Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected dll-fixer.com infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jim2B

Jim2B

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 02 February 2015 - 02:21 PM

The computer I allow my kids to use has been acting strange lately.  One hard drive is constantly doing read/writes and the computer keeps awaking from sleep, does something, and goes back to sleep all through the day.

 

I've spent the last 48 hours looking into this issue and have run a variety of scans to try to figure out whether the system is infected or just has a MS bug issue.

 

Trend Housecall

Says I'm clean

 

ESET online scanner

At 18% done has found 3 PUP/PUW applications

 

Malwarebytes

Says I'm clean

 

AdwCleaner

Found some things and cleaned them.

 

RogueKiller

Looking through the results of RogueKiller indicates the system could have had a rootkit installed.  It says that I'm otherwise clean

 

HijackThis!

Automated check of HijackThis! log says I'm clean

 

Spybot S&D

Looking through Spybot S&D configuration settings shows that "DLL-FIXER.COM" is installed.  It found some tracking cookies and other low threat items & cleaned them.

 

 

 

This does have an entry in the Uninstall table but the administrator does not have the privileges required to remove it:

 

 

 

Could you please help me diagnose and remove malware from my computer?

 

I'll be running a boot time scan with Avast after I send this email.

 

Jim



BC AdBot (Login to Remove)

 


#2 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 02 February 2015 - 03:54 PM

Results of the ESET online scanner:

C:\Users\All Users\Comodo\Cis\Quarantine\data\{1EA8C4B2-1F26-42A5-84FC-01F9AF015EC5}    a variant of MSIL/Adware.iBryte.G application    
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe    a variant of Win32/Systweak potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{1EA8C4B2-1F26-42A5-84FC-01F9AF015EC5}    a variant of MSIL/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Users\Dad\Desktop\SysTools\Install\cpuz_153_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
C:\Users\Dad\Downloads\mediadrug(1).exe    a variant of Win32/MediaDrug.A potentially unwanted application    deleted - quarantined
C:\Users\Dad\Downloads\mediadrug.exe    a variant of Win32/MediaDrug.A potentially unwanted application    deleted - quarantined
C:\Users\Meghan\Downloads\cnet_140engi1_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    deleted - quarantined
C:\Users\Meghan\Downloads\dffsetup-physxloader.exe    a variant of Win32/Systweak potentially unwanted application    deleted - quarantined
C:\Users\Noel\Desktop\Music\Muse_-_Exo-Politics.mp3    HTML/ScrInject.B.Gen virus    deleted - quarantined
F:\1 TB Backup\Applications\Utility\cpuz_153_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
F:\Backups\1 TB Backup\Applications\Utility\cpuz_153_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
F:\Backups\downloads\cpuz_153_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
F:\game booster\gamebooster22.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
F:\Shared\Applications\Utility\cpuz_153_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
 



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:36 PM

Posted 03 February 2015 - 11:28 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 03 February 2015 - 12:07 PM

After posting my initial request and before receiving your instructions, ESOT finished its scan.  Most of the positives were PUP and not necessarily infection, however, it did find and clean a couple of infections.  I also ran a boot time scan with Avast.  It found a number of issues but they appeared to be in backup files.

I'll dig for the log files from those two scans if you wish.

I will conduct no other scanning without explicit direction from you to do so.

 

The computer no longer generates the constant HD access that I found suspicious.

Here are the FRST64.EXE log files

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Dad (administrator) on BALDUR on 03-02-2015 11:53:11
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available profiles: Dad & Aaron & Mom & Meghan & Rachel & Noel & Terry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Dad\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-12-27] (Oracle Corporation)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-30] (Electronic Arts)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {0147a0ef-0f34-11e4-846a-00241dccca17} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4b4e-1779-11e2-b86f-00241dccca17} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4cc1-1779-11e2-b86f-00241dccca17} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {18abe7c9-745e-11e1-a614-00241dccca17} - E:\LaunchU3.exe -a
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca868eb-70f9-11e0-8f0e-00241dccca17} - H:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca86b87-70f9-11e0-8f0e-00241dccca17} - G:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {51d4a297-74e6-11e4-9b63-00241dccca17} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {d8a136ad-4fa7-11df-a815-000272a9ef50} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-618570333-1535794558-3025776438-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\searchplugins\search.xml
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11]
FF Extension: WOT - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-15]
FF Extension: DownloadHelper - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-10]
FF Extension: InvisibleHand - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2014-07-15]
FF Extension: NoScript - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-15]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2009-10-22] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-30] (Avast Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-30] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-22] (Overwolf LTD)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2015-02-02] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [14904 2009-02-23] ()
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-30] ()
S3 atidgllk; C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
S1 dsload; C:\Windows\SysWOW64\drivers\dsload.sys [10848 2008-05-23] (Oracle Corp.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-21] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-02-02] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-15] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-30] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-15] (Acronis International GmbH)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:52 - 2015-02-03 11:52 - 00067092 _____ () C:\Users\Dad\Downloads\Addition.txt
2015-02-03 11:51 - 2015-02-03 11:53 - 00019208 _____ () C:\Users\Dad\Downloads\FRST.txt
2015-02-03 02:20 - 2015-02-03 02:20 - 00040177 _____ () C:\Windows\setupact.log
2015-02-03 02:20 - 2015-02-03 02:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 13:37 - 2015-02-02 13:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 13:25 - 2015-02-02 13:25 - 05490752 _____ (Secunia) C:\Users\Dad\Downloads\PSISetup.exe
2015-02-02 13:25 - 2015-02-02 13:25 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-02-02 13:08 - 2015-02-02 13:08 - 00005090 _____ () C:\Users\Dad\Downloads\RKreport_SCN_02012015_201530.log
2015-02-02 13:01 - 2015-02-02 13:01 - 00010608 _____ () C:\Users\Dad\Documents\hijackthis.log
2015-02-02 12:58 - 2015-02-02 12:58 - 14861360 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\HijackThis.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\TMRBLog
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\log
2015-02-01 20:47 - 2015-02-01 20:47 - 05611380 _____ (Swearware) C:\Users\Dad\Downloads\ComboFix.exe
2015-02-01 20:47 - 2015-02-01 20:47 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dad\Downloads\rkill.com
2015-02-01 20:46 - 2015-02-01 20:46 - 02131456 _____ (Farbar) C:\Users\Dad\Downloads\FRST64(1).exe
2015-01-30 16:39 - 2015-01-30 16:39 - 00000991 _____ () C:\Users\Public\Desktop\Play Artemis.lnk
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artemis
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\Program Files (x86)\Artemis
2015-01-30 11:50 - 2015-01-30 11:50 - 18570328 _____ () C:\Users\Dad\Downloads\RogueKillerX64(1).exe
2015-01-29 23:37 - 2015-01-29 23:40 - 00000000 ____D () C:\AdwCleaner
2015-01-29 23:37 - 2015-01-29 23:37 - 02194432 _____ () C:\Users\Dad\Downloads\AdwCleaner(1).exe
2015-01-29 19:55 - 2015-01-29 19:59 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-29 19:55 - 2015-01-29 19:55 - 00000936 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-29 19:55 - 2015-01-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-29 19:48 - 2015-01-29 19:55 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Guild Wars 2
2015-01-28 17:45 - 2015-01-28 17:45 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-28 17:45 - 2015-01-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 17:44 - 2015-01-28 17:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 15:39 - 2015-01-28 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-28 13:17 - 2014-09-28 13:23 - 00000019 _____ () C:\Windows\system32\Drivers\etc\hosts.20150128-131740.backup
2015-01-13 16:02 - 2015-01-13 16:02 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:01 - 2015-01-13 16:01 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:01 - 2015-01-13 16:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:53 - 2014-07-14 09:00 - 00000000 ____D () C:\FRST
2015-02-03 11:40 - 2011-07-21 19:46 - 01395644 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 07:26 - 2014-10-08 12:19 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 07:26 - 2010-07-15 13:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 07:26 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-03 02:29 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 02:29 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 02:21 - 2014-07-14 16:25 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-02-03 02:21 - 2013-01-06 01:16 - 00000144 _____ () C:\service.log
2015-02-03 02:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 15:43 - 2014-10-12 23:50 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2015-02-02 13:45 - 2013-12-01 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job.bak
2015-02-02 13:40 - 2012-12-19 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak
2015-02-02 13:34 - 2011-07-30 00:32 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2015-02-02 13:33 - 2011-07-30 00:32 - 00149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-02-02 13:25 - 2014-11-28 07:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2015-02-02 02:40 - 2012-12-19 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak
2015-02-01 20:09 - 2014-07-14 08:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-01 19:13 - 2014-07-07 16:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 00:31 - 2014-07-18 17:27 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-01-30 16:03 - 2009-07-14 00:13 - 00854040 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 23:35 - 2013-12-15 18:48 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\TS3Client
2015-01-29 23:35 - 2013-12-15 11:22 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-29 23:32 - 2014-07-09 00:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-29 23:31 - 2014-12-22 10:18 - 03141120 _____ () C:\Windows\system32\eed_ec.dll
2015-01-29 23:31 - 2014-12-22 10:18 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-01-29 23:31 - 2014-12-22 10:18 - 00029184 _____ () C:\Windows\system32\ssj2mlm.dll
2015-01-29 20:16 - 2011-08-17 06:45 - 00000000 ____D () C:\Users\Terry
2015-01-29 20:16 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Noel
2015-01-29 20:15 - 2012-10-10 16:31 - 00000000 ____D () C:\Users\Mom
2015-01-29 20:15 - 2011-07-28 06:25 - 00000000 ____D () C:\Users\Rachel.Baldur
2015-01-29 20:15 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Meghan
2015-01-29 18:34 - 2012-08-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 17:41 - 2013-10-23 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 15:38 - 2013-10-04 23:58 - 00660128 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll
2015-01-28 13:11 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Aaron
2015-01-28 13:11 - 2011-01-14 20:39 - 00000000 ____D () C:\Users\Rachel
2015-01-28 13:11 - 2010-02-22 19:06 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-28 13:10 - 2010-02-22 19:05 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-01-27 15:42 - 2014-08-12 16:33 - 00002048 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002046 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002036 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 16:45 - 2013-12-01 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 16:45 - 2012-08-15 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 16:45 - 2011-12-26 20:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:03 - 2013-12-15 11:24 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-15 01:05 - 2011-07-21 18:57 - 00846162 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 06:43 - 2014-07-12 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-14 01:08 - 2013-07-19 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:00 - 2011-08-11 18:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 08:02 - 2010-02-16 09:25 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:27 - 2011-01-07 21:07 - 00000000 ____D () C:\Program Files (x86)\Steam

==================== Files in the root of some directories =======

2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583096.tmp
2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583111.tmp
2011-07-30 00:32 - 2015-02-02 13:33 - 0149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2011-07-30 00:32 - 2015-02-02 13:34 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2011-07-29 22:58 - 2011-07-29 22:58 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2012-01-14 16:38 - 2012-03-14 11:31 - 0007609 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-07-10 09:31 - 2014-07-10 09:31 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2011-12-15 23:48 - 2011-12-15 23:48 - 0473835 _____ () C:\ProgramData\SPL6206.tmp

