Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SProtector.D potentially unwanted application

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SProtector.D potentially unwanted application

Unread postby promenix » November 5th, 2014, 9:21 pm

Hi there,

at every startup I get a warning from eset nod32 about a threat: "a variant of Win32/SProtecto.D potentially unwanted application"

in the same window it also says "Object: operating memory rundll32.exe(2212)

in the warning window eset gives me two choices to deal with it, clean ot delete, neither helps.

The warning pops up again after a while. I havent really noticed any symptoms besides the warning.

Here are my DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Eric at 2:02:40 on 2014-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8169.5674 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\AsScrPro.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
c:\windows\system32\svchost.exe -k hpz12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\windows\system32\svchost.exe -k hpz12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k bthsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k localservicepeernet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k sdrsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1F09769B-1565-4B05-9153-D6FCF8334DFE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1F09769B-1565-4B05-9153-D6FCF8334DFE}\2457373747967656E6021333D23373 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1F09769B-1565-4B05-9153-D6FCF8334DFE}\E45445745414257353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3D67522A-7894-4B59-A0BC-3E130CABF793} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
R1 iSafeKrnl;YAC Mini-Filter Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2014-11-6 248488]
R1 iSafeKrnlKit;YAC Kit Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2014-11-6 99496]
R1 iSafeKrnlR3;YAC Ring3 Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2014-11-6 65704]
R1 iSafeNetFilter;YAC NDIS Driver;C:\Windows\System32\drivers\iSafeNetFilter.sys [2014-11-6 49320]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-9-11 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2011-9-11 113840]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
R2 fa6789c5;VideoCnv;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-5 1148744]
R2 iSafeService;YAC Service;C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2014-11-6 118048]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-1-23 11936560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-5 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-11-5 19439944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-5 411968]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-10 2655768]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2014-10-10 179200]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-4-8 177152]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-4-8 56320]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-9-11 32344]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-5 38048]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-9-11 311400]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-11 471144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-11 79360]
S3 iSafeKrnlBoot;YAC Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-11-6 45224]
S3 ks2avs;Kontrol S2 WDM Audio;C:\Windows\System32\drivers\ks2avs.sys [2012-12-18 359784]
S3 ks2usb_svc;Traktor Kontrol S2;C:\Windows\System32\drivers\ks2usb.sys [2012-12-18 83816]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2014-9-29 44928]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\System32\drivers\MAudioFastTrackPro.sys [2010-12-7 187912]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-17 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-17 30208]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-3 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2014-11-06 00:15:33 49320 ----a-w- C:\Windows\System32\drivers\iSafeNetFilter.sys
2014-11-06 00:15:33 45224 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-11-06 00:15:33 -------- d-----w- C:\Windows\System32\log
2014-11-06 00:15:30 -------- d-----w- C:\Program Files (x86)\Elex-tech
2014-11-06 00:15:00 -------- d-----w- C:\Users\Eric\AppData\Roaming\Elex-tech
2014-11-05 23:44:22 -------- d-----w- C:\ProgramData\choosefun
2014-11-05 23:44:17 -------- d-----w- C:\ProgramData\dealplug
2014-11-05 23:44:14 -------- d-----w- C:\ProgramData\ca414386b030b98e
2014-11-05 12:24:50 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-11-05 12:24:50 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-11-05 12:24:49 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-11-05 12:24:49 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-11-05 12:24:46 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-11-05 12:21:13 -------- d-----w- C:\Users\Eric\AppData\Local\NVIDIA Corporation
2014-11-05 12:21:13 -------- d-----w- C:\Users\Eric\AppData\Local\NVIDIA
2014-11-05 12:21:12 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-11-05 12:21:12 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-11-05 12:21:12 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-11-05 12:21:12 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-11-05 12:15:43 614728 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-11-05 12:15:23 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-05 12:15:23 6880968 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-05 12:15:23 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-05 12:15:23 4066553 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-11-05 12:15:23 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-11-05 12:15:23 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-05 12:15:23 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-05 12:15:08 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-11-05 12:11:18 -------- d-----w- C:\NVIDIA
2014-11-05 11:43:41 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-11-05 11:42:49 -------- d-----w- C:\AdwCleaner
2014-11-05 11:35:14 -------- d-----w- C:\Windows\ERUNT
2014-11-05 01:11:23 -------- d-----w- C:\Program Files (x86)\NirSoft
2014-11-03 12:41:49 -------- d-----w- C:\Users\Eric\AppData\Roaming\asus
2014-11-03 12:39:17 -------- d-----w- C:\Users\Eric\AppData\Local\Akamai
2014-11-03 12:32:16 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-03 12:32:16 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-03 12:32:16 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-03 12:32:16 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-03 12:32:15 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-03 12:32:15 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-03 12:32:05 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-03 12:32:05 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-03 12:29:55 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-03 10:50:28 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8734498-75EA-44D1-A26B-4EBD6D27984A}\mpengine.dll
