Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10053 (Build 2558) - Speedbit Ltd.)
    Easy GIF Animator 6.1 (HKLM\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals)
    EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    ESET NOD32 Antivirus (HKLM\...\{B096B8AB-C3BD-4801-A731-D2B94643DA86}) (Version: 8.0.312.0 - ESET, spol s r. o.)
    Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Fraps (remove only) (HKLM\...\Fraps) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Happy Cloud Client (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
    Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
    HHD Software Free Hex Editor Neo 6.05 (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.5.0.5278 - HHD Software, Ltd.)
    Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
    HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java SE Development Kit 7 Update 51 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
    Java(TM) SE Development Kit 6 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    Lineage II (HKLM\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
    Lineage® II: Freya (High Five) (HKLM\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 33.1.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 33.1.1 (x86 pt-BR)) (Version: 33.1.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    Mp3tag v2.65a (HKLM\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
    MPC-HC 1.7.1 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Server 5.0 (HKLM\...\{3C830C70-16E8-4FDA-BDF2-3CE38518AF25}) (Version: 5.0.41 - MySQL AB)
    MySQL Server 6.0 (HKLM\...\{522E3254-D622-4797-9EE3-7ACE0B8852D6}) (Version: 6.0.3 - MySQL AB)
    Need for Speed Underground 2 (HKLM\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
    Perfect World France (HKLM\...\631BBC3E-3B27-4BAE-8321-0A28682CC388_is1) (Version: - PWFrance)
    PhotoScape (HKLM\...\PhotoScape) (Version: - )
    ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.3.1 - V-Tech LLC)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2533.0 - Hi-Rez Studios)
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Steam (HKLM\...\Steam) (Version: - Valve Corporation)
    Subtitle Edit 3.3.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.8.2047 - Nikse)
    Synthesia (HKLM\...\Synthesia) (Version: 8.6 - Synthesia LLC)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    TERA (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\teraenmasse) (Version: - )
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}) (Version: - Microsoft)
    VDownloader 3.9.1627 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
    VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
    Warcraft III (HKLM\...\Warcraft III) (Version: - )
    Warcraft III: All Products (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Warcraft III) (Version: - )
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
    WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Xfire Codec (remove only) (HKLM\...\XfireCodec) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{04FE3112-DB93-424D-B958-5E709395693F}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\icmp.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x86\hexpatch32.dll (HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{F75B41E6-0FE1-451b-BD96-485B0B97477D}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    10-05-2015 14:34:56 Removed Ad-Aware Antivirus.
    10-05-2015 14:47:54 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    10-05-2015 14:49:51 Removed Age of Empires III
    10-05-2015 14:51:54 Removed TuxGuitar
    10-05-2015 15:36:09 avast! antivirus system restore point
    10-05-2015 15:39:28 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-11-17 09:51 - 2013-06-08 03:32 - 00000861 ____A C:\Windows\system32\Drivers\etc\hosts
    91.121.69.54 l2authd.lineage2.com

