Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Adblock Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Adblock Malware

Unread postby soza1sheng » July 20th, 2015, 10:55 pm

My computer was installed Adblock and some click and pop out advertisement. I cant found uninstall button in my control panel and also the file location. I have run Malwarebyte, Adwcleaner and many types of Malware scanner but this virus still continue stay in my laptop. I'm out of idea what to do. Please help me :(

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Lee (administrator) on MSI on 21-07-2015 10:35:49
Running from C:\Users\Lee\Downloads\Programs
Loaded Profiles: Lee (Available Profiles: Lee)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() D:\Online Game\Garena\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-08-19] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-08-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-03] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-03] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-01-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-22] (MSI)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-28] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1079216 2012-07-13] (Shenzhen QVOD Technology Co.,Ltd)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-27] (SteelSeries ApS)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-17] (Tonec Inc.)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [Steam] => D:\Online Game\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-22]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\Lee\AppData\Local\Giraffe\Giraffe.dll [2015-04-05] (Funshion)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61906;https=127.0.0.1:61906
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2144783805-3887696613-600744108-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=58051076_oem_dg&ch=33
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend.dll [2012-04-21] (Shenzhen QVOD Technology Co.,Ltd)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-15] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DA06E88B-1DFE-43E0-906D-3AF7D182CABA}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ppdgijms.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-11] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-04-07] (Nexon)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2012-07-20] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Online Game\Garena\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.12.0.5\npxgax.dll No File
FF Plugin HKU\S-1-5-21-2144783805-3887696613-600744108-1001: gf2.gameflier.com/WebLauncher -> C:\GF2_WebLaunch\npWebLauncher.dll No File
FF HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5 [2015-05-02]
FF HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-29]
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-29]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-29]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-29]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-29]
CHR Extension: (Google Sheets) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-29]
CHR Extension: (IDM Integration Module) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-06-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14]
CHR Extension: (Google Wallet) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-12]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-28] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-08-19] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-08-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-03] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-22] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3419048 2014-09-03] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-18] (Qualcomm Atheros) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-11] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-28] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-04] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-28] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28640 2015-04-29] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466648 2014-08-19] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-28] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-08] ()
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 10:35 - 2015-07-21 10:35 - 00000000 ____D C:\FRST
2015-07-21 10:33 - 2015-07-21 10:33 - 00688992 _____ (Swearware) C:\Users\Lee\Downloads\dds.scr
2015-07-20 13:00 - 2015-07-20 13:00 - 00000710 _____ C:\Users\Lee\Downloads\Desktop - Shortcut.lnk
2015-07-19 23:23 - 2015-07-19 23:23 - 00000000 ____D C:\Users\Public\Fundata
2015-07-19 10:57 - 2015-07-21 01:30 - 00000000 ____D C:\Users\Lee\Desktop\ClashBot_7.4
2015-07-17 07:20 - 2015-07-14 07:27 - 2668893206 _____ C:\Users\Lee\Desktop\2015-07-14 - [Comedy Movie - US]【Spy 女间谍】.mp4
2015-07-17 07:20 - 2015-07-13 05:37 - 2307238387 _____ C:\Users\Lee\Desktop\2015-07-14 - [Comedy Movie - US]【Ted 2 泰迪熊 2】.mp4
2015-07-17 02:08 - 2015-07-17 02:08 - 00001059 _____ C:\Users\Public\Desktop\快播.lnk
2015-07-17 02:08 - 2015-07-17 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
2015-07-17 02:07 - 2015-07-17 02:08 - 00000000 ____D C:\Program Files (x86)\QvodPlayer
2015-07-17 01:47 - 2015-07-17 01:52 - 00000000 ____D C:\Users\Lee\Desktop\NBA 2K14
2015-07-17 01:46 - 2015-07-17 01:46 - 00000000 ____D C:\ProgramData\Steam
2015-07-17 00:17 - 2015-07-21 00:38 - 00003426 _____ C:\Windows\setupact.log
2015-07-17 00:17 - 2015-07-17 00:17 - 00000000 _____ C:\Windows\setuperr.log
2015-07-17 00:16 - 2015-07-17 00:17 - 00492656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 14:53 - 2015-07-21 10:36 - 00818877 _____ C:\Windows\WindowsUpdate.log
2015-07-16 05:01 - 2015-06-30 06:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 05:01 - 2015-06-29 23:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 05:01 - 2015-06-27 07:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 05:01 - 2015-06-27 07:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 05:01 - 2015-05-12 21:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-16 05:01 - 2015-05-12 02:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-16 05:01 - 2015-05-12 00:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-16 05:01 - 2015-05-08 01:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-16 05:01 - 2015-05-08 01:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-16 05:01 - 2015-05-08 00:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-16 05:01 - 2015-05-08 00:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-16 05:01 - 2015-05-07 23:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-16 05:01 - 2015-05-07 23:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-16 05:01 - 2015-05-03 23:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 05:01 - 2015-05-03 23:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-16 05:01 - 2015-05-03 22:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 05:01 - 2015-05-03 22:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 05:01 - 2015-05-03 22:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-16 05:01 - 2015-05-03 22:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-16 05:01 - 2015-05-03 08:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-16 05:01 - 2015-05-02 07:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-16 05:01 - 2015-04-30 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-16 05:01 - 2015-04-28 21:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-16 05:01 - 2015-04-28 21:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-16 05:01 - 2015-04-25 10:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-16 05:01 - 2015-04-23 23:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-16 05:01 - 2015-04-23 23:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-16 05:01 - 2014-11-05 03:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-16 05:01 - 2014-11-05 03:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-16 05:01 - 2014-11-04 14:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 10:36 - 2015-07-10 03:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 10:36 - 2015-07-10 02:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 10:36 - 2015-07-10 00:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 10:36 - 2015-07-09 23:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 10:36 - 2015-07-09 23:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 10:36 - 2015-07-09 23:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 10:36 - 2015-07-09 23:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 10:36 - 2015-07-09 23:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 10:36 - 2015-07-09 23:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 10:36 - 2015-07-09 23:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 10:36 - 2015-07-09 23:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 10:36 - 2015-07-09 23:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 10:36 - 2015-07-09 23:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 10:36 - 2015-06-27 11:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 10:36 - 2015-06-27 11:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 10:36 - 2015-06-27 10:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 10:35 - 2015-07-03 21:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 10:35 - 2015-07-03 21:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 10:35 - 2015-07-03 21:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 10:35 - 2015-07-03 21:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 10:35 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 10:35 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 10:35 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:35 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:35 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 10:35 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 10:35 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:35 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 10:35 - 2015-07-02 06:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 10:35 - 2015-07-02 05:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 10:35 - 2015-06-28 13:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 10:35 - 2015-06-28 13:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:35 - 2015-06-28 13:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 10:35 - 2015-06-28 13:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 10:35 - 2015-06-28 00:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 10:35 - 2015-06-27 11:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:35 - 2015-06-27 11:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:35 - 2015-06-27 11:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:35 - 2015-06-27 10:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 10:35 - 2015-06-27 10:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 10:35 - 2015-06-27 10:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 10:35 - 2015-06-27 09:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 10:35 - 2015-06-27 09:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 10:35 - 2015-06-25 10:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 10:35 - 2015-06-16 13:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 10:35 - 2015-06-16 13:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 10:35 - 2015-06-16 06:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 10:35 - 2015-06-16 06:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 10:35 - 2015-06-16 06:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 10:35 - 2015-06-16 06:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 10:35 - 2015-06-16 06:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 10:35 - 2015-06-16 06:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 10:35 - 2015-06-16 06:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 10:35 - 2015-06-16 05:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 10:35 - 2015-06-16 05:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 10:35 - 2015-06-16 05:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 10:35 - 2015-06-16 05:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 10:35 - 2015-06-16 05:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 10:35 - 2015-06-16 05:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 10:35 - 2015-06-16 05:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 10:35 - 2015-06-16 05:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 10:35 - 2015-06-16 05:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 10:35 - 2015-06-16 05:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 10:35 - 2015-06-16 05:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 10:35 - 2015-06-16 05:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 10:35 - 2015-06-16 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:35 - 2015-06-16 05:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 10:35 - 2015-06-16 05:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 10:35 - 2015-06-16 05:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 10:35 - 2015-06-16 04:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 10:35 - 2015-06-16 04:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 10:35 - 2015-06-16 04:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 10:35 - 2015-06-16 04:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 10:35 - 2015-06-16 04:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 10:35 - 2015-06-16 04:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 10:35 - 2015-06-16 04:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 10:35 - 2015-06-16 04:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 10:35 - 2015-06-16 04:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 10:35 - 2015-06-16 04:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 10:35 - 2015-06-16 04:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 10:35 - 2015-06-16 04:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 10:35 - 2015-06-16 04:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 10:35 - 2015-06-16 04:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 10:35 - 2015-06-16 04:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 10:35 - 2015-06-16 03:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 10:35 - 2015-06-11 11:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 10:35 - 2015-06-11 00:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 10:35 - 2015-05-31 05:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 10:35 - 2015-05-31 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 10:35 - 2015-05-31 03:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 10:35 - 2015-05-08 00:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 00:46 - 2015-07-15 00:46 - 00000731 _____ C:\Users\Lee\Desktop\NBA2K15 - Shortcut.lnk
2015-07-13 16:36 - 2015-07-19 10:45 - 00000024 _____ C:\Users\Lee\AppData\Roaming\appdataFr25.bin
2015-07-12 21:54 - 2015-07-12 21:54 - 00000665 _____ C:\INSTALL.LOG
2015-07-12 21:29 - 2015-07-21 00:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 21:29 - 2015-07-12 21:29 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 21:29 - 2015-07-12 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 21:29 - 2015-07-12 21:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 21:29 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 21:29 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 21:29 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 21:28 - 2015-07-12 21:28 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 21:23 - 2015-07-12 21:23 - 02248704 _____ C:\Users\Lee\Downloads\adwcleaner_4.208.exe
2015-07-12 21:22 - 2015-07-12 21:22 - 00001990 _____ C:\Users\Lee\Desktop\Rkill.txt
2015-07-12 16:24 - 2015-07-12 18:13 - 00115679 _____ C:\spyhunter.fix
2015-07-12 16:24 - 2013-10-18 16:01 - 00285747 _____ C:\shldr
2015-07-12 16:24 - 2013-10-18 16:01 - 00008192 _____ C:\shldr.mbr