2014-11-03 10:50:23 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-03 10:41:48 -------- d-----w- C:\Program Files\CCleaner
2014-11-03 10:04:38 24576 ----a-w- C:\Users\Eric\AppData\Local\uninst.tmp
2014-10-27 18:28:25 -------- d-----w- C:\Program Files (x86)\VideoCnv
2014-10-17 19:52:51 -------- d-----w- C:\ProgramData\IDM
2014-10-17 19:52:49 -------- d-----w- C:\Users\Eric\AppData\Roaming\IDM
2014-10-12 11:28:56 -------- d-----w- C:\Program Files (x86)\FabFilter
.
==================== Find3M ====================
.
2014-11-06 00:07:22 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-10-30 08:56:29 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-10-30 08:56:29 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-10-30 08:56:29 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-23 20:49:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 20:49:12 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 23:55:48 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 23:49:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 23:48:28 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 23:47:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 23:47:14 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 23:46:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 23:45:52 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-09-19 22:44:32 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-30 02:10:26 6583296 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-30 01:50:57 5702656 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-27 07:29:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 2:03:07,25 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2012-01-31 21:45:13
System Uptime: 2014-11-06 01:37:14 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G53SX
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU 1 | 1782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 185,562 GiB free.
D: is FIXED (NTFS) - 381 GiB total, 113,579 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP205: 2014-11-03 11:30:29 - Configured LabelPrint
RP206: 2014-11-03 11:49:44 - Windows Update
RP207: 2014-11-03 13:31:05 - Windows Update
RP208: 2014-11-05 01:44:25 - Removed ATK Package
RP209: 2014-11-05 01:49:04 - Installed ATK Package
RP210: 2014-11-05 13:21:19 - DirectX har installerats
RP211: 2014-11-05 13:43:05 - Removed Microsoft Silverlight
RP212: 2014-11-05 13:59:51 - Removed ATK Package
RP213: 2014-11-05 14:01:16 - Installed ATK Package
RP214: 2014-11-06 00:47:58 - Removed ASUS Live Update
RP215: 2014-11-06 01:05:52 - Removed THX TruStudio
RP216: 2014-11-06 01:34:49 - Removed Java 7 Update 67
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Ableton Live 9 Suite
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09) - Svenska
ASIO4ALL
ASUS AI Recovery
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Atheros Client Installation Program
ATK Package
BankID säkerhetsprogram
Bluetooth Win7 Suite (64)
Bookworm Deluxe
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG5300 series MP Drivers
Canon MP Navigator EX 5.0
CCleaner
CyberLink Power2Go
D3DX10
dealplug
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
Electric Sheep 2.7b34c
Elysia Compressor Bundle v1.0
ESET NOD32 Antivirus
FairStars CD Ripper 1.80
Fast Boot
Fotogalleriet
Fresco Logic USB3.0 Host Controller
Game Park Console
GameFast.exe
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
INSPECTORXL
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
JavaFX 2.1.1
Jewel Quest 3
K-Lite Codec Pack 10.6.5 Basic
LinPlug CronoX v2.1
Live 8.2.2
Luxor 3
M-Audio FastTrackPro Driver 6.0.7 (x64)
Mahjongg dimensions
Max 6.1.8 (x64)
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Hem och Småföretag 2010
Microsoft Office Klicka-och-kör 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared 64-bit MUI (Swedish) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Swedish) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mixlr version 2.3.5
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Native Instruments Audio 2 DJ Driver
Native Instruments Audio 4 DJ Driver
Native Instruments Audio 8 DJ Driver
Native Instruments Controller Editor
Native Instruments Kontakt 5
Native Instruments Service Center
Native Instruments Traktor 2
Native Instruments Traktor Audio 10 Driver
Native Instruments Traktor Audio 2 Driver
Native Instruments Traktor Audio 2 MK2 Driver
Native Instruments Traktor Audio 6 Driver
Native Instruments Traktor Kontrol F1 Driver
Native Instruments Traktor Kontrol S2 Driver
Native Instruments Traktor Kontrol S2 MK2 Driver
Native Instruments Traktor Kontrol S4 Driver
Native Instruments Traktor Kontrol S4 MK2 Driver
Native Instruments Traktor Kontrol X1 Driver
Native Instruments Traktor Kontrol X1 MK2 Driver
Native Instruments Traktor Kontrol Z1 Driver
Native Instruments Traktor Kontrol Z2 Driver
NirSoft ShellExView
Nuance PDF Reader
NVIDIA-uppdatering 16.13.56
NVIDIA 3D Vision drivrutin 344.60
NVIDIA GeForce Experience 2.1.3
NVIDIA GeForce Experience Service
NVIDIA Grafikdrivrutin 344.60
NVIDIA HD audiodrivrutin 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX systemprogramvara 9.14.0702
NVIDIA ShadowPlay 16.13.56
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
NVIDIAs kontrollpanel 344.60
OpenAL
Origin
PCM Native Reverb VST Plug-in
Peggle
Photo Common
Photo Gallery
Popcorn Time
PSP VintageWarmer2 2.5.1 32bit
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Rockstar Games Social Club
Rotation Desktop for G Series.exe
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype™ 6.20
Softube Tube-Tech CL 1B VST RTAS v1.0.3
Sonnox Oxford R3 EQ Native VST v1.6.1
Spotify
Stillwell Audio Plugins Bundle VST v1.52
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VideoCnv
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinRAR 4.10 (64-bit)
Wireless Console 3
VLC media player 1.1.11
World of Goo
YAC(Yet Another Cleaner!)
.
==== End Of File ===========================
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm
Advertisement
Register to Remove

Re: SProtector.D potentially unwanted application

Unread postby Cypher » November 6th, 2014, 12:05 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • RKreport.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 5:40 am

# AdwCleaner v3.311 - Report created 05/11/2014 at 12:46:05
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eric - PSYSTATION
# Running from : C:\Users\Eric\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Partner Service