Files to move or delete:
====================
C:\Users\Dad\100730_registry.reg


Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:59

==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Dad at 2015-02-03 11:52:20
Running from C:\Users\Dad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Agent Ransack x64 (HKLM\...\{D7DDA334-FF1D-4A04-B056-22AB301026C8}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}) (Version: 3.1.0.0342 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.1_1.0 - Thom Robertson)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.4.0.0115 - Disk Software Ltd)
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
ATI AVIVO64 Codecs (Version: 10.12.0.41118 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avencast™ - Rise of The Mage (v1.04b) (HKLM-x32\...\Avencast™ - Rise of The Mage_is1) (Version:  - Clockstone Software, Ltd.)
Baldur's Gate™ II - Shadows of Amn™ (HKLM-x32\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield Vietnam™ (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM-x32\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ Demo (HKLM-x32\...\InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ Demo (x32 Version: 1.00.0000 - Activision) Hidden
ccc-core-static (x32 Version: 2009.0730.58.43017 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.43550.1216 - COMODO Group Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.53.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dandelion - Wishes brought to you - Demo version 1.92 (HKLM-x32\...\{795EAB32-6331-420A-A57B-AAA3FC14ED0E}_is1) (Version: 1.92 - Cheritz)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dungeon and Dragons: Neverwinter Nights Complete (HKLM-x32\...\{053FFC87-C5BD-4B3C-9D3E-783902D83D21}) (Version: 1.0.0 - Atari)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Easy Tune 6 B09.0918.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0918.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Exact Audio Copy 1.0beta1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
FreeSpace (HKLM-x32\...\Freespace) (Version:  - )
FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II Total War Demo Gold (HKLM-x32\...\{4A665599-6771-4732-BE74-06B43B9F611B}) (Version: 1.00.0000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oracle Web Conferencing Console (HKLM-x32\...\OracleRTCClient) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.103 - Panda Security)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
Q-Share Ver.1.2 (HKLM-x32\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.3.0 - Ralink)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Home Entertainment)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.60.00(7/23/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.47.0 - Samsung Electronics Co., Ltd.)
Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.10 (2/12/2014) - Samsung Electronics Co., Ltd.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.00.00 - Stardock Entertainment, Inc.) Hidden
Smart Recovery B09.0911.1  (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version:  - )
Smart Recovery B09.0911.1  (x64) (Version: 1.00.0002 - GIGABYTE) Hidden
SmartMusic 2011a (HKLM-x32\...\SmartMusic 2011a) (Version: 13.0.0 - MakeMusic)
SmartMusic 2012b (HKLM-x32\...\SmartMusic 2012b) (Version: 14.2.0 - MakeMusic)
Sniper Elite V2 Demo (HKLM-x32\...\Steam App 210470) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Trek Legacy (HKLM-x32\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy 1.4.080 Patch (HKLM-x32\...\Star Trek Legacy 1.4.080 Patch) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars™: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teamcenter Application Sharing (HKLM-x32\...\{36B0C1C6-4AD8-40F1-8B2E-656F119E9DC4}) (Version: 9.0.11187 - Siemens PLM Solutions)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.5.82 - Electronic Arts)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Ultima IX: Ascension (HKLM-x32\...\{2E38F875-8285-4453-0089-542B10175A54}) (Version:  - )
Ultima Online: AoS (HKLM-x32\...\{7AC5D2AD-F559-461B-0081-283D0566F3A5}) (Version:  - )
Update Manager B09.0908.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Vim 7.2 (self-installing) (HKLM-x32\...\Vim 7.2) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
X3 REUNION (HKLM-x32\...\{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}) (Version: 1.00.0000 - EGOSOFT)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-01-2015 02:00:25 Automatic creation
02-01-2015 02:00:27 Automatic creation
03-01-2015 02:00:27 Automatic creation
04-01-2015 02:00:27 Automatic creation
05-01-2015 02:00:25 Automatic creation
06-01-2015 02:00:25 Automatic creation
07-01-2015 02:00:27 Automatic creation
08-01-2015 02:22:29 Automatic creation
09-01-2015 02:00:24 Automatic creation
10-01-2015 02:00:26 Automatic creation
11-01-2015 02:00:25 Automatic creation
12-01-2015 02:00:25 Automatic creation
13-01-2015 02:00:29 Automatic creation
14-01-2015 02:28:29 Automatic creation
15-01-2015 02:00:24 Automatic creation
16-01-2015 02:00:04 Automatic creation
17-01-2015 02:00:24 Automatic creation
18-01-2015 02:00:24 Automatic creation
19-01-2015 02:00:17 Automatic creation
20-01-2015 02:22:14 Automatic creation
21-01-2015 02:20:00 Automatic creation
22-01-2015 02:00:04 Automatic creation
23-01-2015 02:00:29 Automatic creation
24-01-2015 02:00:26 Automatic creation
25-01-2015 02:00:14 Automatic creation
26-01-2015 02:00:29 Automatic creation
27-01-2015 02:00:18 Automatic creation
28-01-2015 02:00:20 Automatic creation
29-01-2015 02:00:32 Automatic creation
30-01-2015 07:52:35 Automatic creation
31-01-2015 02:00:07 Automatic creation
01-02-2015 02:01:22 Automatic creation
02-02-2015 13:05:43 Known good on 2/2/15
03-02-2015 02:26:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-07-07 13:53 - 2015-01-28 13:17 - 00449968 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {08F5BA3A-78E6-48D0-B347-3BE55AD710D0} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {09DD604E-9593-42DE-B26F-7389249798DE} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0E23E548-EE4E-47F3-9D89-327115A89EF4} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1017 No Task File <==== ATTENTION
Task: {193734F3-8146-402C-8C4F-2894C449F1F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
Task: {1FF652C4-46EB-44F5-8A5D-8CA66198EE3D} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {301B0539-20DF-457F-BE5B-EB5B7C63C8DA} - System32\Tasks\{28267CE2-AC6E-40EC-8E84-30ED52A2E4D4} => pcalua.exe -a G:\autorun.exe -d G:\
Task: {4573C457-18A8-4FA9-92B0-015E83F67644} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {48AA01F0-A999-4298-BE00-826EC72332AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {490619CE-2DC5-4B05-A27F-71F73AE73021} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {4C508D15-D353-4A49-BF98-C0D84E0D6C72} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {4ED9B216-D80E-45D4-8B90-C630F4B20BB8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {52D7EDE5-D3B6-4748-9142-BE2E55AA2606} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1007 No Task File <==== ATTENTION
Task: {560AD119-1B50-4950-BC87-0AD298E29482} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {5942F493-4438-4409-B605-ED745A1EE6B1} - System32\Tasks\{BB37602F-6432-49CC-877B-E96441D6B45E} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5BD69114-0E31-4288-AEA9-D27471276EA8} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {5DACA79E-6732-4828-958A-57D663127487} - System32\Tasks\{E2851001-CD8B-4C9D-9978-8956427909A2} => pcalua.exe -a "C:\Program Files (x86)\Atari\DnDNWNC\Neverwinter Nights II\Redist\dotnetfx.exe" -d D:\ -c /q:a
Task: {5E23DFBC-251D-465F-AB3C-E8A069A69FF2} - System32\Tasks\ccleaner => C:\Program Files (x86)\CCleaner\CCleaner.exe [2011-06-24] (Piriform Ltd)
Task: {5EBBAFF7-4F4A-4A48-A859-48A568F1BABF} - System32\Tasks\{BB0C36E3-C45A-4CCE-A008-FEC781371266} => pcalua.exe -a "C:\Program Files (x86)\Black Isle\BGII - SoA\setup-haerdalisromance.exe" -d "C:\Program Files (x86)\Black Isle\BGII - SoA"
Task: {5FD54023-A6E0-4454-BB3F-9E702EBDA848} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1004 No Task File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
Task: {692815B2-4530-4A74-BF28-8DDD79C1E1CA} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6CECEC21-7E75-42A6-86FE-C256333D3DF9} - System32\Tasks\{C7E3B740-45AA-41A1-A3AF-59AE8991C812} => pcalua.exe -a "F:\Program Files (x86)\Origin\Ultima IX Ascension\FinalSetup.exe" -d "F:\Program Files (x86)\Origin\Ultima IX Ascension"
Task: {71424C4E-C8EA-43D2-BF4D-FA7EEA556483} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {71685726-207A-4D7D-B7E7-30D16A8D4572} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {75502724-72ED-45AD-979F-AB5D451F1E06} - System32\Tasks\{1E3CB70B-1C91-4915-871A-E7835C00A031} => pcalua.exe -a D:\autorun.exe -d C:\Users\Dad\Desktop
Task: {7602ADA3-ACBC-4CCD-872E-DFC619D6EF3F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-22] (Overwolf LTD)
Task: {7A288C5E-5B9F-47EC-91CA-3610316F38AB} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {7B13A63F-294A-4979-B590-D2FDDB6D194D} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {7EEBF848-3A27-4527-A0CD-84B042222B95} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394} - \Microsoft\Windows\SmartRecovery\SRFilter No Task File <==== ATTENTION
Task: {80149B74-D95E-4A02-8E55-7638E245162A} - System32\Tasks\{5C47274F-BCA4-4139-BC94-8CD92CA7D657} => pcalua.exe -a C:\Users\Dad\Downloads\CoD4MWDemoSetup(2).exe -d C:\Users\Dad\Downloads
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {816B6256-F809-420C-9F88-A379B31B46F6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {82C233BE-C8AF-4D74-B0D6-89E68D56EA9D} - \SidebarExecute No Task File <==== ATTENTION
Task: {8B2FBB78-0944-4227-ABD6-18ACF92D174A} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {8C411C2D-560B-4595-8800-496341658CB9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-26] (Adobe Systems Incorporated)
Task: {90AECFA1-35B3-429A-A0B4-1876E524F764} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-30] (AVAST Software)
Task: {90BC1377-BD3A-405B-97A1-56AEB3892BFC} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {927DE63C-60A6-469D-9214-B9D50DE82BF2} - System32\Tasks\{4AB9D493-C279-4087-8389-F351337A6552} => pcalua.exe -a C:\Users\Dad\AppData\Local\Temp\wzbad1\Phoenix.exe -d "F:\total war 2 shogun"
Task: {93E1CAF7-0E46-4B41-9B94-DCF94648175A} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {95C53501-6D3F-4E4B-BDA2-70F58C9CE73F} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {96414F7A-43C2-4C3E-8134-8733304E344A} - System32\Tasks\Malwarebytes Scanner => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {977F1C1B-0092-4562-83BE-EED9C226E08F} - System32\Tasks\{BCD3CA26-362E-40FD-990E-2D4416C631E8} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9CC33130-975D-4DEC-BFC6-2290805634FB} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {9E6CA771-8635-449B-99C5-E5A91081381D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {A12C62B9-65A4-4EA1-B902-DCF8D8729945} - System32\Tasks\{DCA5E30F-2FAC-4110-B5D7-1CEAEBED66DA} => pcalua.exe -a "F:\star wars jedi academy\Daemon Tools 3.47.exe" -d "F:\star wars jedi academy"
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {A71E53D3-DC1B-4D94-8367-7C66334571E5} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {A93468D7-A391-4B9D-98DB-D68C7A4597EA} - System32\Tasks\{28130279-849B-4786-8BDA-768DA20293B6} => pcalua.exe -a E:\Bonus\Patches\SWKotOR1_03.exe -d E:\Bonus\Patches
Task: {A94E50F3-D515-4E9F-A897-12F3556332B0} - System32\Tasks\{B57BEC15-12D5-4484-8F82-EDDB19CF1060} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe" -c -runfromtemp -l0x0409
Task: {AA2BCEA8-505D-4AE4-8AEA-A95E8DE42673} - System32\Tasks\{EEE0749C-28EB-4DD3-AE0C-6257C99876DC} => pcalua.exe -a C:\Users\Dad\Downloads\msicuu2.exe -d C:\Users\Dad\Downloads
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {ACC8EAC4-3A96-420D-81F9-DAE384374D53} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {ADDD5868-D739-4692-B026-1F50C8622DB2} - System32\Tasks\Spybot SD Clean => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDCleaner.exe
Task: {B3C6192C-1A0E-420E-A3B0-26813FF68F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {B5B66520-0160-4D2E-90DE-30D08DAD5677} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {C61112DE-254D-41D5-8411-C8BCD3D453DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C94AE7DB-B4EE-4F7E-BBF6-DB4C3C1FC4AD} - System32\Tasks\Malwarebytes Update => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {D0C3BBC8-A4E1-4898-B243-C142263DABB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D1F11153-9428-4977-BBAB-C1FCED77EC03} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-08] (COMODO)
Task: {D5657306-2046-482D-B78C-FF3CC1EB72F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {D5A5284C-AAA5-435D-AEFD-FACABF8D0E58} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {D61EB76C-8619-4E38-BEB1-A544F66F6AC4} - System32\Tasks\{68EA0CAE-97BE-4AD9-A710-7E73E7F08163} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {D905B85B-C853-44C8-BC94-37E5194605B0} - System32\Tasks\Defragment Drive => C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe [2014-07-15] (Auslogics)
Task: {DA4E2A15-F661-4D15-A070-0CDA6C82A853} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DAC63440-FD86-43CD-AA88-A24A9B6AC73A} - \Microsoft\Windows\Media Center\mcupdate_scheduled No Task File <==== ATTENTION
Task: {DC059C05-DFB8-401F-8902-6FAAA1B3F837} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
Task: {DD6AB72E-B36D-4073-8149-4FAE9DCA3516} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {DF1AB5D4-3BC8-4430-9C51-51F234BB365B} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1006 No Task File <==== ATTENTION
Task: {E1563919-CFE5-4654-BF24-DF30A2D4E496} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
Task: {E33BACF9-9D15-459A-BC06-D7A8674BBE01} - \Microsoft\Windows\SmartRecovery\SRCreate No Task File <==== ATTENTION
Task: {E6951A04-1F4C-454F-8F31-8DFC5C9F71C7} - System32\Tasks\{411B183B-F589-47D8-B570-3F064CB96F46} => pcalua.exe -a C:\Users\Dad\Desktop\CombatArmsSetupV45.exe -d C:\Users\Dad\Desktop
Task: {E90C7B41-2778-4930-B95C-CBB3A52D75EA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {EB493127-EB47-4C4F-AB70-F0C07F501967} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {EC4300FA-439B-43D5-B40A-EC4AD3A426D2} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor No Task File <==== ATTENTION
Task: {EF8EFF93-9142-411C-BE57-6B44C3F4EF7D} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {F0C7FCFD-4710-4846-97F8-227CDB6B7B19} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {FA0D8E52-D5CF-43C6-B587-F5F28E52DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job.bak => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-22 10:18 - 2015-01-29 23:31 - 00029184 _____ () C:\Windows\System32\ssj2mlm.dll
2010-05-09 15:34 - 2009-08-13 11:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00136544 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2010-02-17 18:26 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2014-12-30 10:47 - 2014-12-30 10:47 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-03 07:25 - 2015-02-03 07:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00423256 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 04101472 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 01586528 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00361816 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-17 18:26 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-01-05 11:29 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-05 11:29 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-03-05 23:10 - 2014-03-05 23:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-23 19:51 - 2015-01-28 17:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-12-30 10:47 - 2014-12-30 10:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj2mlm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK => C:\Windows\pss\Registration Assassin's Creed.LNK.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_12354009.lnk => C:\Windows\pss\_uninst_12354009.lnk.Startup
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: ospd_us_45 => "C:\Program Files (x86)\ospd_us_45\ospd_us_45.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Aaron (S-1-5-21-618570333-1535794558-3025776438-1003 - Limited - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-618570333-1535794558-3025776438-500 - Administrator - Disabled)
ASPNET (S-1-5-21-618570333-1535794558-3025776438-1010 - Limited - Enabled)
Chynna (S-1-5-21-618570333-1535794558-3025776438-1008 - Limited - Enabled)
Dad (S-1-5-21-618570333-1535794558-3025776438-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-618570333-1535794558-3025776438-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-618570333-1535794558-3025776438-1016 - Limited - Enabled)
Meghan (S-1-5-21-618570333-1535794558-3025776438-1005 - Limited - Enabled) => C:\Users\Meghan
Mom (S-1-5-21-618570333-1535794558-3025776438-1004 - Limited - Enabled) => C:\Users\Mom
Noel (S-1-5-21-618570333-1535794558-3025776438-1007 - Limited - Enabled) => C:\Users\Noel
Rachel (S-1-5-21-618570333-1535794558-3025776438-1006 - Limited - Enabled) => C:\Users\Rachel.Baldur
Terry (S-1-5-21-618570333-1535794558-3025776438-1017 - Limited - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5990