2015-07-12 15:08 - 2015-07-12 15:08 - 00003184 _____ C:\Windows\System32\Tasks\{ACD1E10F-76FC-4197-B5C1-1E07B9AFE5E8}
2015-07-12 14:36 - 2015-07-21 10:25 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 14:36 - 2015-07-21 01:46 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 14:36 - 2015-07-16 02:41 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-12 14:36 - 2015-07-16 02:41 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-12 14:25 - 2015-07-12 21:54 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-07-12 14:23 - 2015-07-12 14:23 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-07-12 14:13 - 2014-12-06 14:51 - 00000688 _____ C:\Users\Lee\Downloads\Instructions.txt
2015-07-12 13:44 - 2015-07-21 01:44 - 00000422 _____ C:\Windows\Tasks\EasyBank.job
2015-07-12 13:44 - 2015-07-12 13:44 - 00003304 _____ C:\Windows\System32\Tasks\EasyBank
2015-07-12 05:11 - 2015-07-12 05:11 - 00002146 _____ C:\Users\Lee\Desktop\Clash of Clans.lnk
2015-07-12 01:07 - 2015-07-12 01:07 - 00002358 _____ C:\Windows\system32\.crusader
2015-07-12 00:56 - 2015-07-12 01:07 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-11 11:42 - 2015-07-11 11:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-11 11:13 - 2015-07-11 11:13 - 00000000 _____ C:\autoexec.bat
2015-07-08 01:26 - 2015-07-08 01:26 - 00578899 _____ C:\Users\Lee\Downloads\Lab 2.zip
2015-07-07 17:37 - 2015-07-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-07 17:32 - 2015-07-07 17:32 - 00000000 ____D C:\Users\Lee\AppData\Local\My Games
2015-07-07 17:12 - 2015-07-07 17:12 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-07 17:08 - 2015-07-07 17:40 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-07-07 08:33 - 2015-07-12 14:28 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-07 08:26 - 2015-07-12 16:24 - 00000000 ____D C:\ProgramData\MFAData
2015-07-07 08:26 - 2015-07-07 08:26 - 00000000 ____D C:\Users\Lee\AppData\Local\MFAData
2015-06-29 03:36 - 2015-06-29 03:36 - 00000000 _____ C:\Users\Lee\AppData\Local\Temp.dat
2015-06-27 10:54 - 2015-07-07 08:06 - 00000086 _____ C:\Users\Lee\Desktop\Churp acc.txt
2015-06-24 12:15 - 2015-06-24 12:15 - 00329955 _____ C:\Users\Lee\Downloads\web-page-design.pptx
2015-06-24 02:08 - 2015-06-24 02:08 - 00050468 _____ C:\Users\Lee\Downloads\alex.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 10:28 - 2015-03-16 01:28 - 00000000 ____D C:\ProgramData\QvodPlayer
2015-07-21 10:28 - 2015-03-15 16:46 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AABF9019-24A9-4F39-B0AB-A3B1E8DB659F}
2015-07-21 10:25 - 2015-03-15 03:13 - 00003470 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Lee
2015-07-21 10:25 - 2015-03-14 13:34 - 00000000 ___RD C:\Users\Lee\OneDrive
2015-07-21 01:57 - 2015-03-14 13:27 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
2015-07-21 00:58 - 2014-03-18 18:03 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 00:38 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 00:37 - 2015-06-03 09:54 - 00000000 ____D C:\AdwCleaner
2015-07-21 00:37 - 2013-08-22 21:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-20 20:00 - 2015-03-17 13:48 - 00000000 ____D C:\Users\Lee\Desktop\Camera1
2015-07-20 19:56 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\AppData\Roaming\DMCache
2015-07-20 19:30 - 2015-03-16 20:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-20 19:14 - 2015-03-14 13:33 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2144783805-3887696613-600744108-1001
2015-07-20 19:04 - 2015-05-29 17:31 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-07-20 17:32 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-19 23:23 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-19 10:57 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\Downloads\Compressed
2015-07-17 23:44 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-17 07:21 - 2015-03-22 14:11 - 01195520 ___SH C:\Users\Lee\Desktop\Thumbs.db
2015-07-17 02:24 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\Downloads\Video
2015-07-17 02:11 - 2015-03-14 22:24 - 00000000 ____D C:\Users\Lee\AppData\Roaming\2K Sports
2015-07-17 00:16 - 2015-04-05 01:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 00:16 - 2015-04-05 01:52 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-17 00:16 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 00:16 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
2015-07-16 22:46 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-07-16 14:09 - 2015-03-16 22:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 14:09 - 2015-03-16 22:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 12:28 - 2015-03-15 03:14 - 00000000 ____D C:\Users\Lee\AppData\Roaming\GarenaPlus
2015-07-16 12:28 - 2015-03-15 03:13 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-16 02:50 - 2015-03-16 01:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\NVIDIA
2015-07-14 05:10 - 2013-08-22 23:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 05:10 - 2013-08-22 23:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 16:34 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\addins
2015-07-12 19:47 - 2015-03-14 13:26 - 00000000 ____D C:\Users\Lee
2015-07-12 16:25 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 14:30 - 2015-03-16 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ì²¥Èí¼þ
2015-07-12 14:30 - 2015-03-14 18:27 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
2015-07-12 14:27 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-12 13:45 - 2015-05-29 17:34 - 00000000 ____D C:\ProgramData\12386142813810340278
2015-07-12 05:10 - 2015-05-29 17:31 - 00000000 ____D C:\Users\Lee\AppData\Roaming\NCH Software
2015-07-12 05:10 - 2015-05-20 09:22 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TunnelBear
2015-07-12 05:10 - 2014-08-22 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-11 11:51 - 2015-05-27 13:41 - 00000000 ____D C:\Users\Public\Documents\temp
2015-07-11 11:51 - 2015-04-05 23:12 - 00000000 ____D C:\Users\Lee\AppData\Roaming\FunUninstall
2015-07-11 11:51 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Branding
2015-07-11 11:05 - 2015-06-06 13:41 - 00000000 ____D C:\ProgramData\TechSmith
2015-07-08 21:21 - 2015-05-14 14:27 - 00051712 ___SH C:\Users\Lee\Downloads\Thumbs.db
2015-07-07 17:40 - 2015-06-12 00:21 - 00000000 ____D C:\Program Files\OBS
2015-07-07 17:40 - 2015-06-12 00:21 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-07 17:40 - 2015-06-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-07 08:37 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-05 18:08 - 2015-03-15 21:25 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:41 - 2015-05-18 16:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2015-03-16 20:16 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-29 16:37 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-29 03:35 - 2015-04-30 12:40 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-29 03:35 - 2015-04-30 12:40 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-29 03:35 - 2015-03-14 13:27 - 00001452 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-27 10:57 - 2014-04-30 00:34 - 00000000 ____D C:\Windows\Panther
2015-06-24 09:59 - 2015-03-15 16:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-21 02:36 - 2015-06-04 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2015-06-21 02:36 - 2015-05-21 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
2015-06-21 02:36 - 2015-05-06 22:53 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RYL2 Blackout Full Client V7.0
2015-06-21 02:36 - 2015-04-29 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2015-06-21 02:36 - 2015-04-08 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GF
2015-06-21 02:36 - 2015-04-04 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\《完美世界》
2015-06-21 02:36 - 2015-04-04 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evil Warrior
2015-06-21 02:36 - 2015-04-02 14:55 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RYLOracle