***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73CE6F57-AD10-4D36-A13E-248264A3A123}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E2F5D2F-EC72-48DF-A66E-3B39D827B44B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYNO&q={searchTerms}

*************************

AdwCleaner[R0].txt - [5049 octets] - [05/11/2014 12:43:12]
AdwCleaner[S0].txt - [4873 octets] - [05/11/2014 12:46:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4933 octets] ##########
# AdwCleaner v3.311 - Report created 07/11/2014 at 10:36:43
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eric - PSYSTATION
# Running from : C:\Users\Eric\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Eric\AppData\Local\Temp\iSafeRightKeyScan
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6331 octets] - [05/11/2014 12:43:12]
AdwCleaner[S0].txt - [6054 octets] - [05/11/2014 12:46:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6114 octets] ##########
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 5:46 am

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eric [Administrator]
Mode : Scan -- Date : 11/07/2014 10:45:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 26 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] d8ce373df27a2e3595a684f785a4d31c
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 300062 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 666957824 | Size: 389740 MB
User = LL1 ... OK
User = LL2 ... OK
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 5:50 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Eric (administrator) on PSYSTATION on 07-11-2014 10:48:49
Running from C:\Users\Eric\Desktop
Loaded Profile: Eric (Available profiles: Eric)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Windows\AsScrPro.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {21012455-562f-11e1-97b5-742f68b7fc8c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {8023e4bf-c363-11e1-a4f7-742f68b7fc8c} - G:\Startme.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-02-02]