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5990

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992


System errors:
=============
Error: (02/03/2015 11:43:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (02/03/2015 11:43:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (02/03/2015 11:42:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (02/03/2015 11:42:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (02/03/2015 11:41:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (02/03/2015 11:41:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (02/03/2015 02:21:58 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/03/2015 02:21:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (02/03/2015 02:21:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (02/02/2015 03:57:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\dsload.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (02/03/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004

Error: (02/03/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5990

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5990

Error: (02/03/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 10:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992


CodeIntegrity Errors:
===================================
  Date: 2011-07-21 18:19:21.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-21 18:19:21.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Six-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 7678.49 MB
Available physical RAM: 5991.4 MB
Total Pagefile: 24060.68 MB
Available Pagefile: 21241.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1017.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1456.15 GB) NTFS
Drive f: (New F) (Fixed) (Total:1862.89 GB) (Free:606.13 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:36 PM

Posted 03 February 2015 - 02:55 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 03 February 2015 - 03:27 PM

AdwClean scan log (I'll post the results from the other scans separately):

 

# AdwCleaner v4.109 - Report created 03/02/2015 at 15:06:14
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - BALDUR
# Running from : C:\Users\Dad\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\searchplugins\search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v17.0.1 (en-US)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1698 octets] - [29/01/2015 23:37:31]
AdwCleaner[R1].txt - [1110 octets] - [03/02/2015 15:02:45]
AdwCleaner[S0].txt - [1781 octets] - [29/01/2015 23:40:12]
AdwCleaner[S1].txt - [1036 octets] - [03/02/2015 15:06:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1096 octets] ##########
 



#7 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 03 February 2015 - 03:55 PM

Note, Malwarebytes says I did not run as Administrator, yet I'm pretty sure I did launch and run as Administrator.  I will redo this if you think it wise to do so.

 

Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/3/2015
Scan Time: 3:18:50 PM
Logfile: mwb.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.02.03.07
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 636156
Time Elapsed: 29 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Dad\AppData\Local\Temp\utt899.tmp, Quarantined, [d63d1ffbbdcd6ec826647a5ce025ed13],

Physical Sectors: 0
(No malicious items detected)


(end)
 



#8 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 03 February 2015 - 04:20 PM

JRT log files:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dad on Tue 02/03/2015 at 15:55:54.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util focusbase



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dad\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\mpfsumtn.default-1405436773312\searchplugins\search.xml
Emptied folder: C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\mpfsumtn.default-1405436773312\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/03/2015 at 16:19:10.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 03 February 2015 - 04:43 PM

FRST Scan:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Dad (administrator) on BALDUR on 03-02-2015 16:30:06
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available profiles: Dad & Aaron & Mom & Meghan & Rachel & Noel & Terry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BitTorrent Inc.) C:\Users\Dad\AppData\Roaming\uTorrent\uTorrent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Dad\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-12-27] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-12-27] (Malwarebytes Corporation)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-30] (Electronic Arts)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {0147a0ef-0f34-11e4-846a-00241dccca17} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4b4e-1779-11e2-b86f-00241dccca17} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4cc1-1779-11e2-b86f-00241dccca17} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {18abe7c9-745e-11e1-a614-00241dccca17} - E:\LaunchU3.exe -a
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca868eb-70f9-11e0-8f0e-00241dccca17} - H:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca86b87-70f9-11e0-8f0e-00241dccca17} - G:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {51d4a297-74e6-11e4-9b63-00241dccca17} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {d8a136ad-4fa7-11df-a815-000272a9ef50} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-618570333-1535794558-3025776438-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\searchplugins\search.xml
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11]
FF Extension: WOT - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-15]
FF Extension: DownloadHelper - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-10]
FF Extension: InvisibleHand - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2014-07-15]
FF Extension: NoScript - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-15]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2009-10-22] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-30] (Avast Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-30] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-22] (Overwolf LTD)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2015-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2015-02-02] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [14904 2009-02-23] ()
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-30] ()
S3 atidgllk; C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
S1 dsload; C:\Windows\SysWOW64\drivers\dsload.sys [10848 2008-05-23] (Oracle Corp.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-21] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
U0 mgroid; C:\Windows\System32\drivers\wypiaojs.sys [79064 2015-02-03] (Malwarebytes Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-02-02] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-15] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-30] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-15] (Acronis International GmbH)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 16:19 - 2015-02-03 16:19 - 00001324 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-02-03 15:53 - 2015-02-03 15:53 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wypiaojs.sys
2015-02-03 15:51 - 2015-02-03 15:53 - 00001139 _____ () C:\Users\Dad\Desktop\mwb.txt
2015-02-03 15:26 - 2015-02-03 15:26 - 00000847 _____ () C:\Users\Dad\Desktop\µTorrent.lnk
2015-02-03 15:26 - 2015-02-03 15:26 - 00000827 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-03 15:25 - 2015-02-03 16:28 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\uTorrent
2015-02-03 15:21 - 2015-02-03 15:21 - 01740880 _____ (BitTorrent Inc.) C:\Users\Dad\Downloads\uTorrent.exe
2015-02-03 15:07 - 2015-02-03 15:07 - 00000306 _____ () C:\Windows\PFRO.log
2015-02-03 15:05 - 2015-02-03 15:05 - 01388274 _____ (Thisisu) C:\Users\Dad\Downloads\JRT.exe
2015-02-03 11:52 - 2015-02-03 11:52 - 00067092 _____ () C:\Users\Dad\Downloads\Addition.txt
2015-02-03 11:51 - 2015-02-03 16:30 - 00019671 _____ () C:\Users\Dad\Downloads\FRST.txt
2015-02-03 02:20 - 2015-02-03 15:09 - 00080354 _____ () C:\Windows\setupact.log
2015-02-03 02:20 - 2015-02-03 02:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 13:37 - 2015-02-02 13:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 13:25 - 2015-02-02 13:25 - 05490752 _____ (Secunia) C:\Users\Dad\Downloads\PSISetup.exe
2015-02-02 13:25 - 2015-02-02 13:25 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-02-02 13:08 - 2015-02-02 13:08 - 00005090 _____ () C:\Users\Dad\Downloads\RKreport_SCN_02012015_201530.log
2015-02-02 13:01 - 2015-02-02 13:01 - 00010608 _____ () C:\Users\Dad\Documents\hijackthis.log
2015-02-02 12:58 - 2015-02-02 12:58 - 14861360 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\HijackThis.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\TMRBLog
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\log
2015-02-01 20:47 - 2015-02-01 20:47 - 05611380 _____ (Swearware) C:\Users\Dad\Downloads\ComboFix.exe
2015-02-01 20:47 - 2015-02-01 20:47 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dad\Downloads\rkill.com
2015-02-01 20:46 - 2015-02-01 20:46 - 02131456 _____ (Farbar) C:\Users\Dad\Downloads\FRST64(1).exe
2015-01-30 16:39 - 2015-01-30 16:39 - 00000991 _____ () C:\Users\Public\Desktop\Play Artemis.lnk
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artemis
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\Program Files (x86)\Artemis
2015-01-30 11:50 - 2015-01-30 11:50 - 18570328 _____ () C:\Users\Dad\Downloads\RogueKillerX64(1).exe
2015-01-29 23:37 - 2015-02-03 15:06 - 00000000 ____D () C:\AdwCleaner
2015-01-29 23:37 - 2015-01-29 23:37 - 02194432 _____ () C:\Users\Dad\Downloads\AdwCleaner(1).exe
2015-01-29 19:55 - 2015-01-29 19:59 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-29 19:55 - 2015-01-29 19:55 - 00000936 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-29 19:55 - 2015-01-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-29 19:48 - 2015-01-29 19:55 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Guild Wars 2
2015-01-28 17:45 - 2015-01-28 17:45 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-28 17:45 - 2015-01-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 17:44 - 2015-01-28 17:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 15:39 - 2015-01-28 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-28 13:17 - 2014-09-28 13:23 - 00000019 _____ () C:\Windows\system32\Drivers\etc\hosts.20150128-131740.backup
2015-01-13 16:02 - 2015-01-13 16:02 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:01 - 2015-01-13 16:01 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:01 - 2015-01-13 16:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 16:30 - 2014-07-14 09:00 - 00000000 ____D () C:\FRST
2015-02-03 16:17 - 2011-07-21 19:46 - 01412040 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 15:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-02-03 15:26 - 2014-07-14 08:16 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2015-02-03 15:18 - 2014-07-07 16:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 15:17 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 15:17 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 15:12 - 2010-07-15 13:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 15:10 - 2013-01-06 01:16 - 00000144 _____ () C:\service.log
2015-02-03 15:09 - 2014-07-14 16:25 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-02-03 15:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 07:26 - 2014-10-08 12:19 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 07:26 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-02 13:45 - 2013-12-01 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job.bak
2015-02-02 13:40 - 2012-12-19 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak
2015-02-02 13:34 - 2011-07-30 00:32 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2015-02-02 13:33 - 2011-07-30 00:32 - 00149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-02-02 13:25 - 2014-11-28 07:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2015-02-02 02:40 - 2012-12-19 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak
2015-02-01 20:09 - 2014-07-14 08:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-01 00:31 - 2014-07-18 17:27 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-01-30 16:03 - 2009-07-14 00:13 - 00854040 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 23:35 - 2013-12-15 18:48 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\TS3Client
2015-01-29 23:35 - 2013-12-15 11:22 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-29 23:32 - 2014-07-09 00:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-29 23:31 - 2014-12-22 10:18 - 03141120 _____ () C:\Windows\system32\eed_ec.dll
2015-01-29 23:31 - 2014-12-22 10:18 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-01-29 23:31 - 2014-12-22 10:18 - 00029184 _____ () C:\Windows\system32\ssj2mlm.dll
2015-01-29 20:16 - 2011-08-17 06:45 - 00000000 ____D () C:\Users\Terry
2015-01-29 20:16 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Noel
2015-01-29 20:15 - 2012-10-10 16:31 - 00000000 ____D () C:\Users\Mom
2015-01-29 20:15 - 2011-07-28 06:25 - 00000000 ____D () C:\Users\Rachel.Baldur
2015-01-29 20:15 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Meghan
2015-01-29 18:34 - 2012-08-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 17:41 - 2013-10-23 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 15:38 - 2013-10-04 23:58 - 00660128 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll
2015-01-28 13:11 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Aaron
2015-01-28 13:11 - 2011-01-14 20:39 - 00000000 ____D () C:\Users\Rachel
2015-01-28 13:11 - 2010-02-22 19:06 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-28 13:10 - 2010-02-22 19:05 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-01-27 15:42 - 2014-08-12 16:33 - 00002048 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002046 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002036 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 16:45 - 2013-12-01 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 16:45 - 2012-08-15 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 16:45 - 2011-12-26 20:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:03 - 2013-12-15 11:24 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-15 01:05 - 2011-07-21 18:57 - 00846162 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 06:43 - 2014-07-12 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-14 01:08 - 2013-07-19 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:00 - 2011-08-11 18:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 08:02 - 2010-02-16 09:25 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:27 - 2011-01-07 21:07 - 00000000 ____D () C:\Program Files (x86)\Steam