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0AF2C364-6F4B-4E8F-858C-1C8B788E8D9F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)
    Task: {1253E72E-5CA2-4B85-B4FE-10786B4B3376} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {2044C4F1-666D-46A5-A604-032F86379869} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-954720486-3091679152-3473616162-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {2E39730B-B332-4A3A-988C-0098BF038FAE} - System32\Tasks\{3CEA8424-89A3-4C15-B827-FB4BC379739F} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
    Task: {30659B4B-5ED8-4336-816F-8380C02618A2} - System32\Tasks\{71186E40-3FA8-475F-96AC-6568F2CC3E63} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
    Task: {3B33B6C3-B871-4CEB-BE7F-6643CE4B1B34} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
    Task: {458C2C03-17C1-4DAB-8A85-AA6A3ECBF054} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {553C3236-DEC6-48D0-8180-03BF81B78564} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
    Task: {584C6CFE-0BEF-4E6B-9342-BDAE0EFA03FE} - System32\Tasks\{A1400994-BDF8-4149-8D20-52E035791265} => C:\Users\TheThunderT\Downloads\Need for Speed(TM) Rivals-SG\NFS14_x86.exe
    Task: {6C66B639-64C0-4733-9F85-7E943763F266} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {77FC9B79-F769-42B6-B646-06CA93597D9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)
    Task: {78F1072F-DA92-48E0-A85A-23E5C1298D7E} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files\ZenSearch Updater\updater.exe <==== ATTENTION
    Task: {84FFFDC3-E7ED-42F8-8454-22089B0A6297} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {892D5534-66AE-4DB3-AFC2-6232039A0110} - System32\Tasks\{44AC0452-60C6-4C59-A20F-0528CC8BF9A2} => C:\Users\TheThunderT\Downloads\FreeFileViewerSetup.exe
    Task: {8C68D825-55BE-4A7F-8667-B9417F77A4AC} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {A426E1E8-E63B-426A-A80B-DBD24C252176} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: {ADF6EDD5-7AD6-486D-814A-358BFF3A7018} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AEA38886-698C-4000-8D79-656856244239} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: {B08E506A-A8CD-4F14-BB32-F2744EE89084} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
    Task: {B86C6B77-40D6-42B4-B959-899653AE9002} - System32\Tasks\{AEE794D0-739F-44D1-A032-FA621B056C70} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
    Task: {BBD17E6A-2A9D-422B-BCCF-24A2F57C8224} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe
    Task: {CEB3BCC6-9AC0-40D0-9003-7CC6FFCD9A1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-10] (Adobe Systems Incorporated)
    Task: {D7CAE204-1072-4BC7-8270-A69E16F4C0C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
    Task: {F4933D9E-839F-46A1-A590-7581B19273A0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-954720486-3091679152-3473616162-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {F888C9A7-0EB3-4DFB-B324-57A30D9B8673} - System32\Tasks\Driver Booster SkipUAC (TheThunderT) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
    Task: {FA40E20B-1EAC-426F-869F-2541F0CF703F} - System32\Tasks\{8A0DEACC-6642-42C0-A048-C85DBD370C32} => C:\Program Files\Cabal.WS\launcher.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-04-30 18:04 - 2015-04-27 23:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
    2015-04-30 18:04 - 2015-04-27 23:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
    2015-04-30 18:04 - 2015-04-27 23:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    AlternateDataStreams: C:\Users\Public\DRM:احتضان

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95654202.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95654202.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-954720486-3091679152-3473616162-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 200.189.80.121 - 200.189.80.107

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 3
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: EpsonScanSvc => 2
    MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MySQL => 2
    MSCONFIG\Services: npggsvc => 3
    MSCONFIG\Services: SBAMSvc => 2
    MSCONFIG\Services: SkypeUpdate => 3
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^TheThunderT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^TheThunderT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
    MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\TheThunderT\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AppleIEDAV => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
    MSCONFIG\startupreg: EPLTarget =>
    MSCONFIG\startupreg: Facebook Update => "C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: GarenaPlus => "C:\GarenaPlus\GarenaMessenger.exe" -autolaunch
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe
    MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SwvUpdtr => C:\Users\TheThunderT\AppData\Local\24017\Updater.exe /reg
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: uTorrent => "C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: VDownloader => C:\Program Files\VDownloader\VDownloader.exe /silent

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{B47ECFA0-1523-4056-8819-7BBE8DE9FA22}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{F902A877-50B0-4D36-A8A0-91197D078F4F}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3AD88FD4-9D21-4EDA-9C09-6306DC2229BB}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D29E500A-6F7B-4FF8-AFEC-5AF5DADB3805}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{487D6EE3-9AD2-4DB8-8A2A-03434F971D5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F79FB585-1B0B-4771-83EC-3AF5B0A0263B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EEBBA6F4-8E30-44E8-A165-08471A1EB13E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{AF5318E9-5264-4433-AF5C-70C5281AB0FD}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
    FirewallRules: [UDP Query User{A314C9CE-6697-4C21-8127-019FFCB2F58C}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
    FirewallRules: [TCP Query User{B57DB605-9159-4B9D-9F11-E88F9E56A7CC}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{CAE98DA2-D2BD-4C6E-AFFD-673B9367EFD5}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{40B676A9-1A34-45D3-8DA4-E0DB4188D61C}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe
    FirewallRules: [UDP Query User{88F311D3-CDA5-4DF2-9937-844EB2DCAF83}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe
    FirewallRules: [TCP Query User{B76EE5BA-2FEE-42BB-846B-8AA3371B358F}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{FEE46F0E-1089-4481-897B-D5AD7745DCF0}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{2174F022-172D-40AE-96FD-8555EBEE9AC6}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
    FirewallRules: [UDP Query User{C49C718A-6DC2-4A71-9619-320CA70F4E86}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
    FirewallRules: [{1225459F-E9BE-4CFF-8C7D-CD859F440A33}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{00E1AB46-5EA7-4EC6-A293-12A4738D6F7C}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{67D39CE6-E268-4008-89B0-99361D9912CF}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{3C9F5B13-1546-4021-ADF4-ADA73BFAF0EF}] => (Allow) C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{C8CAD163-E06E-41D1-97E9-48CE0DC32AE4}] => (Allow) C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{EF4C74EC-FA3A-4AA2-B12B-D90C4893DA11}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
    FirewallRules: [{4C43E9DF-2C20-4D35-AB3E-F2B8DA40488D}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
    FirewallRules: [{EFE3845A-B608-4DAA-B220-AD9ECA1E944A}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
    FirewallRules: [{303D4ADD-21F6-44AB-BBA9-A627E510DEF8}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
    FirewallRules: [{BDFD2692-86C5-4154-A96D-93B09B3EE4FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{1AD28CF3-BA2A-442C-AD59-D08CF13132DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{EB608961-F5C0-4DF1-94C8-444BFB860954}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{6C4842E6-C5A7-493F-A150-E8DCFBB6D8B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{1CCAD3CE-2B25-4972-A495-4739569DDF45}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A75DF381-354D-4A97-8117-5B0226CB55E9}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A785BF45-5855-4E0D-9B96-AF4552E96E67}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{62B9FECC-64F5-4B4D-8BAF-9EB57CD6C44D}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{AB3EBF5A-0839-4A1D-B985-5CC075642F62}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
    FirewallRules: [{C402FF04-9C3B-4DB8-BC67-996A3CBEA5F9}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
    FirewallRules: [{0E4ABB93-8F7A-4B42-BDCE-D983BBD01FAC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
    FirewallRules: [{3C566A9C-D545-4360-831A-67E0CF02078B}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
    FirewallRules: [{B0978DCE-ECE0-4088-ABFD-DDD7AFFD4270}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
    FirewallRules: [{4B894C7B-0345-4510-9E35-B0A0E6CEC352}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
    FirewallRules: [{40CA9077-C0B7-4F42-9BEF-17377C3D2473}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{7222BAE5-8080-40C7-A4C8-0089DDA1278E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{1C176BFE-1C75-4776-A6D3-698FA16A6867}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{87C7DBA4-64F2-4D71-8B47-17B9D34C3BD1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{B14A979C-49F1-464F-B20B-801E9FDA9924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{432070F0-7C83-4B3A-95FD-4833DAB095B0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{0E6EC6B3-AE06-475A-851D-B8BB4492B193}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{EDB2FE7C-B82B-445A-AF7A-9CF6064BF519}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{C30166D7-802A-45B6-B420-BD252C6EA9E2}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{5BA5A916-C2E6-455C-97F2-65DE4AA64B3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{79F43614-B542-4602-8762-F5A2703F496E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{C6FE0003-B6CD-48F6-9642-747E4E3E6666}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{404935FB-FA34-4325-9A5B-771457C86347}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{6BBF6BD8-A7DC-4B54-A51C-6DA1B9F8A625}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{48849B4F-F327-4D66-A7AD-47ED6C507321}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{3C363846-1523-41BA-BF0A-2D582CFD93DA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{C0A09E7E-D95C-468F-9CFA-FEFDDFFCD7CA}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{3BAE1879-7BCC-4A83-A9D5-6265FF3C0471}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{AA6B1F68-FBCC-466F-B750-4D877B054A77}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{91AD876F-D291-4012-B336-531678A8EF66}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{DE85DF92-A925-4D5B-829B-493D37A577E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/11/2015 00:50:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418154

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSP.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/10/2015 03:36:06 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e57d7b6b-1162-413b-888e-a7a034c89f7b}


    System errors:
    =============
    Error: (05/11/2015 00:40:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/11/2015 00:30:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (05/11/2015 00:50:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418154

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSP.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

    System Error:
    The system cannot find the file specified.

    Error: (05/10/2015 03:36:06 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e57d7b6b-1162-413b-888e-a7a034c89f7b}


    CodeIntegrity Errors:
    ===================================
    Date: 2014-04-21 02:30:27.246
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
    Percentage of memory in use: 74%
    Total physical RAM: 2047.24 MB
    Available physical RAM: 519.51 MB
    Total Pagefile: 4094.48 MB
    Available Pagefile: 1401.39 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1889.47 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:289.46 GB) (Free:47.02 GB) NTFS
    Drive d: () (Fixed) (Total:8.53 GB) (Free:8.3 GB) NTFS
    Drive e: (ATICD12-130) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
    Drive h: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=289.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    I would appreciate any help :c
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...