==================== Files in the root of some directories =======

2015-07-13 16:36 - 2015-07-19 10:45 - 0000024 _____ () C:\Users\Lee\AppData\Roaming\appdataFr25.bin
2015-06-07 14:21 - 2015-06-08 01:34 - 0000022 _____ () C:\Users\Lee\AppData\Roaming\rep153697.txt
2015-04-02 04:24 - 2015-04-02 04:24 - 0045270 _____ () C:\Users\Lee\AppData\Roaming\room_v3.dat
2015-06-29 03:36 - 2015-06-29 03:36 - 0000000 _____ () C:\Users\Lee\AppData\Local\Temp.dat
2015-06-10 21:56 - 2015-06-10 21:56 - 0004887 _____ () C:\ProgramData\nolecicr.ofg

Some files in TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\patch_3070302.exe
C:\Users\Lee\AppData\Local\Temp\patch_3070303.exe
C:\Users\Lee\AppData\Local\Temp\patch_3070401.exe
C:\Users\Lee\AppData\Local\Temp\Quarantine.exe
C:\Users\Lee\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 00:50

==================== End of log ============================
soza1sheng
Active Member
 
Posts: 2
Joined: July 20th, 2015, 10:51 pm
Top
Advertisement
Register to Remove

Re: Adblock Malware

Unread postby Firefly » July 22nd, 2015, 11:19 am

Hi soza1sheng. My name is Firefly and I will help you with your computer. I ask you to follow a few ground rules while we are taking care of your computer:

I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


File Backup

For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every document… gone. Seriously. Do this now.

Here are links to using the backup programs in the various versions of Windows:


If you have internet connectivity, an alternative to backing your files up locally is to back your files up to the cloud, and there are a number of free and paid for services of this type available.

Below are links to a couple of articles with details for both free and paid for backup services ...

http://www.techsupportalert.com/content ... -sites.htm
http://www.pcmag.com/article2/0,2817,22 ... 745,00.asp

A word of warning - if you have a lot of data to backup, an online service can take days, weeks, or months. In this case, please consider using a local backup method (external hard drive, USB, etc.)

One way or another, it is critical that you backup your data before proceeding.


Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering


System Backup
First, before we do anything, we want to make sure we have made a backup of your computer's key information so that we can be sure to not make anything worse. Since you are running Windows 7, we will both make a restore point and do a system backup.

To create a restore point: (Win 8 )
1. Press the WinKey+X to display the system menu and click System.
2. On the left side menu, click System Protection.
3. In the Protection Settings section, click the C: (system) drive.
4. Click the Create button.
5. Type a name for the System Restore file (The Date and Time will be added automatically). Please call it “before malware fix”

Please also do the following:
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop. Do not click on the big green button at the top - this is an advertisement. Click on one of the yellow links under the word "installer" further down on the page
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Once these are done, we can move forward with repairing the issues you are having. PLEASE LET ME KNOW IF YOU HAVE ANY PROBLEMS RUNNING THESE ITEMS.


Next Steps

I will review your logs and get back to you. In the meantime, please handle the instructions above. Also, when you ran FRST64, it should have produced another log called “addition.txt”. Please post the contents of that log. If it did not, let me know and I will provide instructions on how to proceed.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm
Top

Re: Adblock Malware

Unread postby soza1sheng » July 24th, 2015, 2:19 am

This is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Lee at 2015-07-21 10:36:27
Running from C:\Users\Lee\Downloads\Programs
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2144783805-3887696613-600744108-500 - Administrator - Disabled)
Guest (S-1-5-21-2144783805-3887696613-600744108-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2144783805-3887696613-600744108-1003 - Limited - Enabled)
Lee (S-1-5-21-2144783805-3887696613-600744108-1001 - Administrator - Enabled) => C:\Users\Lee

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

¿áÎÒÒôÀÖ 2015 (HKLM-x32\...\KwMusic7) (Version: 8.0.1.0 - ¿áÎҿƼ¼)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.27.5408 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{C1F53C9F-C560-4292-9237-12786FE6BF62}) (Version: 0.9.27.5408 - BlueStack Systems, Inc.)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1402.2601 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.) Hidden
ETDWare PS/2-X64 11.13.7.5_WHQL (HKLM\...\Elantech) (Version: 11.13.7.5 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7312 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RYL2 Blackout Full Client V7.0 (HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\RYL2 Blackout Full Client V7.0) (Version: - )
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.05 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XSplit Gamecaster (HKLM-x32\...\{13DCC429-29D0-48CF-8C68-A7196980A298}) (Version: 1.6.1404.2104 - SplitmediaLabs)
フォト ギャラリー (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
快播 5.3 (HKLM-x32\...\QvodPlayer) (Version: 5.3 - 资源影院)
照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2144783805-3887696613-600744108-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2144783805-3887696613-600744108-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