==================== Files in the root of some directories =======

2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583096.tmp
2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583111.tmp
2011-07-30 00:32 - 2015-02-02 13:33 - 0149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2011-07-30 00:32 - 2015-02-02 13:34 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2011-07-29 22:58 - 2011-07-29 22:58 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2012-01-14 16:38 - 2012-03-14 11:31 - 0007609 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-07-10 09:31 - 2014-07-10 09:31 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2011-12-15 23:48 - 2011-12-15 23:48 - 0473835 _____ () C:\ProgramData\SPL6206.tmp

Files to move or delete:
====================
C:\Users\Dad\100730_registry.reg


Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:59

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Dad at 2015-02-03 16:30:39
Running from C:\Users\Dad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
µTorrent (HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Agent Ransack x64 (HKLM\...\{D7DDA334-FF1D-4A04-B056-22AB301026C8}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}) (Version: 3.1.0.0342 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.1_1.0 - Thom Robertson)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.4.0.0115 - Disk Software Ltd)
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
ATI AVIVO64 Codecs (Version: 10.12.0.41118 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avencast™ - Rise of The Mage (v1.04b) (HKLM-x32\...\Avencast™ - Rise of The Mage_is1) (Version:  - Clockstone Software, Ltd.)
Baldur's Gate™ II - Shadows of Amn™ (HKLM-x32\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield Vietnam™ (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM-x32\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ Demo (HKLM-x32\...\InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ Demo (x32 Version: 1.00.0000 - Activision) Hidden
ccc-core-static (x32 Version: 2009.0730.58.43017 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.43550.1216 - COMODO Group Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.53.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dandelion - Wishes brought to you - Demo version 1.92 (HKLM-x32\...\{795EAB32-6331-420A-A57B-AAA3FC14ED0E}_is1) (Version: 1.92 - Cheritz)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dungeon and Dragons: Neverwinter Nights Complete (HKLM-x32\...\{053FFC87-C5BD-4B3C-9D3E-783902D83D21}) (Version: 1.0.0 - Atari)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Easy Tune 6 B09.0918.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0918.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Exact Audio Copy 1.0beta1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
FreeSpace (HKLM-x32\...\Freespace) (Version:  - )
FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II Total War Demo Gold (HKLM-x32\...\{4A665599-6771-4732-BE74-06B43B9F611B}) (Version: 1.00.0000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oracle Web Conferencing Console (HKLM-x32\...\OracleRTCClient) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.103 - Panda Security)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
Q-Share Ver.1.2 (HKLM-x32\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.3.0 - Ralink)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Home Entertainment)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.60.00(7/23/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.47.0 - Samsung Electronics Co., Ltd.)
Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.10 (2/12/2014) - Samsung Electronics Co., Ltd.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.00.00 - Stardock Entertainment, Inc.) Hidden
Smart Recovery B09.0911.1  (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version:  - )
Smart Recovery B09.0911.1  (x64) (Version: 1.00.0002 - GIGABYTE) Hidden
SmartMusic 2011a (HKLM-x32\...\SmartMusic 2011a) (Version: 13.0.0 - MakeMusic)
SmartMusic 2012b (HKLM-x32\...\SmartMusic 2012b) (Version: 14.2.0 - MakeMusic)
Sniper Elite V2 Demo (HKLM-x32\...\Steam App 210470) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Trek Legacy (HKLM-x32\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy 1.4.080 Patch (HKLM-x32\...\Star Trek Legacy 1.4.080 Patch) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars™: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teamcenter Application Sharing (HKLM-x32\...\{36B0C1C6-4AD8-40F1-8B2E-656F119E9DC4}) (Version: 9.0.11187 - Siemens PLM Solutions)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.5.82 - Electronic Arts)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Ultima IX: Ascension (HKLM-x32\...\{2E38F875-8285-4453-0089-542B10175A54}) (Version:  - )
Ultima Online: AoS (HKLM-x32\...\{7AC5D2AD-F559-461B-0081-283D0566F3A5}) (Version:  - )
Update Manager B09.0908.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Vim 7.2 (self-installing) (HKLM-x32\...\Vim 7.2) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
X3 REUNION (HKLM-x32\...\{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}) (Version: 1.00.0000 - EGOSOFT)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-01-2015 02:00:25 Automatic creation
02-01-2015 02:00:27 Automatic creation
03-01-2015 02:00:27 Automatic creation
04-01-2015 02:00:27 Automatic creation
05-01-2015 02:00:25 Automatic creation
06-01-2015 02:00:25 Automatic creation
07-01-2015 02:00:27 Automatic creation
08-01-2015 02:22:29 Automatic creation
09-01-2015 02:00:24 Automatic creation
10-01-2015 02:00:26 Automatic creation
11-01-2015 02:00:25 Automatic creation
12-01-2015 02:00:25 Automatic creation
13-01-2015 02:00:29 Automatic creation
14-01-2015 02:28:29 Automatic creation
15-01-2015 02:00:24 Automatic creation
16-01-2015 02:00:04 Automatic creation
17-01-2015 02:00:24 Automatic creation
18-01-2015 02:00:24 Automatic creation
19-01-2015 02:00:17 Automatic creation
20-01-2015 02:22:14 Automatic creation
21-01-2015 02:20:00 Automatic creation
22-01-2015 02:00:04 Automatic creation
23-01-2015 02:00:29 Automatic creation
24-01-2015 02:00:26 Automatic creation
25-01-2015 02:00:14 Automatic creation
26-01-2015 02:00:29 Automatic creation
27-01-2015 02:00:18 Automatic creation
28-01-2015 02:00:20 Automatic creation
29-01-2015 02:00:32 Automatic creation
30-01-2015 07:52:35 Automatic creation
31-01-2015 02:00:07 Automatic creation
01-02-2015 02:01:22 Automatic creation
02-02-2015 13:05:43 Known good on 2/2/15
03-02-2015 02:26:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-07-07 13:53 - 2015-01-28 13:17 - 00449968 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {08F5BA3A-78E6-48D0-B347-3BE55AD710D0} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {09DD604E-9593-42DE-B26F-7389249798DE} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0E23E548-EE4E-47F3-9D89-327115A89EF4} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1017 No Task File <==== ATTENTION
Task: {193734F3-8146-402C-8C4F-2894C449F1F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
Task: {1FF652C4-46EB-44F5-8A5D-8CA66198EE3D} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {301B0539-20DF-457F-BE5B-EB5B7C63C8DA} - System32\Tasks\{28267CE2-AC6E-40EC-8E84-30ED52A2E4D4} => pcalua.exe -a G:\autorun.exe -d G:\
Task: {4573C457-18A8-4FA9-92B0-015E83F67644} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {48AA01F0-A999-4298-BE00-826EC72332AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {490619CE-2DC5-4B05-A27F-71F73AE73021} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {4C508D15-D353-4A49-BF98-C0D84E0D6C72} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {4ED9B216-D80E-45D4-8B90-C630F4B20BB8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {52D7EDE5-D3B6-4748-9142-BE2E55AA2606} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1007 No Task File <==== ATTENTION
Task: {560AD119-1B50-4950-BC87-0AD298E29482} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {5942F493-4438-4409-B605-ED745A1EE6B1} - System32\Tasks\{BB37602F-6432-49CC-877B-E96441D6B45E} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5BD69114-0E31-4288-AEA9-D27471276EA8} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {5DACA79E-6732-4828-958A-57D663127487} - System32\Tasks\{E2851001-CD8B-4C9D-9978-8956427909A2} => pcalua.exe -a "C:\Program Files (x86)\Atari\DnDNWNC\Neverwinter Nights II\Redist\dotnetfx.exe" -d D:\ -c /q:a
Task: {5E23DFBC-251D-465F-AB3C-E8A069A69FF2} - System32\Tasks\ccleaner => C:\Program Files (x86)\CCleaner\CCleaner.exe [2011-06-24] (Piriform Ltd)
Task: {5EBBAFF7-4F4A-4A48-A859-48A568F1BABF} - System32\Tasks\{BB0C36E3-C45A-4CCE-A008-FEC781371266} => pcalua.exe -a "C:\Program Files (x86)\Black Isle\BGII - SoA\setup-haerdalisromance.exe" -d "C:\Program Files (x86)\Black Isle\BGII - SoA"
Task: {5FD54023-A6E0-4454-BB3F-9E702EBDA848} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1004 No Task File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
Task: {692815B2-4530-4A74-BF28-8DDD79C1E1CA} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6CECEC21-7E75-42A6-86FE-C256333D3DF9} - System32\Tasks\{C7E3B740-45AA-41A1-A3AF-59AE8991C812} => pcalua.exe -a "F:\Program Files (x86)\Origin\Ultima IX Ascension\FinalSetup.exe" -d "F:\Program Files (x86)\Origin\Ultima IX Ascension"
Task: {71424C4E-C8EA-43D2-BF4D-FA7EEA556483} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {71685726-207A-4D7D-B7E7-30D16A8D4572} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {75502724-72ED-45AD-979F-AB5D451F1E06} - System32\Tasks\{1E3CB70B-1C91-4915-871A-E7835C00A031} => pcalua.exe -a D:\autorun.exe -d C:\Users\Dad\Desktop
Task: {7602ADA3-ACBC-4CCD-872E-DFC619D6EF3F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-22] (Overwolf LTD)
Task: {7A288C5E-5B9F-47EC-91CA-3610316F38AB} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {7B13A63F-294A-4979-B590-D2FDDB6D194D} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {7EEBF848-3A27-4527-A0CD-84B042222B95} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394} - \Microsoft\Windows\SmartRecovery\SRFilter No Task File <==== ATTENTION
Task: {80149B74-D95E-4A02-8E55-7638E245162A} - System32\Tasks\{5C47274F-BCA4-4139-BC94-8CD92CA7D657} => pcalua.exe -a C:\Users\Dad\Downloads\CoD4MWDemoSetup(2).exe -d C:\Users\Dad\Downloads
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {816B6256-F809-420C-9F88-A379B31B46F6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {82C233BE-C8AF-4D74-B0D6-89E68D56EA9D} - \SidebarExecute No Task File <==== ATTENTION
Task: {8B2FBB78-0944-4227-ABD6-18ACF92D174A} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {8C411C2D-560B-4595-8800-496341658CB9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-26] (Adobe Systems Incorporated)
Task: {90AECFA1-35B3-429A-A0B4-1876E524F764} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-30] (AVAST Software)
Task: {90BC1377-BD3A-405B-97A1-56AEB3892BFC} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {927DE63C-60A6-469D-9214-B9D50DE82BF2} - System32\Tasks\{4AB9D493-C279-4087-8389-F351337A6552} => pcalua.exe -a C:\Users\Dad\AppData\Local\Temp\wzbad1\Phoenix.exe -d "F:\total war 2 shogun"
Task: {93E1CAF7-0E46-4B41-9B94-DCF94648175A} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {95C53501-6D3F-4E4B-BDA2-70F58C9CE73F} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {96414F7A-43C2-4C3E-8134-8733304E344A} - System32\Tasks\Malwarebytes Scanner => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {977F1C1B-0092-4562-83BE-EED9C226E08F} - System32\Tasks\{BCD3CA26-362E-40FD-990E-2D4416C631E8} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9CC33130-975D-4DEC-BFC6-2290805634FB} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {9E6CA771-8635-449B-99C5-E5A91081381D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {A12C62B9-65A4-4EA1-B902-DCF8D8729945} - System32\Tasks\{DCA5E30F-2FAC-4110-B5D7-1CEAEBED66DA} => pcalua.exe -a "F:\star wars jedi academy\Daemon Tools 3.47.exe" -d "F:\star wars jedi academy"
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {A71E53D3-DC1B-4D94-8367-7C66334571E5} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {A93468D7-A391-4B9D-98DB-D68C7A4597EA} - System32\Tasks\{28130279-849B-4786-8BDA-768DA20293B6} => pcalua.exe -a E:\Bonus\Patches\SWKotOR1_03.exe -d E:\Bonus\Patches
Task: {A94E50F3-D515-4E9F-A897-12F3556332B0} - System32\Tasks\{B57BEC15-12D5-4484-8F82-EDDB19CF1060} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe" -c -runfromtemp -l0x0409
Task: {AA2BCEA8-505D-4AE4-8AEA-A95E8DE42673} - System32\Tasks\{EEE0749C-28EB-4DD3-AE0C-6257C99876DC} => pcalua.exe -a C:\Users\Dad\Downloads\msicuu2.exe -d C:\Users\Dad\Downloads
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {ACC8EAC4-3A96-420D-81F9-DAE384374D53} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {ADDD5868-D739-4692-B026-1F50C8622DB2} - System32\Tasks\Spybot SD Clean => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDCleaner.exe
Task: {B3C6192C-1A0E-420E-A3B0-26813FF68F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {B5B66520-0160-4D2E-90DE-30D08DAD5677} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {C61112DE-254D-41D5-8411-C8BCD3D453DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C94AE7DB-B4EE-4F7E-BBF6-DB4C3C1FC4AD} - System32\Tasks\Malwarebytes Update => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {D0C3BBC8-A4E1-4898-B243-C142263DABB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D1F11153-9428-4977-BBAB-C1FCED77EC03} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-08] (COMODO)
Task: {D5657306-2046-482D-B78C-FF3CC1EB72F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {D5A5284C-AAA5-435D-AEFD-FACABF8D0E58} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {D61EB76C-8619-4E38-BEB1-A544F66F6AC4} - System32\Tasks\{68EA0CAE-97BE-4AD9-A710-7E73E7F08163} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {D905B85B-C853-44C8-BC94-37E5194605B0} - System32\Tasks\Defragment Drive => C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe [2014-07-15] (Auslogics)
Task: {DA4E2A15-F661-4D15-A070-0CDA6C82A853} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DAC63440-FD86-43CD-AA88-A24A9B6AC73A} - \Microsoft\Windows\Media Center\mcupdate_scheduled No Task File <==== ATTENTION
Task: {DC059C05-DFB8-401F-8902-6FAAA1B3F837} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
Task: {DD6AB72E-B36D-4073-8149-4FAE9DCA3516} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {DF1AB5D4-3BC8-4430-9C51-51F234BB365B} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1006 No Task File <==== ATTENTION
Task: {E1563919-CFE5-4654-BF24-DF30A2D4E496} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
Task: {E33BACF9-9D15-459A-BC06-D7A8674BBE01} - \Microsoft\Windows\SmartRecovery\SRCreate No Task File <==== ATTENTION
Task: {E6951A04-1F4C-454F-8F31-8DFC5C9F71C7} - System32\Tasks\{411B183B-F589-47D8-B570-3F064CB96F46} => pcalua.exe -a C:\Users\Dad\Desktop\CombatArmsSetupV45.exe -d C:\Users\Dad\Desktop
Task: {E90C7B41-2778-4930-B95C-CBB3A52D75EA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {EB493127-EB47-4C4F-AB70-F0C07F501967} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {EC4300FA-439B-43D5-B40A-EC4AD3A426D2} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor No Task File <==== ATTENTION
Task: {EF8EFF93-9142-411C-BE57-6B44C3F4EF7D} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {F0C7FCFD-4710-4846-97F8-227CDB6B7B19} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {FA0D8E52-D5CF-43C6-B587-F5F28E52DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job.bak => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-22 10:18 - 2015-01-29 23:31 - 00029184 _____ () C:\Windows\System32\ssj2mlm.dll
2010-05-09 15:34 - 2009-08-13 11:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00136544 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2010-02-17 18:26 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2014-12-30 10:47 - 2014-12-30 10:47 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-03 07:25 - 2015-02-03 07:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-03 15:10 - 2015-02-03 15:10 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020301\algo.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00423256 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 04101472 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 01586528 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00361816 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-17 18:26 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-01-05 11:29 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-05 11:29 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-03-05 23:10 - 2014-03-05 23:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-12-30 10:47 - 2014-12-30 10:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 00888216 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
2013-10-23 19:51 - 2015-01-28 17:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj2mlm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK => C:\Windows\pss\Registration Assassin's Creed.LNK.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_12354009.lnk => C:\Windows\pss\_uninst_12354009.lnk.Startup
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: ospd_us_45 => "C:\Program Files (x86)\ospd_us_45\ospd_us_45.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Aaron (S-1-5-21-618570333-1535794558-3025776438-1003 - Limited - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-618570333-1535794558-3025776438-500 - Administrator - Disabled)
ASPNET (S-1-5-21-618570333-1535794558-3025776438-1010 - Limited - Enabled)
Chynna (S-1-5-21-618570333-1535794558-3025776438-1008 - Limited - Enabled)
Dad (S-1-5-21-618570333-1535794558-3025776438-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-618570333-1535794558-3025776438-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-618570333-1535794558-3025776438-1016 - Limited - Enabled)
Meghan (S-1-5-21-618570333-1535794558-3025776438-1005 - Limited - Enabled) => C:\Users\Meghan
Mom (S-1-5-21-618570333-1535794558-3025776438-1004 - Limited - Enabled) => C:\Users\Mom
Noel (S-1-5-21-618570333-1535794558-3025776438-1007 - Limited - Enabled) => C:\Users\Noel
Rachel (S-1-5-21-618570333-1535794558-3025776438-1006 - Limited - Enabled) => C:\Users\Rachel.Baldur
Terry (S-1-5-21-618570333-1535794558-3025776438-1017 - Limited - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006


System errors:
=============
Error: (02/03/2015 04:16:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (02/03/2015 04:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018

Error: (02/03/2015 04:16:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (02/03/2015 04:16:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 04:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006


CodeIntegrity Errors:
===================================
  Date: 2011-07-21 18:19:21.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-21 18:19:21.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Six-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 7678.49 MB
Available physical RAM: 5892.47 MB
Total Pagefile: 24060.68 MB
Available Pagefile: 20991.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1017.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1456.15 GB) NTFS
Drive f: (New F) (Fixed) (Total:1862.89 GB) (Free:606.13 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:36 PM

Posted 04 February 2015 - 10:30 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {0147a0ef-0f34-11e4-846a-00241dccca17} - E:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4b4e-1779-11e2-b86f-00241dccca17} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4cc1-1779-11e2-b86f-00241dccca17} - I:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {18abe7c9-745e-11e1-a614-00241dccca17} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca868eb-70f9-11e0-8f0e-00241dccca17} - H:\Autorun.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca86b87-70f9-11e0-8f0e-00241dccca17} - G:\Autorun.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {51d4a297-74e6-11e4-9b63-00241dccca17} - E:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {d8a136ad-4fa7-11df-a815-000272a9ef50} - E:\setup.exe
    BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    C:\Users\Dad\100730_registry.reg
    Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
    Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
    Task: {08F5BA3A-78E6-48D0-B347-3BE55AD710D0} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
    Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
    Task: {0E23E548-EE4E-47F3-9D89-327115A89EF4} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1017 No Task File <==== ATTENTION
    Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
    Task: {1FF652C4-46EB-44F5-8A5D-8CA66198EE3D} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
    Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
    Task: {4573C457-18A8-4FA9-92B0-015E83F67644} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
    Task: {490619CE-2DC5-4B05-A27F-71F73AE73021} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
    Task: {4C508D15-D353-4A49-BF98-C0D84E0D6C72} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
    Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
    Task: {52D7EDE5-D3B6-4748-9142-BE2E55AA2606} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1007 No Task File <==== ATTENTION
    Task: {560AD119-1B50-4950-BC87-0AD298E29482} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
    Task: {5BD69114-0E31-4288-AEA9-D27471276EA8} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
    Task: {5FD54023-A6E0-4454-BB3F-9E702EBDA848} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1004 No Task File <==== ATTENTION
    Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
    Task: {71685726-207A-4D7D-B7E7-30D16A8D4572} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
    Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
    Task: {7A288C5E-5B9F-47EC-91CA-3610316F38AB} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
    Task: {7B13A63F-294A-4979-B590-D2FDDB6D194D} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
    Task: {7EEBF848-3A27-4527-A0CD-84B042222B95} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
    Task: {7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394} - \Microsoft\Windows\SmartRecovery\SRFilter No Task File <==== ATTENTION
    Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
    Task: {82C233BE-C8AF-4D74-B0D6-89E68D56EA9D} - \SidebarExecute No Task File <==== ATTENTION
    Task: {8B2FBB78-0944-4227-ABD6-18ACF92D174A} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
    Task: {90BC1377-BD3A-405B-97A1-56AEB3892BFC} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
    Task: {93E1CAF7-0E46-4B41-9B94-DCF94648175A} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
    Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
    Task: {95C53501-6D3F-4E4B-BDA2-70F58C9CE73F} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
    Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
    Task: {9CC33130-975D-4DEC-BFC6-2290805634FB} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
    Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
    Task: {A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
    Task: {A71E53D3-DC1B-4D94-8367-7C66334571E5} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
    Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
    Task: {B5B66520-0160-4D2E-90DE-30D08DAD5677} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
    Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
    Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
    Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
    Task: {D5657306-2046-482D-B78C-FF3CC1EB72F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
    Task: {D5A5284C-AAA5-435D-AEFD-FACABF8D0E58} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
    Task: {DAC63440-FD86-43CD-AA88-A24A9B6AC73A} - \Microsoft\Windows\Media Center\mcupdate_scheduled No Task File <==== ATTENTION
    Task: {DC059C05-DFB8-401F-8902-6FAAA1B3F837} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
    Task: {DD6AB72E-B36D-4073-8149-4FAE9DCA3516} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
    Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
    Task: {DF1AB5D4-3BC8-4430-9C51-51F234BB365B} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1006 No Task File <==== ATTENTION
    Task: {E1563919-CFE5-4654-BF24-DF30A2D4E496} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
    Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
    Task: {E33BACF9-9D15-459A-BC06-D7A8674BBE01} - \Microsoft\Windows\SmartRecovery\SRCreate No Task File <==== ATTENTION
    Task: {E90C7B41-2778-4930-B95C-CBB3A52D75EA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
    Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
    Task: {EB493127-EB47-4C4F-AB70-F0C07F501967} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
    Task: {EC4300FA-439B-43D5-B40A-EC4AD3A426D2} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor No Task File <==== ATTENTION
    Task: {EF8EFF93-9142-411C-BE57-6B44C3F4EF7D} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
    Task: {F0C7FCFD-4710-4846-97F8-227CDB6B7B19} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
    Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
    AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ssj2mlm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 04 February 2015 - 12:07 PM

FRST Results (I will post the ESET results in a later reply):

 

fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by Dad at 2015-02-04 11:49:59 Run:2
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available profiles: Dad & Aaron & Mom & Meghan & Rachel & Noel & Terry)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {0147a0ef-0f34-11e4-846a-00241dccca17} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4b4e-1779-11e2-b86f-00241dccca17} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4cc1-1779-11e2-b86f-00241dccca17} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {18abe7c9-745e-11e1-a614-00241dccca17} - E:\LaunchU3.exe -a
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca868eb-70f9-11e0-8f0e-00241dccca17} - H:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca86b87-70f9-11e0-8f0e-00241dccca17} - G:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {51d4a297-74e6-11e4-9b63-00241dccca17} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {d8a136ad-4fa7-11df-a815-000272a9ef50} - E:\setup.exe
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\Users\Dad\100730_registry.reg
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {08F5BA3A-78E6-48D0-B347-3BE55AD710D0} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0E23E548-EE4E-47F3-9D89-327115A89EF4} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1017 No Task File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
Task: {1FF652C4-46EB-44F5-8A5D-8CA66198EE3D} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {4573C457-18A8-4FA9-92B0-015E83F67644} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {490619CE-2DC5-4B05-A27F-71F73AE73021} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {4C508D15-D353-4A49-BF98-C0D84E0D6C72} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {52D7EDE5-D3B6-4748-9142-BE2E55AA2606} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1007 No Task File <==== ATTENTION
Task: {560AD119-1B50-4950-BC87-0AD298E29482} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5BD69114-0E31-4288-AEA9-D27471276EA8} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {5FD54023-A6E0-4454-BB3F-9E702EBDA848} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1004 No Task File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
Task: {71685726-207A-4D7D-B7E7-30D16A8D4572} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {7A288C5E-5B9F-47EC-91CA-3610316F38AB} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {7B13A63F-294A-4979-B590-D2FDDB6D194D} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {7EEBF848-3A27-4527-A0CD-84B042222B95} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394} - \Microsoft\Windows\SmartRecovery\SRFilter No Task File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {82C233BE-C8AF-4D74-B0D6-89E68D56EA9D} - \SidebarExecute No Task File <==== ATTENTION
Task: {8B2FBB78-0944-4227-ABD6-18ACF92D174A} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {90BC1377-BD3A-405B-97A1-56AEB3892BFC} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {93E1CAF7-0E46-4B41-9B94-DCF94648175A} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {95C53501-6D3F-4E4B-BDA2-70F58C9CE73F} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9CC33130-975D-4DEC-BFC6-2290805634FB} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {A71E53D3-DC1B-4D94-8367-7C66334571E5} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {B5B66520-0160-4D2E-90DE-30D08DAD5677} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {D5657306-2046-482D-B78C-FF3CC1EB72F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {D5A5284C-AAA5-435D-AEFD-FACABF8D0E58} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {DAC63440-FD86-43CD-AA88-A24A9B6AC73A} - \Microsoft\Windows\Media Center\mcupdate_scheduled No Task File <==== ATTENTION
Task: {DC059C05-DFB8-401F-8902-6FAAA1B3F837} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
Task: {DD6AB72E-B36D-4073-8149-4FAE9DCA3516} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {DF1AB5D4-3BC8-4430-9C51-51F234BB365B} - \WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1006 No Task File <==== ATTENTION
Task: {E1563919-CFE5-4654-BF24-DF30A2D4E496} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
Task: {E33BACF9-9D15-459A-BC06-D7A8674BBE01} - \Microsoft\Windows\SmartRecovery\SRCreate No Task File <==== ATTENTION
Task: {E90C7B41-2778-4930-B95C-CBB3A52D75EA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {EB493127-EB47-4C4F-AB70-F0C07F501967} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {EC4300FA-439B-43D5-B40A-EC4AD3A426D2} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor No Task File <==== ATTENTION
Task: {EF8EFF93-9142-411C-BE57-6B44C3F4EF7D} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {F0C7FCFD-4710-4846-97F8-227CDB6B7B19} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj2mlm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
EmptyTemp:
*****************

"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0147a0ef-0f34-11e4-846a-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{0147a0ef-0f34-11e4-846a-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{033f4b4e-1779-11e2-b86f-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{033f4b4e-1779-11e2-b86f-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{033f4cc1-1779-11e2-b86f-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{033f4cc1-1779-11e2-b86f-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18abe7c9-745e-11e1-a614-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{18abe7c9-745e-11e1-a614-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ca868eb-70f9-11e0-8f0e-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{1ca868eb-70f9-11e0-8f0e-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ca86b87-70f9-11e0-8f0e-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{1ca86b87-70f9-11e0-8f0e-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51d4a297-74e6-11e4-9b63-00241dccca17}" => Key deleted successfully.
HKCR\CLSID\{51d4a297-74e6-11e4-9b63-00241dccca17} => Key not found.
"HKU\S-1-5-21-618570333-1535794558-3025776438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a136ad-4fa7-11df-a815-000272a9ef50}" => Key deleted successfully.
HKCR\CLSID\{d8a136ad-4fa7-11df-a815-000272a9ef50} => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Users\Dad\100730_registry.reg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization\SynchronizeTime" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08F5BA3A-78E6-48D0-B347-3BE55AD710D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F5BA3A-78E6-48D0-B347-3BE55AD710D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E23E548-EE4E-47F3-9D89-327115A89EF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E23E548-EE4E-47F3-9D89-327115A89EF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1017" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Task Manager\Interactive" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FF652C4-46EB-44F5-8A5D-8CA66198EE3D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF652C4-46EB-44F5-8A5D-8CA66198EE3D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2470470F-2634-478E-B181-571E98A789BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4573C457-18A8-4FA9-92B0-015E83F67644}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4573C457-18A8-4FA9-92B0-015E83F67644}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\AutomaticBackup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{490619CE-2DC5-4B05-A27F-71F73AE73021}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490619CE-2DC5-4B05-A27F-71F73AE73021}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C508D15-D353-4A49-BF98-C0D84E0D6C72}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C508D15-D353-4A49-BF98-C0D84E0D6C72}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52D7EDE5-D3B6-4748-9142-BE2E55AA2606}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52D7EDE5-D3B6-4748-9142-BE2E55AA2606}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1007" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{560AD119-1B50-4950-BC87-0AD298E29482}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560AD119-1B50-4950-BC87-0AD298E29482}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A40E926-9E86-4B89-9CFD-B12311724371}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BD69114-0E31-4288-AEA9-D27471276EA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BD69114-0E31-4288-AEA9-D27471276EA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FD54023-A6E0-4454-BB3F-9E702EBDA848}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FD54023-A6E0-4454-BB3F-9E702EBDA848}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1004" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\User Profile Service\HiveUploadTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71685726-207A-4D7D-B7E7-30D16A8D4572}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71685726-207A-4D7D-B7E7-30D16A8D4572}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A288C5E-5B9F-47EC-91CA-3610316F38AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A288C5E-5B9F-47EC-91CA-3610316F38AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B13A63F-294A-4979-B590-D2FDDB6D194D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B13A63F-294A-4979-B590-D2FDDB6D194D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EEBF848-3A27-4527-A0CD-84B042222B95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EEBF848-3A27-4527-A0CD-84B042222B95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SmartRecovery\SRFilter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace\GatherNetworkInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82C233BE-C8AF-4D74-B0D6-89E68D56EA9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82C233BE-C8AF-4D74-B0D6-89E68D56EA9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B2FBB78-0944-4227-ABD6-18ACF92D174A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B2FBB78-0944-4227-ABD6-18ACF92D174A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90BC1377-BD3A-405B-97A1-56AEB3892BFC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BC1377-BD3A-405B-97A1-56AEB3892BFC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\CacheTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E1CAF7-0E46-4B41-9B94-DCF94648175A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E1CAF7-0E46-4B41-9B94-DCF94648175A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9435F817-FED2-454E-88CD-7F78FDA62C48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95C53501-6D3F-4E4B-BDA2-70F58C9CE73F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95C53501-6D3F-4E4B-BDA2-70F58C9CE73F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{994C86AD-A929-4B2C-88A0-4E25A107A029}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994C86AD-A929-4B2C-88A0-4E25A107A029}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CC33130-975D-4DEC-BFC6-2290805634FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CC33130-975D-4DEC-BFC6-2290805634FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsColorSystem\Calibration Loader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5051514-D5F3-4DC8-BBED-F8A4FDD9CB48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A71E53D3-DC1B-4D94-8367-7C66334571E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71E53D3-DC1B-4D94-8367-7C66334571E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC668097-4D6B-4093-AC14-014C09DBF820}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC668097-4D6B-4093-AC14-014C09DBF820}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Ras\MobilityManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5B66520-0160-4D2E-90DE-30D08DAD5677}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B66520-0160-4D2E-90DE-30D08DAD5677}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\RegIdleBackup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0250F3F-6480-484F-B719-42F659AC64D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5657306-2046-482D-B78C-FF3CC1EB72F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5657306-2046-482D-B78C-FF3CC1EB72F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5A5284C-AAA5-435D-AEFD-FACABF8D0E58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5A5284C-AAA5-435D-AEFD-FACABF8D0E58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC63440-FD86-43CD-AA88-A24A9B6AC73A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC63440-FD86-43CD-AA88-A24A9B6AC73A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC059C05-DFB8-401F-8902-6FAAA1B3F837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC059C05-DFB8-401F-8902-6FAAA1B3F837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD6AB72E-B36D-4073-8149-4FAE9DCA3516}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD6AB72E-B36D-4073-8149-4FAE9DCA3516}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF1AB5D4-3BC8-4430-9C51-51F234BB365B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF1AB5D4-3BC8-4430-9C51-51F234BB365B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-618570333-1535794558-3025776438-1006" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1563919-CFE5-4654-BF24-DF30A2D4E496}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1563919-CFE5-4654-BF24-DF30A2D4E496}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E33BACF9-9D15-459A-BC06-D7A8674BBE01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E33BACF9-9D15-459A-BC06-D7A8674BBE01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SmartRecovery\SRCreate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E90C7B41-2778-4930-B95C-CBB3A52D75EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E90C7B41-2778-4930-B95C-CBB3A52D75EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB493127-EB47-4C4F-AB70-F0C07F501967}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB493127-EB47-4C4F-AB70-F0C07F501967}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC4300FA-439B-43D5-B40A-EC4AD3A426D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4300FA-439B-43D5-B40A-EC4AD3A426D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\Windows Backup Monitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8EFF93-9142-411C-BE57-6B44C3F4EF7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8EFF93-9142-411C-BE57-6B44C3F4EF7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0C7FCFD-4710-4846-97F8-227CDB6B7B19}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C7FCFD-4710-4846-97F8-227CDB6B7B19}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB3C354D-297A-4EB2-9B58-090F6361906B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3C354D-297A-4EB2-9B58-090F6361906B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" => Key deleted successfully.
"C:\Windows\avastSS.scr" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\eed_ec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\eed_sl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\GEARAspi64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msvcp120.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ssj2mlm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\GEARAspi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\java.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\javaw.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\javaws.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\psi_mf_amd64.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Dad\Downloads\AdwCleaner(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\AdwCleaner(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\ComboFix.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\FRST64(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dad\Downloads\FRST64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dad\Downloads\HijackThis.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\HijackThis.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\JRT.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\PSISetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\PSISetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\rkill.com" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\rkill.com => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\RogueKillerX64(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\RogueKillerX64(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Downloads\uTorrent.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dad\Downloads\uTorrent.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Dad\Documents\B-Day Zombie.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Dad\Documents\B-Day Zombie.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Dad\Documents\Don't Stop Believing.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Dad\Documents\Don't Stop Believing.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Dad\Documents\Pretty Things.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Dad\Documents\Pretty Things.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Dad\Documents\PT 1.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Dad\Documents\PT 1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
EmptyTemp: => Removed 501.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:50:31 ====

 

 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Dad (administrator) on BALDUR on 04-02-2015 12:00:56
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available profiles: Dad & Aaron & Mom & Meghan & Rachel & Noel & Terry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-12-27] (Oracle Corporation)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-30] (Electronic Arts)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-618570333-1535794558-3025776438-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\searchplugins\search.xml
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11]
FF Extension: WOT - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-15]
FF Extension: DownloadHelper - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-10]
FF Extension: InvisibleHand - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2014-07-15]
FF Extension: NoScript - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-15]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\mpfsumtn.default-1405436773312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2009-10-22] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-30] (Avast Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-30] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-22] (Overwolf LTD)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2015-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2015-02-02] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [14904 2009-02-23] ()
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-30] ()
S3 atidgllk; C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
S1 dsload; C:\Windows\SysWOW64\drivers\dsload.sys [10848 2008-05-23] (Oracle Corp.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-21] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-02-02] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-15] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-30] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-15] (Acronis International GmbH)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 12:00 - 2015-02-04 12:00 - 02131968 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-02-04 11:49 - 2015-02-04 11:49 - 00000000 ____D () C:\Users\Dad\Downloads\FRST-OlderVersion
2015-02-03 20:01 - 2015-02-04 11:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 20:01 - 2015-02-04 11:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 16:19 - 2015-02-03 16:19 - 00001324 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-02-03 15:51 - 2015-02-03 15:53 - 00001139 _____ () C:\Users\Dad\Desktop\mwb.txt
2015-02-03 15:26 - 2015-02-03 15:26 - 00000847 _____ () C:\Users\Dad\Desktop\µTorrent.lnk
2015-02-03 15:26 - 2015-02-03 15:26 - 00000827 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-03 15:25 - 2015-02-04 11:50 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\uTorrent
2015-02-03 15:21 - 2015-02-03 15:21 - 01740880 _____ (BitTorrent Inc.) C:\Users\Dad\Downloads\uTorrent.exe
2015-02-03 15:07 - 2015-02-04 11:51 - 00006424 _____ () C:\Windows\PFRO.log
2015-02-03 15:05 - 2015-02-03 15:05 - 01388274 _____ (Thisisu) C:\Users\Dad\Downloads\JRT.exe
2015-02-03 11:52 - 2015-02-03 16:31 - 00065631 _____ () C:\Users\Dad\Downloads\Addition.txt
2015-02-03 11:51 - 2015-02-04 12:01 - 00017390 _____ () C:\Users\Dad\Downloads\FRST.txt
2015-02-03 02:20 - 2015-02-04 11:52 - 00120531 _____ () C:\Windows\setupact.log
2015-02-03 02:20 - 2015-02-03 02:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 13:37 - 2015-02-02 13:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 13:25 - 2015-02-02 13:25 - 05490752 _____ (Secunia) C:\Users\Dad\Downloads\PSISetup.exe
2015-02-02 13:25 - 2015-02-02 13:25 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-02-02 13:25 - 2015-02-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-02-02 13:08 - 2015-02-02 13:08 - 00005090 _____ () C:\Users\Dad\Downloads\RKreport_SCN_02012015_201530.log
2015-02-02 13:01 - 2015-02-02 13:01 - 00010608 _____ () C:\Users\Dad\Documents\hijackthis.log
2015-02-02 12:58 - 2015-02-02 12:58 - 14861360 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\HijackThis.exe
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\TMRBLog
2015-02-02 12:58 - 2015-02-02 12:58 - 00000000 ____D () C:\Users\Dad\Downloads\log
2015-02-01 20:47 - 2015-02-01 20:47 - 05611380 _____ (Swearware) C:\Users\Dad\Downloads\ComboFix.exe
2015-02-01 20:47 - 2015-02-01 20:47 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dad\Downloads\rkill.com
2015-01-30 16:39 - 2015-01-30 16:39 - 00000991 _____ () C:\Users\Public\Desktop\Play Artemis.lnk
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artemis
2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\Program Files (x86)\Artemis
2015-01-30 11:50 - 2015-01-30 11:50 - 18570328 _____ () C:\Users\Dad\Downloads\RogueKillerX64(1).exe
2015-01-29 23:37 - 2015-02-03 15:06 - 00000000 ____D () C:\AdwCleaner
2015-01-29 23:37 - 2015-01-29 23:37 - 02194432 _____ () C:\Users\Dad\Downloads\AdwCleaner(1).exe
2015-01-29 19:55 - 2015-01-29 19:59 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-29 19:55 - 2015-01-29 19:55 - 00000936 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-29 19:55 - 2015-01-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-29 19:48 - 2015-01-29 19:55 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Guild Wars 2
2015-01-28 17:45 - 2015-01-28 17:45 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-28 17:45 - 2015-01-28 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 17:44 - 2015-01-28 17:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 15:39 - 2015-01-28 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-28 13:17 - 2014-09-28 13:23 - 00000019 _____ () C:\Windows\system32\Drivers\etc\hosts.20150128-131740.backup
2015-01-13 16:02 - 2015-01-13 16:02 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:02 - 2015-01-13 16:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:02 - 2015-01-13 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:01 - 2015-01-13 16:01 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:01 - 2015-01-13 16:01 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:01 - 2015-01-13 16:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 12:00 - 2014-07-14 09:00 - 00000000 ____D () C:\FRST
2015-02-04 11:57 - 2011-07-21 19:46 - 01445051 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 11:55 - 2014-10-08 12:19 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 11:54 - 2014-07-12 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-04 11:54 - 2013-01-06 01:16 - 00000144 _____ () C:\service.log
2015-02-04 11:54 - 2010-07-15 13:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-04 11:52 - 2014-07-14 16:25 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-02-04 11:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 11:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-02-04 11:49 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Dad
2015-02-03 20:01 - 2012-12-19 20:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 20:01 - 2012-12-19 20:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 19:12 - 2014-07-07 16:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 15:26 - 2014-07-14 08:16 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2015-02-03 15:17 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 15:17 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 07:26 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-02 13:45 - 2013-12-01 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job.bak
2015-02-02 13:40 - 2012-12-19 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak
2015-02-02 13:34 - 2011-07-30 00:32 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2015-02-02 13:33 - 2011-07-30 00:32 - 00149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-02-02 13:25 - 2014-11-28 07:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2015-02-02 02:40 - 2012-12-19 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak
2015-02-01 20:09 - 2014-07-14 08:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-01 00:31 - 2014-07-18 17:27 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-01-30 16:03 - 2009-07-14 00:13 - 00854040 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 23:35 - 2013-12-15 18:48 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\TS3Client
2015-01-29 23:35 - 2013-12-15 11:22 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-29 23:32 - 2014-07-09 00:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-29 23:31 - 2014-12-22 10:18 - 03141120 _____ () C:\Windows\system32\eed_ec.dll
2015-01-29 23:31 - 2014-12-22 10:18 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-01-29 23:31 - 2014-12-22 10:18 - 00029184 _____ () C:\Windows\system32\ssj2mlm.dll
2015-01-29 20:16 - 2011-08-17 06:45 - 00000000 ____D () C:\Users\Terry
2015-01-29 20:16 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Noel
2015-01-29 20:15 - 2012-10-10 16:31 - 00000000 ____D () C:\Users\Mom
2015-01-29 20:15 - 2011-07-28 06:25 - 00000000 ____D () C:\Users\Rachel.Baldur
2015-01-29 20:15 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Meghan
2015-01-29 18:34 - 2012-08-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 17:41 - 2013-10-23 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 15:38 - 2013-10-04 23:58 - 00660128 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll
2015-01-28 13:11 - 2011-07-21 18:58 - 00000000 ____D () C:\Users\Aaron
2015-01-28 13:11 - 2011-01-14 20:39 - 00000000 ____D () C:\Users\Rachel
2015-01-28 13:11 - 2010-02-22 19:06 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-28 13:10 - 2010-02-22 19:05 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-01-27 15:42 - 2014-08-12 16:33 - 00002048 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002046 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00002036 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 15:42 - 2014-08-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 16:45 - 2013-12-01 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 16:45 - 2012-08-15 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 16:45 - 2011-12-26 20:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:03 - 2013-12-15 11:24 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-15 01:05 - 2011-07-21 18:57 - 00846162 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 01:08 - 2013-07-19 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:00 - 2011-08-11 18:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 08:02 - 2010-02-16 09:25 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583096.tmp
2011-11-02 13:13 - 2011-11-02 13:13 - 0226656 ____N (Oracle Corporation) C:\Program Files (x86)\cnsload_1320257583111.tmp
2011-07-30 00:32 - 2015-02-02 13:33 - 0149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2011-07-30 00:32 - 2015-02-02 13:34 - 13141167 _____ () C:\Users\Dad\AppData\Local\census.cache
2011-07-29 22:58 - 2011-07-29 22:58 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2012-01-14 16:38 - 2012-03-14 11:31 - 0007609 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-07-10 09:31 - 2014-07-10 09:31 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2011-12-15 23:48 - 2011-12-15 23:48 - 0473835 _____ () C:\ProgramData\SPL6206.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:59

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by Dad at 2015-02-04 12:01:39
Running from C:\Users\Dad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
µTorrent (HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Agent Ransack x64 (HKLM\...\{D7DDA334-FF1D-4A04-B056-22AB301026C8}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}) (Version: 3.1.0.0342 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.1_1.0 - Thom Robertson)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.4.0.0115 - Disk Software Ltd)
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
ATI AVIVO64 Codecs (Version: 10.12.0.41118 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avencast™ - Rise of The Mage (v1.04b) (HKLM-x32\...\Avencast™ - Rise of The Mage_is1) (Version:  - Clockstone Software, Ltd.)
Baldur's Gate™ II - Shadows of Amn™ (HKLM-x32\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield Vietnam™ (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM-x32\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ Demo (HKLM-x32\...\InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ Demo (x32 Version: 1.00.0000 - Activision) Hidden
ccc-core-static (x32 Version: 2009.0730.58.43017 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.43550.1216 - COMODO Group Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.53.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dandelion - Wishes brought to you - Demo version 1.92 (HKLM-x32\...\{795EAB32-6331-420A-A57B-AAA3FC14ED0E}_is1) (Version: 1.92 - Cheritz)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dungeon and Dragons: Neverwinter Nights Complete (HKLM-x32\...\{053FFC87-C5BD-4B3C-9D3E-783902D83D21}) (Version: 1.0.0 - Atari)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Easy Tune 6 B09.0918.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0918.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Exact Audio Copy 1.0beta1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
FreeSpace (HKLM-x32\...\Freespace) (Version:  - )
FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II Total War Demo Gold (HKLM-x32\...\{4A665599-6771-4732-BE74-06B43B9F611B}) (Version: 1.00.0000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oracle Web Conferencing Console (HKLM-x32\...\OracleRTCClient) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.103 - Panda Security)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
Q-Share Ver.1.2 (HKLM-x32\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.3.0 - Ralink)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Home Entertainment)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.60.00(7/23/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.47.0 - Samsung Electronics Co., Ltd.)
Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.10 (2/12/2014) - Samsung Electronics Co., Ltd.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.00.00 - Stardock Entertainment, Inc.) Hidden
Smart Recovery B09.0911.1  (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version:  - )
Smart Recovery B09.0911.1  (x64) (Version: 1.00.0002 - GIGABYTE) Hidden
SmartMusic 2011a (HKLM-x32\...\SmartMusic 2011a) (Version: 13.0.0 - MakeMusic)
SmartMusic 2012b (HKLM-x32\...\SmartMusic 2012b) (Version: 14.2.0 - MakeMusic)
Sniper Elite V2 Demo (HKLM-x32\...\Steam App 210470) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Trek Legacy (HKLM-x32\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy 1.4.080 Patch (HKLM-x32\...\Star Trek Legacy 1.4.080 Patch) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars™: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teamcenter Application Sharing (HKLM-x32\...\{36B0C1C6-4AD8-40F1-8B2E-656F119E9DC4}) (Version: 9.0.11187 - Siemens PLM Solutions)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.5.82 - Electronic Arts)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Ultima IX: Ascension (HKLM-x32\...\{2E38F875-8285-4453-0089-542B10175A54}) (Version:  - )
Ultima Online: AoS (HKLM-x32\...\{7AC5D2AD-F559-461B-0081-283D0566F3A5}) (Version:  - )
Update Manager B09.0908.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Vim 7.2 (self-installing) (HKLM-x32\...\Vim 7.2) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
X3 REUNION (HKLM-x32\...\{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}) (Version: 1.00.0000 - EGOSOFT)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-01-2015 02:00:25 Automatic creation
02-01-2015 02:00:27 Automatic creation
03-01-2015 02:00:27 Automatic creation
04-01-2015 02:00:27 Automatic creation
05-01-2015 02:00:25 Automatic creation
06-01-2015 02:00:25 Automatic creation
07-01-2015 02:00:27 Automatic creation
08-01-2015 02:22:29 Automatic creation
09-01-2015 02:00:24 Automatic creation
10-01-2015 02:00:26 Automatic creation
11-01-2015 02:00:25 Automatic creation
12-01-2015 02:00:25 Automatic creation
13-01-2015 02:00:29 Automatic creation
14-01-2015 02:28:29 Automatic creation
15-01-2015 02:00:24 Automatic creation
16-01-2015 02:00:04 Automatic creation
17-01-2015 02:00:24 Automatic creation
18-01-2015 02:00:24 Automatic creation
19-01-2015 02:00:17 Automatic creation
20-01-2015 02:22:14 Automatic creation
21-01-2015 02:20:00 Automatic creation
22-01-2015 02:00:04 Automatic creation
23-01-2015 02:00:29 Automatic creation
24-01-2015 02:00:26 Automatic creation
25-01-2015 02:00:14 Automatic creation
26-01-2015 02:00:29 Automatic creation
27-01-2015 02:00:18 Automatic creation
28-01-2015 02:00:20 Automatic creation
29-01-2015 02:00:32 Automatic creation
30-01-2015 07:52:35 Automatic creation
31-01-2015 02:00:07 Automatic creation
01-02-2015 02:01:22 Automatic creation
02-02-2015 13:05:43 Known good on 2/2/15
03-02-2015 02:26:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-07-07 13:53 - 2015-02-04 11:49 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09DD604E-9593-42DE-B26F-7389249798DE} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {193734F3-8146-402C-8C4F-2894C449F1F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {301B0539-20DF-457F-BE5B-EB5B7C63C8DA} - System32\Tasks\{28267CE2-AC6E-40EC-8E84-30ED52A2E4D4} => pcalua.exe -a G:\autorun.exe -d G:\
Task: {48AA01F0-A999-4298-BE00-826EC72332AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4ED9B216-D80E-45D4-8B90-C630F4B20BB8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {5942F493-4438-4409-B605-ED745A1EE6B1} - System32\Tasks\{BB37602F-6432-49CC-877B-E96441D6B45E} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {5DACA79E-6732-4828-958A-57D663127487} - System32\Tasks\{E2851001-CD8B-4C9D-9978-8956427909A2} => pcalua.exe -a "C:\Program Files (x86)\Atari\DnDNWNC\Neverwinter Nights II\Redist\dotnetfx.exe" -d D:\ -c /q:a
Task: {5E23DFBC-251D-465F-AB3C-E8A069A69FF2} - System32\Tasks\ccleaner => C:\Program Files (x86)\CCleaner\CCleaner.exe [2011-06-24] (Piriform Ltd)
Task: {5EBBAFF7-4F4A-4A48-A859-48A568F1BABF} - System32\Tasks\{BB0C36E3-C45A-4CCE-A008-FEC781371266} => pcalua.exe -a "C:\Program Files (x86)\Black Isle\BGII - SoA\setup-haerdalisromance.exe" -d "C:\Program Files (x86)\Black Isle\BGII - SoA"
Task: {692815B2-4530-4A74-BF28-8DDD79C1E1CA} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6CECEC21-7E75-42A6-86FE-C256333D3DF9} - System32\Tasks\{C7E3B740-45AA-41A1-A3AF-59AE8991C812} => pcalua.exe -a "F:\Program Files (x86)\Origin\Ultima IX Ascension\FinalSetup.exe" -d "F:\Program Files (x86)\Origin\Ultima IX Ascension"
Task: {71424C4E-C8EA-43D2-BF4D-FA7EEA556483} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {75502724-72ED-45AD-979F-AB5D451F1E06} - System32\Tasks\{1E3CB70B-1C91-4915-871A-E7835C00A031} => pcalua.exe -a D:\autorun.exe -d C:\Users\Dad\Desktop
Task: {7602ADA3-ACBC-4CCD-872E-DFC619D6EF3F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-22] (Overwolf LTD)
Task: {80149B74-D95E-4A02-8E55-7638E245162A} - System32\Tasks\{5C47274F-BCA4-4139-BC94-8CD92CA7D657} => pcalua.exe -a C:\Users\Dad\Downloads\CoD4MWDemoSetup(2).exe -d C:\Users\Dad\Downloads
Task: {816B6256-F809-420C-9F88-A379B31B46F6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {8C411C2D-560B-4595-8800-496341658CB9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-26] (Adobe Systems Incorporated)
Task: {90AECFA1-35B3-429A-A0B4-1876E524F764} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-30] (AVAST Software)
Task: {927DE63C-60A6-469D-9214-B9D50DE82BF2} - System32\Tasks\{4AB9D493-C279-4087-8389-F351337A6552} => pcalua.exe -a C:\Users\Dad\AppData\Local\Temp\wzbad1\Phoenix.exe -d "F:\total war 2 shogun"
Task: {96414F7A-43C2-4C3E-8134-8733304E344A} - System32\Tasks\Malwarebytes Scanner => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {977F1C1B-0092-4562-83BE-EED9C226E08F} - System32\Tasks\{BCD3CA26-362E-40FD-990E-2D4416C631E8} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {9E6CA771-8635-449B-99C5-E5A91081381D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {A12C62B9-65A4-4EA1-B902-DCF8D8729945} - System32\Tasks\{DCA5E30F-2FAC-4110-B5D7-1CEAEBED66DA} => pcalua.exe -a "F:\star wars jedi academy\Daemon Tools 3.47.exe" -d "F:\star wars jedi academy"
Task: {A93468D7-A391-4B9D-98DB-D68C7A4597EA} - System32\Tasks\{28130279-849B-4786-8BDA-768DA20293B6} => pcalua.exe -a E:\Bonus\Patches\SWKotOR1_03.exe -d E:\Bonus\Patches
Task: {A94E50F3-D515-4E9F-A897-12F3556332B0} - System32\Tasks\{B57BEC15-12D5-4484-8F82-EDDB19CF1060} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe" -c -runfromtemp -l0x0409
Task: {AA2BCEA8-505D-4AE4-8AEA-A95E8DE42673} - System32\Tasks\{EEE0749C-28EB-4DD3-AE0C-6257C99876DC} => pcalua.exe -a C:\Users\Dad\Downloads\msicuu2.exe -d C:\Users\Dad\Downloads
Task: {ACC8EAC4-3A96-420D-81F9-DAE384374D53} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
Task: {ADDD5868-D739-4692-B026-1F50C8622DB2} - System32\Tasks\Spybot SD Clean => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDCleaner.exe
Task: {B3C6192C-1A0E-420E-A3B0-26813FF68F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {C61112DE-254D-41D5-8411-C8BCD3D453DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C94AE7DB-B4EE-4F7E-BBF6-DB4C3C1FC4AD} - System32\Tasks\Malwarebytes Update => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-12-27] (Malwarebytes Corporation)
Task: {D0C3BBC8-A4E1-4898-B243-C142263DABB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D1F11153-9428-4977-BBAB-C1FCED77EC03} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-08] (COMODO)
Task: {D61EB76C-8619-4E38-BEB1-A544F66F6AC4} - System32\Tasks\{68EA0CAE-97BE-4AD9-A710-7E73E7F08163} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {D905B85B-C853-44C8-BC94-37E5194605B0} - System32\Tasks\Defragment Drive => C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe [2014-07-15] (Auslogics)
Task: {DA4E2A15-F661-4D15-A070-0CDA6C82A853} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E6951A04-1F4C-454F-8F31-8DFC5C9F71C7} - System32\Tasks\{411B183B-F589-47D8-B570-3F064CB96F46} => pcalua.exe -a C:\Users\Dad\Desktop\CombatArmsSetupV45.exe -d C:\Users\Dad\Desktop
Task: {FA0D8E52-D5CF-43C6-B587-F5F28E52DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job.bak => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-22 10:18 - 2015-01-29 23:31 - 00029184 _____ () C:\Windows\System32\ssj2mlm.dll
2010-05-09 15:34 - 2009-08-13 11:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00136544 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2010-02-17 18:26 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2014-12-30 10:47 - 2014-12-30 10:47 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-04 05:00 - 2015-02-04 05:00 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020400\algo.dll
2014-12-30 10:47 - 2014-12-30 10:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00423256 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 04101472 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 01586528 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2009-10-22 03:49 - 2009-10-22 03:49 - 00361816 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-17 18:26 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-01-05 11:29 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-05 11:29 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-05 11:29 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-10-08 12:22 - 2015-01-30 07:23 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-10-08 12:22 - 2015-01-30 07:23 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-01-05 11:29 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-12-30 10:47 - 2014-12-30 10:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-23 19:51 - 2015-01-28 17:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-05 23:10 - 2014-03-05 23:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj2mlm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\AdwCleaner(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\da_i_pc_dlc__ww_final_beta_6__soundtrack.zip:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Dad\Downloads\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\PSISetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\rkill.com:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\RootkitBusterV5.0-1180x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Downloads\uTorrent.exe:$CmdTcID
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK => C:\Windows\pss\Registration Assassin's Creed.LNK.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_12354009.lnk => C:\Windows\pss\_uninst_12354009.lnk.Startup
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: ospd_us_45 => "C:\Program Files (x86)\ospd_us_45\ospd_us_45.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Aaron (S-1-5-21-618570333-1535794558-3025776438-1003 - Limited - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-618570333-1535794558-3025776438-500 - Administrator - Disabled)
ASPNET (S-1-5-21-618570333-1535794558-3025776438-1010 - Limited - Enabled)
Chynna (S-1-5-21-618570333-1535794558-3025776438-1008 - Limited - Enabled)
Dad (S-1-5-21-618570333-1535794558-3025776438-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-618570333-1535794558-3025776438-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-618570333-1535794558-3025776438-1016 - Limited - Enabled)
Meghan (S-1-5-21-618570333-1535794558-3025776438-1005 - Limited - Enabled) => C:\Users\Meghan
Mom (S-1-5-21-618570333-1535794558-3025776438-1004 - Limited - Enabled) => C:\Users\Mom
Noel (S-1-5-21-618570333-1535794558-3025776438-1007 - Limited - Enabled) => C:\Users\Noel
Rachel (S-1-5-21-618570333-1535794558-3025776438-1006 - Limited - Enabled) => C:\Users\Rachel.Baldur
Terry (S-1-5-21-618570333-1535794558-3025776438-1017 - Limited - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 11:50:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x6b8
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8002

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8002

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5990

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5990

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/04/2015 11:54:07 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/04/2015 11:52:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (02/04/2015 11:52:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (02/04/2015 11:51:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\dsload.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/04/2015 11:50:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/04/2015 11:50:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/03/2015 04:16:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (02/04/2015 11:50:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c16b801d03fed4e75addaC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllf5ae7a11-ac8d-11e4-bcb0-00241dccca17

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8002

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8002

Error: (02/04/2015 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004

Error: (02/04/2015 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5990

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5990

Error: (02/04/2015 10:02:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2011-07-21 18:19:21.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-21 18:19:21.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Six-Core Processor
Percentage of memory in use: 36%
Total physical RAM: 7678.49 MB
Available physical RAM: 4894.77 MB
Total Pagefile: 24060.68 MB
Available Pagefile: 20796.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1017.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1456.15 GB) NTFS
Drive f: (New F) (Fixed) (Total:1862.89 GB) (Free:606.13 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:36 PM

Posted 04 February 2015 - 12:19 PM

OK I'm waiting for the ESET Log. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 04 February 2015 - 01:08 PM

So am I :)



#14 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 05 February 2015 - 11:02 AM

No threats found so it didn't offer to generate a log file.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

It reports nothing else.

 

The computer is working well.  It still occasionally boots itself throughout the day.

I have enable some scheduled tasks to do this but I only recall setting this to start the computer in the evening.  I will investigate and determine whether that's something like definition updates.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:36 PM

Posted 05 February 2015 - 11:33 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users