Chrome:
=======
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (Adblock Plus) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-03]
CHR Extension: (Sök på Google) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-11] (Creative Labs) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-11-05] (Elex do Brasil Participações Ltda)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S2 fa6789c5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-11-05] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-11-05] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-11-05] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-07] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 10:48 - 2014-11-07 10:49 - 00019104 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-11-07 10:48 - 2014-11-07 10:48 - 00000000 ____D () C:\FRST
2014-11-07 10:47 - 2014-11-07 10:47 - 02114560 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2014-11-07 10:41 - 2014-11-07 10:41 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-07 10:41 - 2014-11-07 10:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-07 10:40 - 2014-11-07 10:40 - 14670424 _____ () C:\Users\Eric\Desktop\RogueKiller.exe
2014-11-07 10:37 - 2014-11-07 10:37 - 00000314 _____ () C:\Windows\PFRO.log
2014-11-07 10:31 - 2014-11-07 10:31 - 01375089 _____ () C:\Users\Eric\Desktop\adwcleaner_3.311.exe
2014-11-07 10:28 - 2014-11-07 10:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PSYSTATION-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-11-07 10:28 - 2014-11-07 10:28 - 00000000 ____D () C:\RegBackup
2014-11-07 10:27 - 2014-11-07 10:27 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-07 10:27 - 2014-11-07 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-07 10:27 - 2014-11-07 10:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-07 10:26 - 2014-11-07 10:26 - 04215584 _____ () C:\Users\Eric\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-06 14:29 - 2014-11-07 10:38 - 00000784 _____ () C:\Windows\setupact.log
2014-11-06 14:29 - 2014-11-06 14:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-06 02:03 - 2014-11-06 02:03 - 00025268 _____ () C:\Users\Eric\Desktop\dds.txt
2014-11-06 02:03 - 2014-11-06 02:03 - 00009157 _____ () C:\Users\Eric\Desktop\attach.txt
2014-11-06 02:02 - 2014-11-06 02:02 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-11-06 01:15 - 2014-11-07 10:36 - 00000000 ____D () C:\Windows\system32\log
2014-11-06 01:15 - 2014-11-06 01:15 - 00001908 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-11-06 01:15 - 2014-11-06 01:15 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Elex-tech
2014-11-06 01:15 - 2014-11-06 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-11-06 01:15 - 2014-11-06 01:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-11-06 01:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-11-06 01:13 - 2014-11-06 01:13 - 17417312 _____ (Elex do Brasil Participações Ltda) C:\Users\Eric\Downloads\yet_another_cleaner_sk_4948472.exe
2014-11-06 00:44 - 2014-11-06 00:44 - 00000000 ____D () C:\ProgramData\dealplug
2014-11-06 00:44 - 2014-11-06 00:44 - 00000000 ____D () C:\ProgramData\choosefun
2014-11-06 00:44 - 2014-11-06 00:44 - 00000000 ____D () C:\ProgramData\ca414386b030b98e
2014-11-06 00:32 - 2014-11-06 00:32 - 06822176 _____ (ParetoLogic, Inc.) C:\Users\Eric\Downloads\RegCureProSetup_e428d4d_.exe
2014-11-05 14:01 - 2014-11-05 14:01 - 00002976 _____ () C:\Windows\System32\Tasks\ATKOSD2
2014-11-05 13:59 - 2014-11-05 13:59 - 08217453 _____ () C:\Users\Eric\Downloads\ATKPackage_Win7_64_Z100010.zip
2014-11-05 13:24 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-05 13:24 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-05 13:24 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-05 13:24 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-05 13:24 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-05 13:21 - 2014-11-06 14:18 - 00000000 ____D () C:\Users\Eric\AppData\Local\NVIDIA Corporation
2014-11-05 13:21 - 2014-11-05 13:21 - 00000000 ____D () C:\Users\Eric\AppData\Local\NVIDIA
2014-11-05 13:21 - 2014-10-04 07:35 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-05 13:21 - 2014-10-04 07:35 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-05 13:21 - 2014-10-04 07:34 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-05 13:21 - 2014-10-04 07:34 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-05 13:20 - 2014-11-05 13:20 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-05 13:15 - 2014-11-07 10:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-05 13:15 - 2014-11-06 14:18 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-05 13:15 - 2014-10-30 03:10 - 06880968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-05 13:15 - 2014-10-30 03:10 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-05 13:15 - 2014-10-30 03:10 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-05 13:15 - 2014-10-30 03:10 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-05 13:15 - 2014-10-30 03:10 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-05 13:15 - 2014-10-30 03:10 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-05 13:15 - 2014-10-30 01:56 - 00614728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-05 13:15 - 2014-10-27 01:34 - 04066553 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-05 13:13 - 2014-10-30 09:56 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-05 13:13 - 2014-10-30 09:56 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-05 13:13 - 2014-10-30 09:56 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-05 13:13 - 2014-10-30 05:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-05 13:13 - 2014-10-30 05:53 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-11-05 13:13 - 2014-09-04 20:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-05 13:13 - 2014-09-04 20:14 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-05 13:13 - 2014-09-04 20:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-05 13:05 - 2014-11-05 13:06 - 02830192 _____ (LionSea Software ) C:\Users\Eric\Downloads\asus_drivers_download_utility_setup.exe
2014-11-05 13:01 - 2014-11-05 13:05 - 306024872 _____ (NVIDIA Corporation) C:\Users\Eric\Downloads\344.60-notebook-win8-win7-64bit-international-whql.exe
2014-11-05 12:57 - 2014-11-05 12:57 - 00000024 _____ () C:\Windows\ATKPF.ini
2014-11-05 12:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-05 12:42 - 2014-11-07 10:36 - 00000000 ____D () C:\AdwCleaner
2014-11-05 12:37 - 2014-11-05 12:37 - 00002431 _____ () C:\Users\Eric\Desktop\JRT.txt
2014-11-05 12:35 - 2014-11-05 12:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 12:34 - 2014-11-05 12:34 - 01706359 _____ (Thisisu) C:\Users\Eric\Downloads\JRT.exe
2014-11-05 02:11 - 2014-11-05 02:11 - 00140960 _____ () C:\Users\Eric\Downloads\shexview_setup.exe
2014-11-05 02:11 - 2014-11-05 02:11 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2014-11-05 02:11 - 2014-11-05 02:11 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-11-05 02:03 - 2014-11-05 02:03 - 00043722 _____ () C:\Users\Eric\Documents\cc_20141105_020346.reg
2014-11-05 01:44 - 2014-11-05 01:44 - 02247298 _____ () C:\Users\Eric\Downloads\ATK_Hotkey_WIN7_32_64_z100056.zip
2014-11-05 01:39 - 2014-11-05 01:40 - 12716508 _____ () C:\Users\Eric\Documents\ATKPackage_Win7_64_VER100036.rar
2014-11-03 13:41 - 2014-11-03 13:41 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\asus
2014-11-03 13:39 - 2014-11-05 13:45 - 00000000 ____D () C:\Users\Eric\AppData\Local\Akamai
2014-11-03 13:39 - 2014-11-03 13:39 - 09500953 _____ () C:\Users\Eric\Documents\LiveUpdate_Win7_64_VER329.rar
2014-11-03 13:38 - 2014-11-03 13:38 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Eric\Downloads\AsusInstaller.exe
2014-11-03 13:32 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-03 13:32 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-03 13:32 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-03 13:32 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-03 13:32 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-03 13:32 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-03 13:32 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-03 13:32 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-03 13:30 - 2014-09-20 01:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-03 13:30 - 2014-09-20 00:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-03 13:30 - 2014-09-20 00:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-03 13:30 - 2014-09-20 00:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-03 13:30 - 2014-09-20 00:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-03 13:30 - 2014-09-20 00:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-03 13:30 - 2014-09-20 00:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-03 13:30 - 2014-09-20 00:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-03 13:30 - 2014-09-20 00:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-03 13:30 - 2014-09-20 00:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-03 13:30 - 2014-09-20 00:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-03 13:30 - 2014-09-20 00:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-03 13:30 - 2014-09-20 00:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-03 13:30 - 2014-09-20 00:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-03 13:30 - 2014-09-20 00:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-03 13:30 - 2014-09-20 00:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-03 13:30 - 2014-09-20 00:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-03 13:30 - 2014-09-20 00:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-03 13:30 - 2014-09-20 00:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-03 13:30 - 2014-09-20 00:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-03 13:30 - 2014-09-20 00:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-03 13:30 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-03 13:30 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-03 13:30 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-03 13:30 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-03 13:30 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-03 