12-07-2015 14:15:06 Installed SpyHunter
16-07-2015 14:09:27 Windows Update
20-07-2015 19:28:45 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E29290-72DF-4E70-8F06-361170D51824} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {16E1FFD2-B463-4C23-98C2-CE115679BCB0} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {1B4D4AE4-BE6E-48B6-A03B-D490AF1322F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {1D854165-FEE9-47AF-910B-4FE95DA46C07} - System32\Tasks\{ACD1E10F-76FC-4197-B5C1-1E07B9AFE5E8} => pcalua.exe -a "C:\Program Files (x86)\Megasoft Security\uninstall.exe" -d "C:\Program Files (x86)\Megasoft Security"
Task: {2FA08A37-FEDB-4AC7-8981-7ECEBC0E4DC2} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-03-19] (Google Inc.)
Task: {300C669B-6014-46EA-8EA2-53A42525F21E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {32C905B4-EABD-4151-94EE-D9192EF9F661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-12] (Google Inc.)
Task: {40EA9743-5753-4673-A07E-B77A040AD19E} - System32\Tasks\EasyBank => c:\programdata\{a2275143-e642-1f78-a227-75143e64450f}\spyhunter 4 crack patch plus keygen is here [latest].exe <==== ATTENTION
Task: {4A28E113-4021-4925-874F-7FA3967CDB66} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2144783805-3887696613-600744108-1001
Task: {54589306-1420-4652-8979-76DD677A7DE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-12] (Google Inc.)
Task: {5ED74E5C-1C8B-4680-9816-CAA0A2A57CBD} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {65D66BD8-AB43-4C28-BCF1-8E2132009F21} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {6791E171-9D34-46BA-B08E-968255935C92} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2144783805-3887696613-600744108-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {6FC941F5-8749-4664-9DBC-96F5652A618B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {9AAA0AD4-C961-48EC-B352-3FAA4AB10C8F} - \KwRunAsStdUser Task26176 No Task File <==== ATTENTION
Task: {A5BC6730-1647-4EBA-B9B9-9E0DFCFC1BEE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {AF0BEE9B-D494-465B-870B-82B4B85ABBC1} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-10] ()
Task: {B049CA1D-030D-42A4-B7B1-6D279019CC25} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {CCD241B7-3B0F-44D1-80F6-A58F789A4560} - System32\Tasks\gg_uac_daemon_abc => D:\Online Game\Garena\Garena Plus\ggdllhost.exe [2015-03-09] ()
Task: {E3A6A414-2C47-4AD9-BE5D-8095211F3CCA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {F14F92F2-2305-4D59-A635-9B7CB98DFF99} - System32\Tasks\gg_uac_daemon_Lee => D:\Online Game\Garena\Garena Plus\ggdllhost.exe [2015-03-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EasyBank.job => c:\programdata\{a2275143-e642-1f78-a227-75143e64450f}\spyhunter 4 crack patch plus keygen is here [latest].exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-15 16:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-22 08:25 - 2015-04-09 05:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-09 11:35 - 2015-03-09 11:35 - 00057144 _____ () D:\Online Game\Garena\Garena Plus\ggdllhost.exe
2015-03-15 19:53 - 2015-03-15 19:53 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-22 08:40 - 2014-01-28 01:51 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-08-22 08:40 - 2014-01-28 01:49 - 00364032 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-27 02:39 - 2014-06-27 02:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 23:57 - 2014-05-16 23:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 23:57 - 2014-05-16 23:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-27 02:39 - 2014-06-27 02:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-01-23 01:44 - 2014-01-23 01:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2013-05-24 00:15 - 2013-05-24 00:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2014-04-18 02:02 - 2014-04-18 02:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-08-22 08:22 - 2013-12-10 06:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-16 12:28 - 2015-07-14 18:26 - 00788416 _____ () D:\Online Game\Garena\Garena Plus\ggspawn.dll
2015-04-04 02:27 - 2015-05-23 09:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-15 00:43 - 2015-07-14 05:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-15 00:43 - 2015-07-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-15 00:43 - 2015-07-14 05:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\msln.exe:abc8b7d7fbebf614ef3aeb293dcce019
AlternateDataStreams: C:\Users\Lee\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2144783805-3887696613-600744108-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\StartupApproved\Run: => "TunnelBear"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D0F43222-0FF3-4638-AD30-3C84651658F7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{57349266-7595-41CF-88DF-368C3B7A10E5}] => (Allow) LPort=2869
FirewallRules: [{6CE0FF85-5F02-4553-8A14-75A9F366A987}] => (Allow) LPort=1900
FirewallRules: [{02FA07A7-6C8A-49DC-AE64-5366AFF386E6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5C554042-43E2-42E5-A954-0122A7771B1D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D14A5676-8AF1-432F-BDDF-3A4BF1EC1E93}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4EA15C37-F004-41D6-9F94-EA318915758E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{14780B03-8B9A-434C-B2DD-9241FBDE367B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{743DFC53-E252-4382-9E0E-F0FA7CFA0835}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{781D9C65-0837-4F7E-A770-72EF7A932C41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{46FC7916-106D-49ED-B628-971C05F9A206}E:\farcry 3\bin\farcry3.exe] => (Block) E:\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{33035EE2-ACF0-49EF-9E96-D8BF0E55E6AA}E:\farcry 3\bin\farcry3.exe] => (Block) E:\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{1FA5C36C-09FB-4670-95FD-625CD37D5C0B}E:\call of duty 4 - modern warfare\iw3mp.bak.exe] => (Allow) E:\call of duty 4 - modern warfare\iw3mp.bak.exe
FirewallRules: [UDP Query User{AFCCD8A2-3F1A-4883-A37D-F073B5BEFEAA}E:\call of duty 4 - modern warfare\iw3mp.bak.exe] => (Allow) E:\call of duty 4 - modern warfare\iw3mp.bak.exe
FirewallRules: [TCP Query User{63A6576C-BBCD-4F3A-A501-555CD452F7DD}E:\call of duty 4 - modern warfare\iw3mp.exe] => (Block) E:\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{7A26BBE6-DAF4-40B3-9AEC-04EFB0E12647}E:\call of duty 4 - modern warfare\iw3mp.exe] => (Block) E:\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{35AC7D6D-B115-4325-87A1-BE9ECF7EB681}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EFCD89D2-5118-47CA-A975-1582D5529732}] => (Allow) C:\Program Files (x86)\kuwo\kuwomusic\bin\KwMusic.exe
FirewallRules: [{58990F52-878D-418A-9451-E5E3E584C577}] => (Allow) C:\Program Files (x86)\kuwo\kuwomusic\bin\KwMusic.exe
FirewallRules: [{7002C8B4-57D4-49FE-94C9-3DBF025A247F}] => (Allow) C:\Program Files (x86)\kuwo\kuwomusic\bin\KwService.exe
FirewallRules: [{B88A5C55-D9EA-4C31-AD26-38D827744776}] => (Allow) C:\Program Files (x86)\kuwo\kuwomusic\bin\KwService.exe
FirewallRules: [TCP Query User{8230E5A8-C2A9-4998-9C12-BAFA28EDC0A6}C:\program files (x86)\kuwo\kuwomusic\bin\kwservice.exe] => (Block) C:\program files (x86)\kuwo\kuwomusic\bin\kwservice.exe
FirewallRules: [UDP Query User{26B3CEDE-1326-41F2-B9EB-84DEB40D2812}C:\program files (x86)\kuwo\kuwomusic\bin\kwservice.exe] => (Block) C:\program files (x86)\kuwo\kuwomusic\bin\kwservice.exe
FirewallRules: [TCP Query User{B568E0B3-E462-4CF7-B6F6-2CB3897F356A}C:\program files (x86)\internet download manager\idman.exe] => (Block) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [UDP Query User{F5ED3D08-BA3E-4093-994F-B4A6CDFB89C5}C:\program files (x86)\internet download manager\idman.exe] => (Block) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [{D12BC656-38FF-4446-8029-FEA5C6A1237F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8F5FB652-47B2-41B3-A21B-207ACE17B035}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2FBAA968-B8FD-43BC-A90A-B9D327F8765D}] => (Allow) D:\Online Game\Garena\Garena Plus\ggdllhost.exe
FirewallRules: [{32B002CB-37FB-45F5-A1F4-E59B2806C993}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB5E910F-15E4-4AE6-B8D6-631E4A0933D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5EA18711-F1D1-4C98-B51C-1AEB51F7B41F}D:\online game\garena\garena plus\garenamessenger.exe] => (Allow) D:\online game\garena\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{225696B0-EA81-440B-A0CD-BF8854DC6C6E}D:\online game\garena\garena plus\garenamessenger.exe] => (Allow) D:\online game\garena\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{E2542C05-F30E-44B7-8342-1E99A6A1083A}D:\online game\garena\garena plus\apps\hon\hon.exe] => (Allow) D:\online game\garena\garena plus\apps\hon\hon.exe
FirewallRules: [UDP Query User{8F1D87B3-1F1C-4660-BCA5-38DA862BD4CF}D:\online game\garena\garena plus\apps\hon\hon.exe] => (Allow) D:\online game\garena\garena plus\apps\hon\hon.exe
FirewallRules: [{A086CBAC-09D7-4700-8B9C-D71636F582C1}] => (Allow) D:\Online Game\Steam\Steam.exe
FirewallRules: [{45F7F0B7-AEDE-4CDB-ACEC-40A216528DB3}] => (Allow) D:\Online Game\Steam\Steam.exe
FirewallRules: [{3157894F-3D9C-4FD8-A415-A5308B67B582}] => (Allow) D:\Online Game\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5EBE5D73-1FAC-4C6B-AA61-6C4BB0A468C1}] => (Allow) D:\Online Game\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{2C8D2FCE-FB17-4893-A8A2-F84F09274290}D:\online game\garena\garena plus\updatemanager.exe] => (Allow) D:\online game\garena\garena plus\updatemanager.exe
FirewallRules: [UDP Query User{9E9C757F-9DED-4B9A-89CE-BCD8F0CF35EF}D:\online game\garena\garena plus\updatemanager.exe] => (Allow) D:\online game\garena\garena plus\updatemanager.exe
FirewallRules: [{67CF2C16-69DB-46D2-9343-D923568F350D}] => (Allow) LPort=8370
FirewallRules: [{31F1FC5B-6BC7-47FA-ABFF-1D411C8BEE27}] => (Allow) LPort=8370
FirewallRules: [TCP Query User{31F1D8E3-9EBE-483A-A0A5-F5559EA35231}D:\lan game\warcraft iii\war3.exe] => (Block) D:\lan game\warcraft iii\war3.exe
FirewallRules: [UDP Query User{6C91F9CE-74AF-4766-A7FD-D273958EB40F}D:\lan game\warcraft iii\war3.exe] => (Block) D:\lan game\warcraft iii\war3.exe
FirewallRules: [TCP Query User{9FCEC151-319D-44F6-A116-4B3D26090515}C:\users\lee\downloads\programs\qvodsetup5.exe] => (Allow) C:\users\lee\downloads\programs\qvodsetup5.exe
FirewallRules: [UDP Query User{7C4EA0E5-DEAA-43CD-946B-32389D1D5A37}C:\users\lee\downloads\programs\qvodsetup5.exe] => (Allow) C:\users\lee\downloads\programs\qvodsetup5.exe
FirewallRules: [{41F10EE1-F012-414E-81B7-B40F71B5AE65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3226A60B-7789-41D8-8713-5AF2BAA31FA2}C:\users\lee\downloads\programs\qvodsetup5_2.exe] => (Allow) C:\users\lee\downloads\programs\qvodsetup5_2.exe
FirewallRules: [UDP Query User{A28CA462-B11D-4449-929D-87967B8F9FD1}C:\users\lee\downloads\programs\qvodsetup5_2.exe] => (Allow) C:\users\lee\downloads\programs\qvodsetup5_2.exe
FirewallRules: [TCP Query User{F0A8FD7F-6B65-4EA4-9913-CA88E67E885C}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{4681A1FF-D5C8-4566-9D53-2A3828440CCE}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [TCP Query User{2F1CD387-306B-4708-B11B-671FBC99CE9E}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{CCB41516-4EF2-42AA-9CF7-34BBD22EB6B7}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{315BE50E-A11E-473A-B60C-97E4162FFBE9}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{A6E3A30E-B669-4C90-A9F4-C66BF53BD4E3}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{39829C32-C3D3-4373-BA42-846F09911A39}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{C64C33A7-D628-40C8-B0BA-3C4631F664A4}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe

==================== Faulty Device Manager Devices =============

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 12:14:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/21/2015 12:09:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/20/2015 07:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/20/2015 06:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Frontend.exe, version: 0.9.27.5408, time stamp: 0x5566a7c0
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc0020001
Fault offset: 0x00014598
Faulting process id: 0xef0
Faulting application start time: 0xHD-Frontend.exe0
Faulting application path: HD-Frontend.exe1
Faulting module path: HD-Frontend.exe2
Report Id: HD-Frontend.exe3
Faulting package full name: HD-Frontend.exe4
Faulting package-relative application ID: HD-Frontend.exe5

Error: (07/20/2015 12:16:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QvodPlayer.exe version 5.3.103.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1590

Start Time: 01d0c29fa172af60

Termination Time: 32

Application Path: C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe

Report Id: 1d7dadf5-2e96-11e5-82bd-28b2bd10a620

Faulting package full name:

Faulting package-relative application ID:

Error: (07/19/2015 10:43:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/19/2015 10:45:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/19/2015 12:09:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/17/2015 02:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QvodPlayer.exe version 5.3.103.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ca8

Start Time: 01d0bff552d95042

Termination Time: 89

Application Path: C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe

Report Id: d577d1ab-2be8-11e5-82bd-28b2bd10a620

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 02:29:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QvodPlayer.exe version 5.3.103.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ffc

Start Time: 01d0bff532cfafea

Termination Time: 72

Application Path: C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe

Report Id: 8d44a820-2be8-11e5-82bd-28b2bd10a620

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (07/21/2015 12:53:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (07/21/2015 12:38:39 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.8.
The computer with the IP address 192.168.1.3 did not allow the name to be claimed by
this computer.

Error: (07/21/2015 12:37:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/21/2015 12:37:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/21/2015 12:37:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/21/2015 12:37:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

Error: (07/21/2015 12:37:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/21/2015 12:37:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/21/2015 12:37:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/21/2015 12:37:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/21/2015 12:14:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/21/2015 12:09:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/20/2015 07:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/20/2015 06:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.9.27.54085566a7c0KERNELBASE.dll6.3.9600.1741554504adec002000100014598ef001d0c2d06e1c43aaC:\Program Files (x86)\BlueStacks\HD-Frontend.exeC:\Windows\SYSTEM32\KERNELBASE.dlld7f2c820-2ec7-11e5-82bd-28b2bd10a620

Error: (07/20/2015 12:16:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QvodPlayer.exe5.3.103.0159001d0c29fa172af6032C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe1d7dadf5-2e96-11e5-82bd-28b2bd10a620

Error: (07/19/2015 10:43:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/19/2015 10:45:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/19/2015 12:09:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (07/17/2015 02:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QvodPlayer.exe5.3.103.01ca801d0bff552d9504289C:\Program Files (x86)\QvodPlayer\QvodPlayer.exed577d1ab-2be8-11e5-82bd-28b2bd10a620

Error: (07/17/2015 02:29:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QvodPlayer.exe5.3.103.0ffc01d0bff532cfafea72C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe8d44a820-2be8-11e5-82bd-28b2bd10a620


CodeIntegrity Errors:
===================================
Date: 2015-07-15 21:24:25.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-14 11:53:39.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-12 15:19:19.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-04 14:40:02.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-02 02:34:59.915
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-30 21:18:54.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-29 10:17:46.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-28 22:13:59.728
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-20 11:36:59.814
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-13 02:24:25.292
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16303.21 MB
Available physical RAM: 12816.38 MB
Total Virtual: 18735.21 MB
Available Virtual: 14989.72 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:28.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:915.99 GB) (Free:209.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 22A022C8)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 22A022A6)

Partition: GPT Partition Type.

==================== End of log ============================
soza1sheng
Active Member
 
Posts: 2
Joined: July 20th, 2015, 10:51 pm
Top

Re: Adblock Malware

Unread postby Firefly » July 25th, 2015, 10:36 am

soza1sheng -

Good job posting. Couple of questions before i dive into looking at the log -

You said you ran AdwCleaner & Malwarebytes (among other things). When were those run? If it was just before you posted, can you please post the logs for those as well? You will be able to find the logs at:

AdwCleaner: C:\AdwCleaner[R1].txt as well (it could be another number besides [R1] such as [R0]).
MBAM: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

Next, Please do the following:


MGA Diagnostic Tool

Download MGA Diagnostic Tool to your Desktop. If you cannot access the internet, please download it on another computer, and copy to the desktop of the infected computer. It cannot be run from the USB!

  • Double click MGADiag.exe to launch the program.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
    • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.


Next Steps

1. AdwCleaner log (if available)
2. MBAM log (if available)
3. MGA diagnostic log
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm
Top

Re: Adblock Malware

Unread postby Cypher » July 28th, 2015, 9:17 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 257 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index