Inactive Conhost.exe virus

eroamago · May 11, 2015

Hello there, I'd like a little help here
There are dozens of conhost.exe instances running, dozens of cmd.exe, ctfmon even notepad and others system processes, I can't stop them, I cant kill the processes outside the safe mode, in the safe mode I can kill all of them, and after some seconds one will appear and will start to replicate into others.

They are drawing almost 100% from CPU. The PC is really slow, I am using anti-virus ESET NOD32 Antivirus 8, the scans do not detect viruses, they dont even detect most of the processes running, I am fightining against this thing already for ten hours, no "normal way" can make it go away. (it will only run if the internet is on)
I think they are downloading more viruses; malwarebytes anti malware detected more than 30 viruses named trojanfakeMS.ed and is still finding more since last night, sometimes pops out that it blocked a suspicious internet adress, they are always different (the adresses).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by TheThunderT (administrator) on THETHUNDERTMACH on 11-05-2015 01:19:43
Running from C:\Users\TheThunderT\Downloads
Loaded Profiles: TheThunderT (Available profiles: TheThunderT & Thunder`s Disciple)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-09-22] (Speedbit Ltd.)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\MountPoints2: {facf3b77-23dd-11e3-ad63-002354fbdf37} - G:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-954720486-3091679152-3473616162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-05-18] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-09-22] (Speedbit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 91.121.69.54 l2authd.lineage2.com
Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.107