13:30 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-03 13:30 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-03 13:30 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-03 13:30 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-03 13:30 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-03 13:30 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-03 13:30 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-03 13:30 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-03 13:30 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-03 13:30 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-03 13:30 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-03 13:30 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-03 13:30 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-03 13:30 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-03 13:30 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-03 13:30 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-03 13:30 - 2014-08-30 03:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-03 13:30 - 2014-08-30 02:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-03 13:30 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-03 13:29 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-03 13:29 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-03 13:29 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-03 13:29 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-03 13:29 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-03 13:29 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-03 13:29 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-03 13:29 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-03 13:29 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-03 13:29 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-03 13:29 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-03 13:29 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-03 13:29 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-03 13:29 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-03 13:29 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-03 13:29 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-03 13:29 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-03 13:29 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-03 13:29 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-03 13:29 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-03 13:29 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-03 13:29 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-03 13:29 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-03 13:29 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-03 13:29 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-03 13:29 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-03 13:29 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-03 13:29 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-03 13:29 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-03 13:29 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-03 13:29 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-03 13:29 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-03 13:29 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-03 13:29 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-03 13:29 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-03 13:29 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-03 13:29 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-03 13:29 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-03 13:29 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-03 13:29 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-03 13:29 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-03 13:29 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-03 13:21 - 2014-11-03 13:21 - 00160504 _____ () C:\Users\Eric\Documents\cc_20141103_132106.reg
2014-11-03 11:50 - 2014-10-28 06:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 11:41 - 2014-11-03 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-03 11:41 - 2014-11-03 11:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-03 11:41 - 2014-11-03 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-03 11:40 - 2014-11-03 11:41 - 04976456 _____ (Piriform Ltd) C:\Users\Eric\Downloads\ccsetup419.exe
2014-11-03 11:34 - 2014-11-03 13:18 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-11-03 11:34 - 2014-11-03 11:34 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-11-03 11:04 - 2014-11-03 11:04 - 00024576 _____ () C:\Users\Eric\AppData\Local\uninst.tmp
2014-10-30 05:13 - 2014-10-30 05:13 - 00000000 ____D () C:\Users\Eric\Documents\PDF
2014-10-27 19:28 - 2014-11-06 14:19 - 00000000 ____D () C:\Program Files (x86)\VideoCnv
2014-10-24 07:35 - 2014-10-24 08:22 - 144008556 _____ () C:\Users\Eric\Downloads\ipKC6qSRhGFWfdaTS9UMtu1wHNyUCdY0.zip
2014-10-17 20:52 - 2014-10-17 20:52 - 04221480 _____ () C:\Users\Eric\Downloads\WidevineMediaOptimizerChrome.exe
2014-10-17 20:52 - 2014-10-17 20:52 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\IDM
2014-10-17 20:52 - 2014-10-17 20:52 - 00000000 ____D () C:\ProgramData\IDM
2014-10-13 13:33 - 2014-10-13 13:39 - 38648956 _____ () C:\Users\Eric\Downloads\Itsu 2014.rar
2014-10-13 11:55 - 2014-10-13 12:02 - 91931728 _____ (The GIMP Team ) C:\Users\Eric\Downloads\gimp-2.8.14-setup-1.exe
2014-10-12 13:16 - 2014-10-12 13:16 - 00016065 _____ () C:\Users\Eric\Downloads\(Psybient,_Downtempo,_Ambient,_Progressive_Trance)_GMO_vs._Dense_-_Equation_-_2014,_MP3,_320_kbps_[EDM_RG].torrent
2014-10-12 12:28 - 2014-10-12 12:37 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
2014-10-12 12:28 - 2014-10-12 12:37 - 00000000 ____D () C:\Program Files (x86)\FabFilter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 10:49 - 2013-02-24 21:33 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 10:45 - 2011-02-19 04:49 - 00675168 _____ () C:\Windows\system32\perfh01D.dat
2014-11-07 10:45 - 2011-02-19 04:49 - 00146018 _____ () C:\Windows\system32\perfc01D.dat
2014-11-07 10:45 - 2009-07-14 06:13 - 01610526 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 10:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:37 - 2011-09-11 00:09 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-07 10:37 - 2011-03-31 23:45 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 10:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 10:36 - 2011-09-10 23:50 - 01757664 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 10:30 - 2014-09-03 20:04 - 00067584 ___SH () C:\Users\Eric\Desktop\Thumbs.db
2014-11-07 10:26 - 2011-03-31 23:45 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 17:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-06 14:30 - 2012-02-02 23:24 - 00000000 ____D () C:\Users\Eric\AppData\Local\CrashDumps
2014-11-06 01:37 - 2011-09-11 00:06 - 00001517 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-06 01:34 - 2012-02-01 01:10 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
2014-11-06 01:29 - 2014-08-06 12:01 - 00000000 ____D () C:\Program Files (x86)\FairStars CD Ripper
2014-11-06 01:06 - 2011-09-11 00:08 - 00000078 ___RH () C:\Windows\ctfile.rfc
2014-11-06 01:06 - 2011-09-11 00:08 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-11-06 01:03 - 2012-03-01 12:44 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\SoftGrid Client
2014-11-06 00:57 - 2011-03-31 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-05 14:07 - 2012-03-17 21:24 - 00002101 _____ () C:\ProgramData\hpzinstall.log
2014-11-05 14:01 - 2011-03-31 23:56 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-05 14:00 - 2011-09-11 00:08 - 00000000 ____D () C:\ProgramData\ASUS
2014-11-05 13:46 - 2011-09-11 00:06 - 00002490 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-11-05 13:25 - 2012-05-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-05 13:21 - 2012-05-14 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-05 13:21 - 2011-09-10 23:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-05 13:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-05 01:50 - 2009-07-14 06:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 01:47 - 2012-01-31 21:46 - 00000000 ____D () C:\Users\Eric\Documents\Bluetooth Folder
2014-11-03 13:53 - 2009-07-14 05:45 - 00343232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-03 13:49 - 2012-07-22 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-03 13:40 - 2012-03-01 12:43 - 01586280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-03 13:40 - 2011-09-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-11-03 13:37 - 2014-06-17 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-03 12:44 - 2012-03-05 20:01 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
2014-11-03 12:44 - 2012-02-17 16:49 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Skype
2014-11-03 12:43 - 2012-05-14 11:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-03 12:43 - 2009-07-29 07:03 - 00000000 ____D () C:\Windows\Panther
2014-11-03 11:58 - 2012-02-02 22:27 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Spotify
2014-11-03 11:57 - 2012-02-02 22:27 - 00000000 ____D () C:\Users\Eric\AppData\Local\Spotify
2014-11-03 11:33 - 2011-04-01 00:00 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-03 11:32 - 2011-09-10 23:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-03 11:02 - 2012-07-07 05:47 - 00000000 ____D () C:\Users\Eric\AppData\Local\SKIDROW
2014-10-30 05:53 - 2012-05-14 12:58 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-30 05:53 - 2012-05-14 12:58 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-19 19:21 - 2011-03-31 23:45 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 19:21 - 2011-03-31 23:45 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-12 12:28 - 2012-02-10 20:50 - 00000000 ____D () C:\Program Files\Common Files\VST3
2014-10-11 21:44 - 2014-07-05 23:20 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-10-10 08:53 - 2014-09-12 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-10-10 08:53 - 2014-09-12 09:34 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-10-10 08:53 - 2014-07-05 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time

Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Eric\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 16:25

==================== End Of Log ============================
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 5:51 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Eric at 2014-11-07 10:49:43
Running from C:\Users\Eric\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Ableton Live 9 Suite (HKLM\...\{2E533C18-7395-4EAB-B5F5-1891FC591D79}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.24 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dealplug (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - dealplug) <==== ATTENTION
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Electric Sheep 2.7b34c (HKLM-x32\...\Electric Sheep) (Version: 2.7b34c - Electricsheep)
Elysia Compressor Bundle v1.0 (HKLM-x32\...\Elysia Compressor Bundle_is1) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{50E9E32F-063A-412A-9627-553D5DA57C17}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FairStars CD Ripper 1.80 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
GameFast.exe (HKLM\...\GameFast_is1) (Version: 1.0.0.1 - ASUSTEK Computer Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
INSPECTORXL (HKLM-x32\...\{18BD1EEB-4BA6-4565-8C90-47979813F59A}) (Version: 1.0.0 - Roger Nichols Digital, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version: - Oberon Media Inc.)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LinPlug CronoX v2.1 (HKLM-x32\...\LinPlug CronoX v2.1) (Version: - )
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version: - )
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
M-Audio FastTrackPro Driver 6.0.7 (x64) (HKLM\...\{73089240-023C-11E0-9AE3-2BA1DFD72085}) (Version: 6.0.7 - M-Audio)
Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Office Hem och Småföretag 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klicka-och-kör 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mixlr version 2.3.5 (HKLM-x32\...\{F021F776-6BD4-4301-985D-0C1D27EEC8ED}_is1) (Version: 2.3.5 - Mixlr, Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA 3D Vision drivrutin 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version: - Lexicon)
PCM Native Reverb VST Plug-in (x32 Version: 1.0.0 - Lexicon) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PSP VintageWarmer2 2.5.1 32bit (HKLM-x32\...\PSP VintageWarmer2 2.5.1 32bit) (Version: 2.5.1 32bit - PSPaudioware.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Sonnox Oxford R3 EQ Native VST v1.6.1 (HKLM-x32\...\Sonnox Oxford R3 EQ Native VST_is1) (Version: - Team AiR 2007)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Stillwell Audio Plugins Bundle VST v1.52 (HKLM-x32\...\Stillwell Audio Plugins Bundle VST v1.52) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
VideoCnv (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}) (Version: - Software Publisher)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-11-2014 00:44:25 Removed ATK Package
05-11-2014 00:49:04 Installed ATK Package
05-11-2014 12:21:19 DirectX har installerats
05-11-2014 12:43:05 Removed Microsoft Silverlight
05-11-2014 12:59:51 Removed ATK Package
05-11-2014 13:01:16 Installed ATK Package
05-11-2014 23:47:58 Removed ASUS Live Update
06-11-2014 00:05:52 Removed THX TruStudio
06-11-2014 00:34:49 Removed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E596A5B-9DC6-4FC9-A635-54E131AAA2A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {2093B4E1-A872-44A2-8F85-A51A2842EC7E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {24319B42-EA70-4AC1-8DE9-A8DDCFC89BB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {2D8A6059-8F3A-418A-94F5-06E97B67BF33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {2EF4FAA7-5014-4130-AD8F-7DA67304EFB0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {515A0E83-C2F8-40FB-BFD2-6D0247B6194D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {52B10300-082F-447D-AC77-27AF95EDECF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {630486EA-3A08-4B27-BC4F-F9AA52116018} - System32\Tasks\{B89D1D91-BE82-4FBD-997F-CD63E569649E} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/sv/a ... rogressBar
Task: {967ACC1A-679C-4C0F-87DA-15BE84410A20} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {DA029777-9499-41E7-9513-FCE5965FC2D0} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-05 13:15 - 2014-10-30 03:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-11 00:08 - 2010-07-27 18:40 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2012-02-10 20:40 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-11-06 01:15 - 2014-11-05 14:05 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-11-06 01:15 - 2014-11-05 14:05 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-11-06 01:15 - 2014-11-05 14:05 - 01105408 _____ () C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll
2014-11-06 01:15 - 2014-10-27 04:02 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-11-06 01:15 - 2014-10-27 04:02 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:029E021F
AlternateDataStreams: C:\ProgramData\Temp:81F83028
AlternateDataStreams: C:\Users\Eric\Cookies:Po6hSoHYdX4gTMGewUq8s2OC4
AlternateDataStreams: C:\Users\Eric\AppData\Local\3MjRIpRSLr:zpkv6l2d27qWpm4GmfMoI
AlternateDataStreams: C:\Users\Eric\AppData\Local\Temp:cI19hL3CQz8eSpR0HsxKX

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administratör (S-1-5-21-2939920571-4265480720-1112395140-500 - Administrator - Disabled)
Eric (S-1-5-21-2939920571-4265480720-1112395140-1001 - Administrator - Enabled) => C:\Users\Eric
Gäst (S-1-5-21-2939920571-4265480720-1112395140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2939920571-4265480720-1112395140-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ASUS USB2.0 Webcam
Description: USB-videoenhet
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/06/2014 05:32:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för 38.0.2125.104,language="&#x2a;",type="win32",version="38.0.2125.104"1.
Den beroende sammansättningen 38.0.2125.104,language="&#x2a;",type="win32",version="38.0.2125.104" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (11/06/2014 02:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: Mixlr.exe, version 1.0.0.0, tidsstämpel 0x53bc10c6
, felet uppstod i modulen med namn: libEGL.dll, version 0.0.0.0, tidsstämpel 0x531f373c
Undantagskod: 0xc0000005
Felförskjutning: 0x00005348
Process-ID: 0x518
Programmets starttid: 0xMixlr.exe0
Sökväg till program: Mixlr.exe1
Sökväg till modul: Mixlr.exe2
Rapport-ID: Mixlr.exe3

Error: (11/06/2014 02:23:33 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Det gick inte att bearbeta listan över inkluderade och uteslutna platser med Windows Search-tjänsten. Fel: <30, 0x80040d07, "iehistory://{S-1-5-21-2939920571-4265480720-1112395140-1001}/">

Error: (11/06/2014 02:17:09 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]


System errors:
=============
Error: (11/07/2014 10:41:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys har hindrats från att läsas in eftersom den är inkompatibel med den här datorn. Kontakta enhetens tillverkare och fråga om en kompatibel version av drivrutinen.

Error: (11/07/2014 10:38:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten VideoCnv skulle ansluta.

Error: (11/07/2014 10:23:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten VideoCnv skulle ansluta.

Error: (11/06/2014 10:14:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten iSafeService.

Error: (11/06/2014 10:13:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten iSafeService.

Error: (11/06/2014 05:33:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten iSafeService.

Error: (11/06/2014 05:32:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten iSafeService.

Error: (11/06/2014 03:17:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten iSafeService.

Error: (11/06/2014 02:17:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Intel(R) Turbo Boost Technology Monitor avbröts med följande fel:
%%-2147467259

Error: (11/06/2014 02:25:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Tjänsten Windows Update stängdes inte på rätt sätt efter att ha mottagit en systemstängningsvarning.


Microsoft Office Sessions:
=========================
Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/07/2014 10:38:09 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/07/2014 10:23:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/06/2014 05:32:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 38.0.2125.104,language="&#x2a;",type="win32",version="38.0.2125.104"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (11/06/2014 02:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mixlr.exe1.0.0.053bc10c6libEGL.dll0.0.0.0531f373cc00000050000534851801cff9c5d8c3ede7C:\Program Files (x86)\Mixlr\Mixlr.exeC:\Program Files (x86)\Mixlr\libEGL.dll1d398408-65b9-11e4-b9d7-742f68b7fc8c

Error: (11/06/2014 02:23:33 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-2939920571-4265480720-1112395140-1001}/

Error: (11/06/2014 02:17:09 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8169.14 MB
Available physical RAM: 5674.99 MB
Total Pagefile: 16336.45 MB
Available Pagefile: 14158.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:293.03 GB) (Free:188.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:380.6 GB) (Free:114.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.6 GB) - (Type=OF Extended)

==================== End Of Log ============================
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby Cypher » November 7th, 2014, 7:03 am

Hi,
Ok there is a few things to do here so lets get started.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Adobe Reader XI (11.0.09)
YAC(Yet Another Cleaner!)


Next.

RogueKiller
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • When the Status box shows Scan Finished click Delete.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {21012455-562f-11e1-97b5-742f68b7fc8c} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {8023e4bf-c363-11e1-a4f7-742f68b7fc8c} - G:\Startme.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    2014-11-06 01:34 - 2012-02-01 01:10 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
    C:\Users\Eric\AppData\Roaming\uTorrent
    C:\Users\Eric\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Eric\AppData\Local\Temp\Quarantine.exe
    C:\ProgramData\Temp:029E021F
    C:\ProgramData\Temp:81F83028
    C:\Users\Eric\Cookies:Po6hSoHYdX4gTMGewUq8s2OC4
    C:\Users\Eric\AppData\Local\3MjRIpRSLr:zpkv6l2d27qWpm4GmfMoI
    C:\Users\Eric\AppData\Local\Temp:cI19hL3CQz8eSpR0HsxKX
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of date" Click the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Logs/Information to Post in your Next Reply