FireFox:
========
FF ProfilePath: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF NetworkProxy: "autoconfig_url", "http://111.13.109.51/"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: facebook.com/fbDesktopPlugin -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\searchplugins\ZenSearch.xml [2014-05-12]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-11-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-11-29]
FF Extension: ZenSearch - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\Extensions\ZenSearch@ZenSearch.com [2014-04-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-29]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-09-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-21]
FF HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\extensions\ascsurfingprotection@iobit.com [Not Found]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default ->
CHR Profile: C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Bookmark Manager) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-12]
CHR Extension: (Speedbit New Tab) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo [2014-09-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 6.0\my.ini [9258 2014-06-25] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 npggsvc; C:\Windows\system32\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-09-25] () [File not signed]
S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-06-16] ()
R3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-04] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-22] (GFI Software)
S3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [29824 2007-09-03] (IC Plus Corp. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2009-04-06] (INCA Internet Co., Ltd.) [File not signed]
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 01:19 - 2015-05-11 01:20 - 00017055 _____ () C:\Users\TheThunderT\Downloads\FRST.txt
2015-05-11 01:19 - 2015-05-11 01:19 - 00000000 ____D () C:\FRST
2015-05-11 01:09 - 2015-05-11 01:09 - 01141248 _____ (Farbar) C:\Users\TheThunderT\Downloads\FRST.exe
2015-05-11 00:59 - 2015-05-11 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 00:57 - 2015-05-11 00:57 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-11 00:41 - 2015-05-11 00:41 - 00114384 _____ () C:\Users\TheThunderT\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00000552 _____ () C:\Windows\system32\spsys.log
2015-05-11 00:40 - 2015-05-11 00:40 - 00444656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-11 00:18 - 2015-05-11 00:18 - 00001603 _____ () C:\Users\TheThunderT\Documents\asdsagadfgdafg.txt
2015-05-10 19:42 - 2015-05-10 20:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-10 19:15 - 2015-05-10 19:16 - 04993624 _____ () C:\Users\TheThunderT\Desktop\RogueKillerCMD.exe
2015-05-10 17:21 - 2015-05-10 17:21 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Program Files\ESET
2015-05-10 15:40 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-10 15:38 - 2015-05-11 00:47 - 00459599 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 15:30 - 2015-05-11 00:40 - 00000327 _____ () C:\Windows\setupact.log
2015-05-10 15:30 - 2015-05-10 15:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-10 15:29 - 2015-05-10 18:51 - 00478386 _____ () C:\Windows\PFRO.log
2015-05-10 15:24 - 2015-05-10 15:25 - 67321856 _____ () C:\Users\TheThunderT\Downloads\eav_nt32_enu.msi
2015-05-10 15:20 - 2015-05-10 15:20 - 00000000 ____D () C:\zoek_backup
2015-05-10 15:14 - 2015-05-10 15:14 - 01308672 _____ () C:\Users\TheThunderT\Downloads\zoek.exe
2015-05-10 15:12 - 2015-05-10 15:27 - 00000000 ____D () C:\AdwCleaner
2015-05-10 15:09 - 2015-05-10 15:09 - 02204160 _____ () C:\Users\TheThunderT\Downloads\adwcleaner_4.203.exe
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-10 14:58 - 2015-05-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\TheThunderT\Downloads\revosetup.exe
2015-05-10 14:34 - 2015-05-10 14:34 - 00001374 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143334.reg
2015-05-10 14:33 - 2015-05-10 14:33 - 00010220 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143220.reg
2015-05-10 14:31 - 2015-05-10 14:31 - 00030098 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143042.reg
2015-05-10 14:19 - 2015-05-10 14:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-10 13:57 - 2015-05-10 13:59 - 00372182 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_135544.reg
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 13:11 - 2015-05-10 13:12 - 06484352 _____ (Piriform Ltd) C:\Users\TheThunderT\Downloads\ccsetup505 (1).exe
2015-05-10 00:49 - 2015-05-10 00:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-05-10 00:45 - 2015-05-10 00:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\TheThunderT\Downloads\tdsskiller.exe
2015-05-09 23:45 - 2015-05-10 18:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-09 23:44 - 2015-05-09 23:44 - 05481336 _____ (Avast Software s.r.o.) C:\Users\TheThunderT\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-09 22:45 - 2015-05-10 00:54 - 00000000 __SHD () C:\ProgramData\Windows Search 5.3.10
2015-05-09 21:18 - 2015-05-09 21:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 ____D () C:\Users\TheThunderT\Downloads\l2tower
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p.txt
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p (1).txt
2015-04-29 22:33 - 2015-04-29 22:33 - 00021782 _____ () C:\Users\TheThunderT\Downloads\game.of.thrones.high.sparrow.(2015).por.1cd.(6116667).zip
2015-04-28 22:29 - 2015-05-04 03:31 - 00048640 _____ () C:\Users\TheThunderT\Downloads\BPS.xls
2015-04-24 00:13 - 2015-04-24 00:21 - 540805585 _____ () C:\Users\TheThunderT\Downloads\l2WoE-Pach 2.1.rar
2015-04-22 21:47 - 2015-04-22 21:47 - 00000000 __SHD () C:\Users\TheThunderT\AppData\Local\EmieBrowserModeList
2015-04-17 14:38 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 14:38 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 14:38 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 14:38 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 01:01 - 2013-09-22 19:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 00:47 - 2013-09-22 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 00:40 - 2014-04-30 18:46 - 00000390 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-05-11 00:40 - 2013-09-22 20:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-11 00:40 - 2013-09-22 19:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 00:40 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 23:57 - 2013-08-30 00:43 - 00000000 ____D () C:\Users\TheThunderT
2015-05-10 23:56 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
2015-05-10 18:00 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-10 17:23 - 2013-09-22 20:18 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job
2015-05-10 15:30 - 2013-09-22 21:02 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\adawarebp
2015-05-10 15:27 - 2013-09-24 22:28 - 00000000 ____D () C:\Users\Thunder`s Disciple
2015-05-10 15:00 - 2013-10-23 09:05 - 00000000 ____D () C:\Program Files\Wondershare
2015-05-10 14:50 - 2013-09-22 23:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-10 14:47 - 2013-09-22 20:04 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\uTorrent
2015-05-10 14:41 - 2015-03-21 11:18 - 00000000 ____D () C:\Program Files\Yahoo!
2015-05-10 14:36 - 2013-09-22 21:02 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2015-05-10 13:43 - 2014-10-01 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\PhotoScape
2015-05-10 13:43 - 2014-09-12 22:02 - 00000000 ____D () C:\Program Files\Steam
2015-05-10 13:43 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\DAEMON Tools Lite
2015-05-10 13:42 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\TS3Client
2015-05-10 13:40 - 2013-09-22 20:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-10 13:40 - 2013-09-22 09:25 - 00000000 ____D () C:\Windows\Panther
2015-05-10 12:39 - 2013-09-22 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-10 12:39 - 2013-09-22 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-10 01:16 - 2015-01-18 15:35 - 00000000 ____D () C:\Program Files\BEAST Cabal
2015-05-09 21:55 - 2013-09-22 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\Skype
2015-05-09 21:20 - 2015-01-29 01:58 - 00000000 ____D () C:\Program Files\Lineage II
2015-05-09 20:23 - 2013-09-22 20:18 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job
2015-05-04 10:04 - 2013-09-22 21:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-04 10:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-04 10:03 - 2013-09-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-04 10:02 - 2009-07-13 23:04 - 00000513 _____ () C:\Windows\win.ini
2015-05-04 09:52 - 2014-10-03 20:53 - 00000000 ___RD () C:\Program Files\Skype
2015-05-04 09:52 - 2013-09-22 23:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-22 15:28 - 2009-07-14 01:53 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 21:53 - 2015-03-28 19:50 - 00000109 _____ () C:\Users\TheThunderT\Documents\aaaaaaaaaaaaaa.txt
2015-04-19 13:39 - 2013-11-06 15:47 - 00000000 ____D () C:\Program Files\VDownloader
2015-04-17 17:46 - 2013-11-06 15:47 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\VDownloader
2015-04-17 00:55 - 2014-04-20 01:48 - 00000000 ____D () C:\Program Files\Common Files\Steam

==================== Files in the root of some directories =======

2013-11-06 15:47 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-11-27 23:24 - 2014-11-27 23:24 - 0000017 _____ () C:\Users\TheThunderT\AppData\Local\resmon.resmoncfg
2013-11-06 15:47 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2014-03-21 10:27 - 2014-03-21 10:27 - 0000464 _____ () C:\ProgramData\HirezPipeError.txt
2015-03-21 10:51 - 2015-03-21 11:21 - 0000363 _____ () C:\ProgramData\hpzinstall.log
2013-11-06 15:47 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico

Some content of TEMP:
====================
C:\Users\TheThunderT\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TheThunderT\AppData\Local\Temp\InstHelper.exe
C:\Users\TheThunderT\AppData\Local\Temp\Quarantine.exe
C:\Users\TheThunderT\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 08:11

==================== End Of Log ============================

eroamago · May 11, 2015

#############################################ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by TheThunderT at 2015-05-11 01:21:01
Running from C:\Users\TheThunderT\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-954720486-3091679152-3473616162-500 - Administrator - Disabled)
Guest (S-1-5-21-954720486-3091679152-3473616162-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-954720486-3091679152-3473616162-1002 - Limited - Enabled)
TheThunderT (S-1-5-21-954720486-3091679152-3473616162-1001 - Administrator - Enabled) => C:\Users\TheThunderT
Thunder`s Disciple (S-1-5-21-954720486-3091679152-3473616162-1003 - Limited - Enabled) => C:\Users\Thunder`s Disciple

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{12D800D0-F5F0-7B02-9876-D3EFF5B1FFDF}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AP Tuner 3.08 (HKLM\...\AP Tuner 3.08) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10053 (Build 2558) - Speedbit Ltd.)
Easy GIF Animator 6.1 (HKLM\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET NOD32 Antivirus (HKLM\...\{B096B8AB-C3BD-4801-A731-D2B94643DA86}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Happy Cloud Client (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
HHD Software Free Hex Editor Neo 6.05 (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.5.0.5278 - HHD Software, Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java(TM) SE Development Kit 6 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lineage II (HKLM\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Lineage® II: Freya (High Five) (HKLM\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 33.1.1 (x86 pt-BR)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mp3tag v2.65a (HKLM\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MPC-HC 1.7.1 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Server 5.0 (HKLM\...\{3C830C70-16E8-4FDA-BDF2-3CE38518AF25}) (Version: 5.0.41 - MySQL AB)
MySQL Server 6.0 (HKLM\...\{522E3254-D622-4797-9EE3-7ACE0B8852D6}) (Version: 6.0.3 - MySQL AB)
Need for Speed Underground 2 (HKLM\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Perfect World France (HKLM\...\631BBC3E-3B27-4BAE-8321-0A28682CC388_is1) (Version: - PWFrance)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.3.1 - V-Tech LLC)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2533.0 - Hi-Rez Studios)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Subtitle Edit 3.3.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.8.2047 - Nikse)
Synthesia (HKLM\...\Synthesia) (Version: 8.6 - Synthesia LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TERA (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\teraenmasse) (Version: - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}) (Version: - Microsoft)
VDownloader 3.9.1627 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Warcraft III) (Version: - )
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xfire Codec (remove only) (HKLM\...\XfireCodec) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{04FE3112-DB93-424D-B958-5E709395693F}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\icmp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\TheThunderT\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x86\hexpatch32.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-954720486-3091679152-3473616162-1001_Classes\CLSID\{F75B41E6-0FE1-451b-BD96-485B0B97477D}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

10-05-2015 14:34:56 Removed Ad-Aware Antivirus.
10-05-2015 14:47:54 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
10-05-2015 14:49:51 Removed Age of Empires III
10-05-2015 14:51:54 Removed TuxGuitar
10-05-2015 15:36:09 avast! antivirus system restore point
10-05-2015 15:39:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-11-17 09:51 - 2013-06-08 03:32 - 00000861 ____A C:\Windows\system32\Drivers\etc\hosts
91.121.69.54 l2authd.lineage2.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AF2C364-6F4B-4E8F-858C-1C8B788E8D9F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)
Task: {1253E72E-5CA2-4B85-B4FE-10786B4B3376} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2044C4F1-666D-46A5-A604-032F86379869} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-954720486-3091679152-3473616162-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2E39730B-B332-4A3A-988C-0098BF038FAE} - System32\Tasks\{3CEA8424-89A3-4C15-B827-FB4BC379739F} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
Task: {30659B4B-5ED8-4336-816F-8380C02618A2} - System32\Tasks\{71186E40-3FA8-475F-96AC-6568F2CC3E63} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
Task: {3B33B6C3-B871-4CEB-BE7F-6643CE4B1B34} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: {458C2C03-17C1-4DAB-8A85-AA6A3ECBF054} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {553C3236-DEC6-48D0-8180-03BF81B78564} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {584C6CFE-0BEF-4E6B-9342-BDAE0EFA03FE} - System32\Tasks\{A1400994-BDF8-4149-8D20-52E035791265} => C:\Users\TheThunderT\Downloads\Need for Speed(TM) Rivals-SG\NFS14_x86.exe
Task: {6C66B639-64C0-4733-9F85-7E943763F266} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {77FC9B79-F769-42B6-B646-06CA93597D9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)
Task: {78F1072F-DA92-48E0-A85A-23E5C1298D7E} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files\ZenSearch Updater\updater.exe <==== ATTENTION
Task: {84FFFDC3-E7ED-42F8-8454-22089B0A6297} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {892D5534-66AE-4DB3-AFC2-6232039A0110} - System32\Tasks\{44AC0452-60C6-4C59-A20F-0528CC8BF9A2} => C:\Users\TheThunderT\Downloads\FreeFileViewerSetup.exe
Task: {8C68D825-55BE-4A7F-8667-B9417F77A4AC} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {A426E1E8-E63B-426A-A80B-DBD24C252176} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {ADF6EDD5-7AD6-486D-814A-358BFF3A7018} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEA38886-698C-4000-8D79-656856244239} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: {B08E506A-A8CD-4F14-BB32-F2744EE89084} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {B86C6B77-40D6-42B4-B959-899653AE9002} - System32\Tasks\{AEE794D0-739F-44D1-A032-FA621B056C70} => C:\Program Files\RF Lebay - Return Of The Lord Master\RF Lebay.exe
Task: {BBD17E6A-2A9D-422B-BCCF-24A2F57C8224} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe
Task: {CEB3BCC6-9AC0-40D0-9003-7CC6FFCD9A1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-10] (Adobe Systems Incorporated)
Task: {D7CAE204-1072-4BC7-8270-A69E16F4C0C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {F4933D9E-839F-46A1-A590-7581B19273A0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-954720486-3091679152-3473616162-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F888C9A7-0EB3-4DFB-B324-57A30D9B8673} - System32\Tasks\Driver Booster SkipUAC (TheThunderT) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {FA40E20B-1EAC-426F-869F-2541F0CF703F} - System32\Tasks\{8A0DEACC-6642-42C0-A048-C85DBD370C32} => C:\Program Files\Cabal.WS\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job => C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-30 18:04 - 2015-04-27 23:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 18:04 - 2015-04-27 23:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 18:04 - 2015-04-27 23:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95654202.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95654202.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-954720486-3091679152-3473616162-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 200.189.80.121 - 200.189.80.107

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MySQL => 2
MSCONFIG\Services: npggsvc => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^TheThunderT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^TheThunderT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\TheThunderT\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\TheThunderT\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\GarenaPlus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwvUpdtr => C:\Users\TheThunderT\AppData\Local\24017\Updater.exe /reg
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VDownloader => C:\Program Files\VDownloader\VDownloader.exe /silent

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B47ECFA0-1523-4056-8819-7BBE8DE9FA22}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F902A877-50B0-4D36-A8A0-91197D078F4F}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AD88FD4-9D21-4EDA-9C09-6306DC2229BB}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D29E500A-6F7B-4FF8-AFEC-5AF5DADB3805}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{487D6EE3-9AD2-4DB8-8A2A-03434F971D5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F79FB585-1B0B-4771-83EC-3AF5B0A0263B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EEBBA6F4-8E30-44E8-A165-08471A1EB13E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AF5318E9-5264-4433-AF5C-70C5281AB0FD}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
FirewallRules: [UDP Query User{A314C9CE-6697-4C21-8127-019FFCB2F58C}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
FirewallRules: [TCP Query User{B57DB605-9159-4B9D-9F11-E88F9E56A7CC}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CAE98DA2-D2BD-4C6E-AFFD-673B9367EFD5}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{40B676A9-1A34-45D3-8DA4-E0DB4188D61C}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe
FirewallRules: [UDP Query User{88F311D3-CDA5-4DF2-9937-844EB2DCAF83}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe
FirewallRules: [TCP Query User{B76EE5BA-2FEE-42BB-846B-8AA3371B358F}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FEE46F0E-1089-4481-897B-D5AD7745DCF0}C:\users\thethundert\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\thethundert\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2174F022-172D-40AE-96FD-8555EBEE9AC6}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{C49C718A-6DC2-4A71-9619-320CA70F4E86}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{1225459F-E9BE-4CFF-8C7D-CD859F440A33}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{00E1AB46-5EA7-4EC6-A293-12A4738D6F7C}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{67D39CE6-E268-4008-89B0-99361D9912CF}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{3C9F5B13-1546-4021-ADF4-ADA73BFAF0EF}] => (Allow) C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C8CAD163-E06E-41D1-97E9-48CE0DC32AE4}] => (Allow) C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EF4C74EC-FA3A-4AA2-B12B-D90C4893DA11}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
FirewallRules: [{4C43E9DF-2C20-4D35-AB3E-F2B8DA40488D}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
FirewallRules: [{EFE3845A-B608-4DAA-B220-AD9ECA1E944A}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
FirewallRules: [{303D4ADD-21F6-44AB-BBA9-A627E510DEF8}] => (Allow) C:\Program Files\BEAST Cabal\Beast Cabal Launcher.exe
FirewallRules: [{BDFD2692-86C5-4154-A96D-93B09B3EE4FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1AD28CF3-BA2A-442C-AD59-D08CF13132DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EB608961-F5C0-4DF1-94C8-444BFB860954}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6C4842E6-C5A7-493F-A150-E8DCFBB6D8B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1CCAD3CE-2B25-4972-A495-4739569DDF45}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A75DF381-354D-4A97-8117-5B0226CB55E9}] => (Allow) C:\Users\TheThunderT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A785BF45-5855-4E0D-9B96-AF4552E96E67}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{62B9FECC-64F5-4B4D-8BAF-9EB57CD6C44D}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{AB3EBF5A-0839-4A1D-B985-5CC075642F62}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{C402FF04-9C3B-4DB8-BC67-996A3CBEA5F9}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{0E4ABB93-8F7A-4B42-BDCE-D983BBD01FAC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{3C566A9C-D545-4360-831A-67E0CF02078B}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{B0978DCE-ECE0-4088-ABFD-DDD7AFFD4270}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{4B894C7B-0345-4510-9E35-B0A0E6CEC352}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{40CA9077-C0B7-4F42-9BEF-17377C3D2473}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7222BAE5-8080-40C7-A4C8-0089DDA1278E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1C176BFE-1C75-4776-A6D3-698FA16A6867}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{87C7DBA4-64F2-4D71-8B47-17B9D34C3BD1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B14A979C-49F1-464F-B20B-801E9FDA9924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{432070F0-7C83-4B3A-95FD-4833DAB095B0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{0E6EC6B3-AE06-475A-851D-B8BB4492B193}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{EDB2FE7C-B82B-445A-AF7A-9CF6064BF519}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C30166D7-802A-45B6-B420-BD252C6EA9E2}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5BA5A916-C2E6-455C-97F2-65DE4AA64B3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{79F43614-B542-4602-8762-F5A2703F496E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{C6FE0003-B6CD-48F6-9642-747E4E3E6666}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{404935FB-FA34-4325-9A5B-771457C86347}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6BBF6BD8-A7DC-4B54-A51C-6DA1B9F8A625}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{48849B4F-F327-4D66-A7AD-47ED6C507321}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3C363846-1523-41BA-BF0A-2D582CFD93DA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C0A09E7E-D95C-468F-9CFA-FEFDDFFCD7CA}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{3BAE1879-7BCC-4A83-A9D5-6265FF3C0471}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{AA6B1F68-FBCC-466F-B750-4D877B054A77}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{91AD876F-D291-4012-B336-531678A8EF66}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DE85DF92-A925-4D5B-829B-493D37A577E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2015 00:50:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2015 03:36:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e57d7b6b-1162-413b-888e-a7a034c89f7b}

System errors:
=============
Error: (05/11/2015 00:40:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/11/2015 00:30:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (05/11/2015 00:50:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.

Error: (05/10/2015 03:36:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e57d7b6b-1162-413b-888e-a7a034c89f7b}

CodeIntegrity Errors:
===================================
Date: 2014-04-21 02:30:27.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 74%
Total physical RAM: 2047.24 MB
Available physical RAM: 519.51 MB
Total Pagefile: 4094.48 MB
Available Pagefile: 1401.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.46 GB) (Free:47.02 GB) NTFS
Drive d: () (Fixed) (Total:8.53 GB) (Free:8.3 GB) NTFS
Drive e: (ATICD12-130) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive h: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=289.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I would appreciate any help :c

Broni · May 11, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Inactive Conhost.exe virus

eroamago

eroamago

Broni

Posts: 56,041 +516

Similar threads

Latest posts