  • RKreport.
  • FRST Fixlog.txt.
  • Malwarebytes log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 7:23 am

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eric [Administrator]
Mode : Delete -- Date : 11/07/2014 12:11:54

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] d8ce373df27a2e3595a684f785a4d31c
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 300062 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 666957824 | Size: 389740 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11072014_104544.log - RKreport_SCN_11072014_121125.log
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 7:23 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Eric at 2014-11-07 12:19:03 Run:1
Running from C:\Users\Eric\Desktop
Loaded Profile: Eric (Available profiles: Eric)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {21012455-562f-11e1-97b5-742f68b7fc8c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\...\MountPoints2: {8023e4bf-c363-11e1-a4f7-742f68b7fc8c} - G:\Startme.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-11-06 01:34 - 2012-02-01 01:10 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
C:\Users\Eric\AppData\Roaming\uTorrent
C:\Users\Eric\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Eric\AppData\Local\Temp\Quarantine.exe
C:\ProgramData\Temp:029E021F
C:\ProgramData\Temp:81F83028
C:\Users\Eric\Cookies:Po6hSoHYdX4gTMGewUq8s2OC4
C:\Users\Eric\AppData\Local\3MjRIpRSLr:zpkv6l2d27qWpm4GmfMoI
C:\Users\Eric\AppData\Local\Temp:cI19hL3CQz8eSpR0HsxKX

EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21012455-562f-11e1-97b5-742f68b7fc8c}" => Key deleted successfully.
"HKCR\CLSID\{21012455-562f-11e1-97b5-742f68b7fc8c}" => Key not found.
"HKU\S-1-5-21-2939920571-4265480720-1112395140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8023e4bf-c363-11e1-a4f7-742f68b7fc8c}" => Key deleted successfully.
"HKCR\CLSID\{8023e4bf-c363-11e1-a4f7-742f68b7fc8c}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Eric\AppData\Roaming\uTorrent => Moved successfully.
"C:\Users\Eric\AppData\Roaming\uTorrent" => File/Directory not found.
C:\Users\Eric\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\Quarantine.exe => Moved successfully.
Could not move "C:\ProgramData\Temp:029E021F" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:81F83028" => Scheduled to move on reboot.
"C:\Users\Eric\Cookies:Po6hSoHYdX4gTMGewUq8s2OC4" => File/Directory not found.
Could not move "C:\Users\Eric\AppData\Local\3MjRIpRSLr:zpkv6l2d27qWpm4GmfMoI" => Scheduled to move on reboot.
Could not move "C:\Users\Eric\AppData\Local\Temp:cI19hL3CQz8eSpR0HsxKX" => Scheduled to move on reboot.

========= ipconfig /flushdns =========


IP-konfiguration f�r Windows

DNS-matcharens cacheminne har rensats.

========= End of CMD: =========

EmptyTemp: => Removed 698 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-07 12:21:05)<=

"C:\ProgramData\Temp:029E021F" => File could not move.
"C:\ProgramData\Temp:81F83028" => File could not move.
"C:\Users\Eric\AppData\Local\3MjRIpRSLr:zpkv6l2d27qWpm4GmfMoI" => File could not move.
"C:\Users\Eric\AppData\Local\Temp:cI19hL3CQz8eSpR0HsxKX" => File could not move.

==== End of Fixlog ====
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 7:38 am

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-11-07
Scan Time: 12:27:00
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354973
Time Elapsed: 10 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}, Quarantined, [26c8eb4daad2e2543c5a3d06946fd729],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 7:44 am

ESET nod32 hasn't warned me about anything today, even before the fix.txt file. It feels like its running a bit smoother and faster now than yesterday.
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby Cypher » November 7th, 2014, 8:28 am

Hi,
ESET nod32 hasn't warned me about anything today, even before the fix.txt file. It feels like its running a bit smoother and faster now than yesterday.

That's good to hear, but stay with me we still have some work to do.
I need you to run RogueKiller again, my apologies i gave you the wrong instructions last time.

  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • When the Status box shows Scan Finished, click the Registry tab and locate these detections:
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
  • Place a checkmark next to each of these items, leave the others unchecked.
  • Now press the Delete button.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 9:00 am

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eric [Administrator]
Mode : Delete -- Date : 11/07/2014 14:00:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2939920571-4265480720-1112395140-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] d8ce373df27a2e3595a684f785a4d31c
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 300062 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 666957824 | Size: 389740 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11072014_121154.log - RKreport_SCN_11072014_104544.log - RKreport_SCN_11072014_121125.log - RKreport_SCN_11072014_135025.log
RKreport_SCN_11072014_135726.log
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby promenix » November 7th, 2014, 9:02 am

I did as you instructed, but, under the registry tab I couldn't find any of the detections that you had on that list. So I didn't check anything and then pressed delete and then posted the report.
promenix
Active Member
 
Posts: 13
Joined: November 5th, 2014, 8:59 pm

Re: SProtector.D potentially unwanted application

Unread postby Cypher » November 7th, 2014, 9:13 am

I did as you instructed, but, under the registry tab I couldn't find any of the detections that you had on that list. So I didn't check anything and then pressed delete and then posted the report.

That's ok, it looks like those items have been removed.
ESET nod32 hasn't warned me about anything today,

I would like you to use your computer for a few hours, then report back and let me know if you get anymore warnings from ESET.
If not i will give you final instructions :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware