Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Police Porn Popup? I think I am infected!


  • This topic is locked This topic is locked
21 replies to this topic

#1 Lucius31

Lucius31

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 February 2015 - 08:05 PM

Hi,

 

About an hour ago I got a popup saying my web-browser was locked due to talking to minors (which I did not do) and every time I tried to open a browser this would occur (a new pop-up of the same thing). It had a flag of Australia, stated that I could serve time in prison, had to pay some sort of fine and that everything I was doing was being recorded. It also stated my IP address and my location (but non specific). I could not open a new site without it locking up and posting this nonesense.

 

I had to reboot the machine to stop this from happening. I honestly think it was just a popup from a site I had visited (let's just thank daniel tosh of tosh.0 for the curiosity) and was trying to close it down. Still, a part of me is concerned over the message and would like to know if it's indeed some random virus or if I should call my ISP or Police.

 

The only other odd thing I have been experiencing is delay when typing, this has been occurring during the last week or two.

 

I remember you guys did a good check if my system had a virus not long ago, and maybe I could still be infected or I picked up something new.

 

Cheers,

 

Lucius.

 



BC AdBot (Login to Remove)

 


#2 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 February 2015 - 09:31 PM

I called Telstra Support re: this message to see if it's legit or not and they said it's a virus and simple to remove. They said to just do a system restore to a day before the popup happened. I tried to do two restores (different dates as first try failed and Windows suggested a different date) but both had errors ie "was unsuccessful", however I have no idea why. I checked event viewer and it made no sense to me. Sorry.

 

So I will await for further instructions as I think Telstra have no idea.

 

Thank you.


Edited by Lucius31, 16 February 2015 - 09:33 PM.


#3 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 19 February 2015 - 09:00 AM

Hi,

 

Sorry for the third post in a row, but I read online via google that this virus slowly takes over the pc, and it usually happens after 3-4 days.

 

I am getting really worried that it will pop up and destroy this pc.



#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:37 AM

Posted 20 February 2015 - 03:03 PM

:welcome:

 

Sorry for the late reply but when you reply to your own topic it takes you out of the zero replies that we look for to help on a log, lets run a few scans and see where your at

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 02:56 AM

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-02-22 17:11:46
    -----------------------------
    17:11:46.915    OS Version: Windows x64 6.1.7601 Service Pack 1
    17:11:46.915    Number of processors: 8 586 0x2A07
    17:11:46.915    ComputerName: ANTONIO-PC  UserName: Antonio
    17:11:47.095    Initialize success
    17:11:47.100    VM: initialized successfully
    17:11:47.100    VM: Intel CPU supported virtualized
    17:12:26.991    VM: disk I/O iaStorA.sys
    17:12:29.747    AVAST engine defs: 15022100
    17:12:42.472    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    17:12:42.473    Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
    17:12:42.474    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000066
    17:12:42.475    Disk 1 Vendor: Intel___ 1.0. Size: 476945MB BusType: 8
    17:12:42.487    Disk 1 MBR read successfully
    17:12:42.489    Disk 1 MBR scan
    17:12:42.490    Disk 1 Windows 7 default MBR code
    17:12:42.492    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       476943 MB offset 2048
    17:12:42.495    Disk 1 scanning C:\Windows\system32\drivers
    17:12:43.870    Service scanning
    17:12:46.605    Modules scanning
    17:12:46.608    Disk 1 trace - called modules:
    17:12:46.611    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
    17:12:46.612    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800f02a790]
    17:12:46.614    3 CLASSPNP.SYS[fffff88001d4d43f] -> nt!IofCallDriver -> [0xfffffa800ef29c50]
    17:12:46.616    5 iaStorF.sys[fffff880017f1168] -> nt!IofCallDriver -> [0xfffffa800d0f0040]
    17:12:46.618    7 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800d0fb060]
    17:12:46.766    AVAST engine scan C:\Windows
    17:12:47.021    AVAST engine scan C:\Windows\system32
    17:13:11.477    AVAST engine scan C:\Windows\system32\drivers
    17:13:13.247    AVAST engine scan C:\Users\Antonio
    17:13:25.304    AVAST engine scan C:\ProgramData
    17:13:28.368    Disk 1 statistics 3790182/0/0 @ 117.12 MB/s
    17:13:28.371    Scan finished successfully
    18:54:50.435    Disk 1 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
    18:54:50.437    The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"

     



    #6 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 03:08 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
    Ran by Antonio (administrator) on ANTONIO-PC on 22-02-2015 18:59:15
    Running from C:\Users\Antonio\Desktop
    Loaded Profiles: Antonio (Available profiles: Antonio)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (AVAST Software) C:\Users\Antonio\Desktop\aswMBR.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
    HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-25] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\...\RunOnce: [Adobe Speed Launcher] => 1424399324
    AppInit_DLLs: => File Not Found
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
    Hosts: 54.243.115.56 launcher.Bethesda.net
    Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49

    FireFox:
    ========
    FF ProfilePath: C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-18]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-25] (AVAST Software)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-25] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-25] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-25] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-25] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-25] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-25] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-25] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
    R3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
    R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
    R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
    R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
    S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.) [File not signed]
    S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    U3 aswMBR; \??\C:\Users\Antonio\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 18:59 - 2015-02-22 18:59 - 00010139 _____ () C:\Users\Antonio\Desktop\FRST.txt
    2015-02-22 18:58 - 2015-02-22 18:59 - 00000000 ____D () C:\FRST
    2015-02-22 18:57 - 2015-02-22 18:57 - 02086912 _____ (Farbar) C:\Users\Antonio\Desktop\FRST64.exe
    2015-02-22 18:54 - 2015-02-22 18:54 - 00002284 _____ () C:\Users\Antonio\Desktop\aswMBR.txt
    2015-02-22 18:54 - 2015-02-22 18:54 - 00000512 _____ () C:\Users\Antonio\Desktop\MBR.dat
    2015-02-22 17:07 - 2015-02-22 17:08 - 05198336 _____ (AVAST Software) C:\Users\Antonio\Desktop\aswMBR.exe
    2015-02-20 00:14 - 2015-02-20 00:34 - 00000000 ____D () C:\Users\Antonio\Zomboid
    2015-02-19 18:06 - 2015-02-19 18:06 - 00000000 ____D () C:\Users\Antonio\AppData\Local\Steam
    2015-02-17 19:40 - 2015-02-17 19:40 - 00000222 _____ () C:\Users\Antonio\Desktop\Project Zomboid.url
    2015-02-17 13:28 - 2015-01-23 15:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-17 13:28 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-17 13:28 - 2015-01-23 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-17 13:28 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-17 13:04 - 2015-02-17 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2015-02-11 10:13 - 2015-02-04 14:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 10:13 - 2015-02-04 14:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 10:13 - 2015-02-04 14:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 10:13 - 2015-02-04 14:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 10:13 - 2015-02-04 14:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 10:13 - 2015-02-04 14:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 10:13 - 2015-02-04 14:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 10:13 - 2015-01-28 10:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 10:13 - 2015-01-14 16:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 10:13 - 2015-01-14 16:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32(80).dll
    2015-02-11 10:13 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 10:13 - 2015-01-12 14:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 10:13 - 2015-01-12 14:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 10:13 - 2015-01-12 13:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 10:13 - 2015-01-12 13:48 - 02885632 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 10:13 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(58).dll
    2015-02-11 10:13 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 10:13 - 2015-01-12 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 10:13 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 10:13 - 2015-01-12 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 10:13 - 2015-01-12 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 10:13 - 2015-01-12 13:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 10:13 - 2015-01-12 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 10:13 - 2015-01-12 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 10:13 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 10:13 - 2015-01-12 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 10:13 - 2015-01-12 13:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 10:13 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 10:13 - 2015-01-12 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 10:13 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 10:13 - 2015-01-12 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 10:13 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 10:13 - 2015-01-12 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup(84).dll
    2015-02-11 10:13 - 2015-01-12 13:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub(81).dll
    2015-02-11 10:13 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 10:13 - 2015-01-12 13:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 10:13 - 2015-01-12 13:02 - 02277888 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 10:13 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(83).dll
    2015-02-11 10:13 - 2015-01-12 13:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 10:13 - 2015-01-12 12:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce(82).dll
    2015-02-11 10:13 - 2015-01-12 12:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui(85).dll
    2015-02-11 10:13 - 2015-01-12 12:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt(86).exe
    2015-02-11 10:13 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 10:13 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 10:13 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 10:13 - 2015-01-12 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 10:13 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 10:13 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 10:13 - 2015-01-12 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent(88).dll
    2015-02-11 10:13 - 2015-01-12 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 10:13 - 2015-01-12 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 10:13 - 2015-01-12 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 10:13 - 2015-01-12 12:27 - 02358272 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 10:13 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet(75).dll
    2015-02-11 10:13 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl(87).cpl
    2015-02-11 10:13 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 10:13 - 2015-01-12 12:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 10:13 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 10:13 - 2015-01-12 12:14 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 10:13 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(72).dll
    2015-02-11 10:13 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 10:13 - 2015-01-12 12:00 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 10:13 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(93).dll
    2015-02-11 10:13 - 2015-01-12 11:56 - 01307136 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 10:13 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(92).dll
    2015-02-11 10:13 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(59).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(66).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0(62).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt(63).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest(73).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(71).dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 10:13 - 2015-01-10 17:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(55).dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos(89).dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 10:13 - 2015-01-10 17:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 10:13 - 2015-01-09 14:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-11 10:13 - 2015-01-09 14:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-11 10:13 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 10:13 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 10:12 - 2015-01-15 19:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 10:12 - 2015-01-15 19:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 10:12 - 2015-01-15 19:09 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv(60).dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli(69).dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 10:12 - 2015-01-15 19:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass(61).exe
    2015-02-11 10:12 - 2015-01-15 19:09 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv(70).dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 10:12 - 2015-01-15 19:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32(67).dll
    2015-02-11 10:12 - 2015-01-15 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 10:12 - 2015-01-15 19:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 10:12 - 2015-01-15 19:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 10:12 - 2015-01-15 19:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 10:12 - 2015-01-15 18:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 10:12 - 2015-01-15 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 10:12 - 2015-01-15 18:41 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 10:12 - 2015-01-15 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(91).dll
    2015-02-11 10:12 - 2015-01-15 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 10:12 - 2015-01-15 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 10:12 - 2015-01-15 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 10:12 - 2015-01-15 15:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 10:12 - 2015-01-14 17:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 10:12 - 2015-01-14 17:05 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 10:12 - 2015-01-14 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore(68).dll
    2015-02-11 10:12 - 2015-01-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 10:12 - 2015-01-14 17:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 10:12 - 2015-01-14 16:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 10:12 - 2015-01-14 16:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 10:12 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 10:12 - 2015-01-13 14:10 - 01424384 ____N (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 10:12 - 2015-01-13 14:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs(74).dll
    2015-02-11 10:12 - 2015-01-13 13:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 10:12 - 2015-01-09 13:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 10:12 - 2014-12-12 16:31 - 01480192 ____N (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 10:12 - 2014-12-12 16:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32(56).dll
    2015-02-11 10:12 - 2014-12-12 16:07 - 01174528 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 10:12 - 2014-12-12 16:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32(76).dll
    2015-02-11 10:12 - 2014-12-08 14:09 - 00406528 ____N (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 10:12 - 2014-12-08 14:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv(65).dll
    2015-02-11 10:12 - 2014-12-08 13:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 10:12 - 2014-11-26 14:53 - 00861696 ____N (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 10:12 - 2014-11-26 14:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32(64).dll
    2015-02-11 10:12 - 2014-11-26 14:32 - 00571904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 10:12 - 2014-11-26 14:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32(90).dll
    2015-02-04 02:02 - 2015-02-04 02:02 - 00000000 __SHD () C:\Users\Antonio\AppData\Local\EmieBrowserModeList
    2015-02-02 21:06 - 2015-02-02 21:06 - 00000000 ____D () C:\Windows\SysWOW64\directx
    2015-02-02 21:05 - 2015-02-02 21:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
    2015-01-31 02:42 - 2015-01-31 02:42 - 00000222 _____ () C:\Users\Antonio\Desktop\Real Boxing.url
    2015-01-31 00:58 - 2015-01-31 00:58 - 00000222 _____ () C:\Users\Antonio\Desktop\Bastion.url
    2015-01-25 13:52 - 2015-01-25 13:52 - 00000000 ____D () C:\Users\Antonio\AppData\Roaming\.minecraft

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 18:21 - 2014-11-18 00:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-22 18:03 - 2014-04-11 13:41 - 01758870 _____ () C:\Windows\WindowsUpdate.log
    2015-02-20 20:00 - 2013-07-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-02-20 13:35 - 2009-07-14 15:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-20 13:35 - 2009-07-14 15:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-20 13:32 - 2009-07-14 16:13 - 00788656 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-20 13:30 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
    2015-02-20 13:28 - 2014-09-24 00:31 - 00014996 _____ () C:\Windows\setupact.log
    2015-02-20 13:28 - 2014-04-11 13:44 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-20 13:28 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-20 00:14 - 2013-07-25 14:51 - 00000000 ____D () C:\Users\Antonio
    2015-02-19 15:28 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-17 13:25 - 2013-07-25 19:41 - 00000000 ___RD () C:\Users\Antonio\Desktop\Stuff
    2015-02-17 13:25 - 2013-07-25 19:16 - 00000000 ___RD () C:\Users\Antonio\Desktop\Utilities
    2015-02-17 13:24 - 2013-07-25 15:29 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-17 13:23 - 2014-12-12 16:04 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-17 13:23 - 2014-05-07 04:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-17 13:23 - 2013-07-26 12:58 - 00000000 ____D () C:\Users\Antonio\Documents\My Games
    2015-02-17 13:23 - 2013-07-26 07:31 - 00000000 ____D () C:\Program Files (x86)\Razer
    2015-02-17 13:23 - 2013-07-25 15:20 - 00000000 ____D () C:\Windows\system32\Macromed
    2015-02-17 13:23 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-17 13:23 - 2009-07-14 14:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-02-12 05:21 - 2014-09-24 00:31 - 00265104 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 05:20 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-11 12:18 - 2013-07-26 07:41 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 12:17 - 2013-07-25 19:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-06 22:21 - 2014-11-18 00:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-06 22:21 - 2013-08-14 12:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-06 22:21 - 2013-07-30 03:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-29 12:23 - 2014-10-17 04:49 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-29 12:23 - 2014-09-27 21:00 - 00000000 ____D () C:\Program Files\Java
    2015-01-29 12:22 - 2014-10-17 04:50 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-01-29 12:22 - 2014-10-17 04:49 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-01-29 12:22 - 2014-10-17 04:49 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-01-29 12:22 - 2014-10-17 04:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-29 12:22 - 2014-09-27 21:00 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-01-29 12:22 - 2014-09-27 21:00 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-01-29 12:22 - 2014-09-27 21:00 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-01-29 12:22 - 2014-09-27 21:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-01-29 12:22 - 2013-09-20 21:18 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-28 23:47 - 2015-01-22 19:53 - 00000000 ____D () C:\Users\Antonio\Desktop\Eschalon Guide
    2015-01-27 23:54 - 2013-08-18 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-25 13:50 - 2013-04-22 18:56 - 00000000 ___RD () C:\Wallpapers

    ==================== Files in the root of some directories =======

    2013-07-28 14:46 - 2013-07-28 14:47 - 0010217 _____ () C:\Users\Antonio\AppData\Local\CleanupUninstall.txt
    2013-07-25 19:33 - 2013-07-26 07:46 - 0000079 _____ () C:\Users\Antonio\AppData\Local\CrystalDiskMark30.ini
    2013-07-26 14:43 - 2014-04-13 14:12 - 0007606 _____ () C:\Users\Antonio\AppData\Local\resmon.resmoncfg

    Some content of TEMP:
    ====================
    C:\Users\Antonio\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Antonio\AppData\Local\Temp\jre-8u31-windows-au.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 08:35

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
    Ran by Antonio at 2015-02-22 18:59:27
    Running from C:\Users\Antonio\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
    Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
    Eschalon: Book 1 (HKLM-x32\...\Steam App 25600) (Version:  - Basilisk Games)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
    Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
    Real Boxing™ (HKLM-x32\...\Steam App 296770) (Version:  - Vivid Games S.A.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
    Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/06/2008 1.0.0.0) (HKLM\...\3BAB28DCB147AECC0E058666DF1B98388950B510) (Version: 11/06/2008 1.0.0.0 - SteelSeries)
    World of Warcraft MMO Gaming Mouse (HKLM-x32\...\{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}) (Version: 1.14.0000 - SteelSeries)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    06-12-2014 19:36:12 Scheduled Checkpoint
    12-12-2014 16:02:36 Windows Update
    20-12-2014 02:58:08 Scheduled Checkpoint
    20-12-2014 03:00:10 Windows Update
    29-12-2014 11:58:51 Scheduled Checkpoint
    31-12-2014 17:50:36 Installed Microsoft Visual C++ 2005 Redistributable (x64)
    08-01-2015 03:59:47 Scheduled Checkpoint
    15-01-2015 03:00:11 Windows Update
    19-01-2015 22:57:00 Installed DirectX
    19-01-2015 23:16:18 Installed DirectX
    27-01-2015 17:29:20 Scheduled Checkpoint
    02-02-2015 21:05:56 Installed DirectX
    10-02-2015 19:51:18 Scheduled Checkpoint
    11-02-2015 12:16:48 Windows Update
    13-02-2015 08:04:19 Windows Update
    13-02-2015 16:38:57 Windows Update
    17-02-2015 13:04:39 avast! antivirus system restore point
    17-02-2015 13:24:39 avast! antivirus system restore point
    18-02-2015 03:00:10 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:34 - 2014-05-26 00:36 - 00000861 ____A C:\Windows\system32\Drivers\etc\hosts
    54.243.115.56 launcher.Bethesda.net

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1AA36197-C2B3-45BD-920F-44BAD65D764B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
    Task: {52AE1EBF-03E1-4239-82BC-E05D14F6D3ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-20] (Piriform Ltd)
    Task: {7EB194B6-B7E7-470F-9415-52A2BF0BD595} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-25] (AVAST Software)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-11 13:44 - 2014-07-03 05:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-12-10 09:22 - 2014-12-10 09:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2014-09-25 03:04 - 2014-09-25 03:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-19 21:33 - 2015-02-19 21:33 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021900\algo.dll
    2015-02-20 13:29 - 2015-02-20 13:29 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021901\algo.dll
    2015-02-22 01:32 - 2015-02-22 01:32 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
    2014-02-15 22:58 - 2010-08-11 14:18 - 00010752 _____ () C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\VDHIDWDM.DLL
    2014-09-25 03:04 - 2014-09-25 03:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-07-01 09:20 - 2014-11-12 05:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-21 04:29 - 2014-12-02 11:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-01-21 04:29 - 2014-12-02 11:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-21 04:29 - 2014-12-02 11:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-27 02:35 - 2015-02-19 10:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-09-11 14:20 - 2014-12-02 08:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-09-11 14:20 - 2014-12-02 08:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-09-11 14:20 - 2014-12-02 08:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-09-11 14:20 - 2014-12-02 08:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-09-11 14:20 - 2014-12-02 08:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2013-07-09 18:56 - 2015-02-19 10:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2013-07-09 14:45 - 2015-01-28 12:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2014-08-16 18:48 - 2015-01-28 12:30 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
    2013-08-18 23:44 - 2015-01-27 23:54 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 61.9.195.193 - 61.9.194.49

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\startupfolder: C:^Users^Antonio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: MSUTray => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2993283589-2562158505-2121891784-500 - Administrator - Disabled)
    Antonio (S-1-5-21-2993283589-2562158505-2121891784-1000 - Administrator - Enabled) => C:\Users\Antonio
    Guest (S-1-5-21-2993283589-2562158505-2121891784-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2993283589-2562158505-2121891784-1131 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/17/2015 01:24:39 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

    Error: (02/17/2015 01:04:39 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Installed DirectX). Additional information: 0xc0000022.

    Error: (01/25/2015 05:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Exception code: 0xc0000005
    Fault offset: 0x000264c0
    Faulting process id: 0x2c0
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (01/15/2015 06:58:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: OgreMain.dll, version: 0.0.0.0, time stamp: 0x4af1c2fc
    Exception code: 0xc0000005
    Fault offset: 0x000d90fa
    Faulting process id: 0x151c
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (12/29/2014 07:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Exception code: 0xc0000005
    Fault offset: 0x000264c0
    Faulting process id: 0x1204
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (12/18/2014 02:53:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: OgreMain.dll, version: 0.0.0.0, time stamp: 0x4af1c2fc
    Exception code: 0xc0000005
    Fault offset: 0x000dcf75
    Faulting process id: 0xe40
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (12/15/2014 11:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Exception code: 0xc0000005
    Fault offset: 0x000264c0
    Faulting process id: 0x1090
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (12/12/2014 05:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: OgreMain.dll, version: 0.0.0.0, time stamp: 0x4af1c2fc
    Exception code: 0xc0000005
    Fault offset: 0x000dcf75
    Faulting process id: 0x141c
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (12/12/2014 05:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: OgreMain.dll, version: 0.0.0.0, time stamp: 0x4af1c2fc
    Exception code: 0xc0000005
    Fault offset: 0x000dcf75
    Faulting process id: 0x17c4
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3

    Error: (11/26/2014 07:36:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Torchlight.exe, version: 1.0.69.21, time stamp: 0x4b5f7519
    Faulting module name: OgreMain.dll, version: 0.0.0.0, time stamp: 0x4af1c2fc
    Exception code: 0xc0000005
    Fault offset: 0x000dcf75
    Faulting process id: 0xb38
    Faulting application start time: 0xTorchlight.exe0
    Faulting application path: Torchlight.exe1
    Faulting module path: Torchlight.exe2
    Report Id: Torchlight.exe3


    System errors:
    =============
    Error: (02/19/2015 06:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (02/19/2015 06:06:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (02/17/2015 01:17:11 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    AFD
    aswRdr
    aswRvrt
    aswSnx
    aswSP
    aswVmm
    CSC
    DfsC
    discache
    NetBIOS
    NetBT
    nsiproxy
    Psched
    rdbss
    spldr
    tdx
    Wanarpv6
    WfpLwf
    ws2ifsl

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
    %%1068

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
    %%31

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:
    %%1068

    Error: (02/17/2015 01:16:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (02/17/2015 01:24:39 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Windows Update0xc0000022

    Error: (02/17/2015 01:04:39 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Installed DirectX0xc0000022

    Error: (01/25/2015 05:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519Torchlight.exe1.0.69.214b5f7519c0000005000264c02c001d0384ae4342e8fC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeb7e2ee51-a457-11e4-a345-50e54942b4c2

    Error: (01/15/2015 06:58:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519OgreMain.dll0.0.0.04af1c2fcc0000005000d90fa151c01d0302dfa7e539aC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\OgreMain.dllab74cc27-9c27-11e4-bb5a-50e54942b4c2

    Error: (12/29/2014 07:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519Torchlight.exe1.0.69.214b5f7519c0000005000264c0120401d022d2d680d201C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe8e00cb19-8ecd-11e4-9215-50e54942b4c2

    Error: (12/18/2014 02:53:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519OgreMain.dll0.0.0.04af1c2fcc0000005000dcf75e4001d01a03838923efC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\OgreMain.dlle376f81c-8604-11e4-a581-50e54942b4c2

    Error: (12/15/2014 11:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519Torchlight.exe1.0.69.214b5f7519c0000005000264c0109001d018534fbe10f9C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exec7886a56-8457-11e4-b85e-50e54942b4c2

    Error: (12/12/2014 05:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519OgreMain.dll0.0.0.04af1c2fcc0000005000dcf75141c01d015d1e153739fC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\OgreMain.dll40684ecc-81c6-11e4-87b5-50e54942b4c2

    Error: (12/12/2014 05:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519OgreMain.dll0.0.0.04af1c2fcc0000005000dcf7517c401d015d13f9baf0eC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\OgreMain.dll19f7d5ab-81c5-11e4-87b5-50e54942b4c2

    Error: (11/26/2014 07:36:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Torchlight.exe1.0.69.214b5f7519OgreMain.dll0.0.0.04af1c2fcc0000005000dcf75b3801d008e1a119f48cC:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exeC:\Program Files (x86)\Steam\steamapps\common\Torchlight\OgreMain.dllae3650a9-74e2-11e4-8e47-50e54942b4c2


    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
    Percentage of memory in use: 17%
    Total physical RAM: 16367.25 MB
    Available physical RAM: 13538.79 MB
    Total Pagefile: 32732.69 MB
    Available Pagefile: 29720.6 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:371.44 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.41 GB) (Free:791.37 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F89992A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 846BE592)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #7 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:06:37 AM

    Posted 22 February 2015 - 07:27 AM

    I am going to have you run two programs, RKill and Malwarebytes, you need to run RKill first, it wont remove the infection but will prevent it from stopping Malwarebytes from running, after you run RKill, do not reboot your computer , it needs to stay active for Malwarebytes to do its job

     

     

     

    • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.
  •  
     
     
    Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
     
    Run rkill repeatedly until it's able to do it's job. This may take a few tries.
     
    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
     
     
     
     
    =============================================================
     
     

    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Threat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<----------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #8 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 08:28 AM

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/22/2015 11:59:55 PM in x64 mode.
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

     * No malware services found to stop.

    Checking for processes to terminate:

     * No malware processes found to kill.

    Checking Registry for malware related settings:

     * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

     * Windows Defender Disabled

       [HKLM\SOFTWARE\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

     * Windows Defender (WinDefend) is not Running.
       Startup Type set to: Disabled

    Searching for Missing Digital Signatures:

     * No issues found.

    Checking HOSTS File:

     * HOSTS file entries found:

      54.243.115.56 launcher.Bethesda.net

    Program finished at: 02/23/2015 12:00:00 AM
    Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
     


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23/02/2015
    Scan Time: 12:06:03 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.22.03
    Rootkit Database: v2015.02.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Antonio

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 346094
    Time Elapsed: 2 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:06:37 AM

    Posted 22 February 2015 - 09:19 AM

    It appears its not running on your system, may have just been a popup

     

    Is this your hosts, it appears to game related, its in Virginia and it looks like your in Australia 

    Hosts: 54.243.115.56 launcher.Bethesda.net

     

    Looking over your FRST logs now to see if anything needs to be  removed, part of the FRST fix will reset your hosts file back to Microsoft defaults so let me know about Bethesda and I can change the fix if you use and want this


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 10:24 AM

    Yes, Bethesda is from Elder Scrolls Online of which I do not play anymore.



    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:06:37 AM

    Posted 22 February 2015 - 10:59 AM

    Ok, I am going to add it to the fix. What I am going to do is attach a FIXLIST file, you need to download it to your desktop where you have FRST64 or the fix wont work, after you download it open up FRST64 and click on FIX (Not Scan) it wont take long, it will reboot your system and you will find a FIXLOG file on your desktop, post it please and let me know how everything is running now

    Attached Files


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 11:04 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-02-2015
    Ran by Antonio at 2015-02-23 03:02:16 Run:1
    Running from C:\Users\Antonio\Desktop\Virus
    Loaded Profiles: Antonio (Available profiles: Antonio)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Hosts: 54.243.115.56 launcher.Bethesda.net
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End










    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 337.5 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 03:02:30 ====



    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:06:37 AM

    Posted 22 February 2015 - 11:08 AM

    How is your system behaving now ??


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 Lucius31

    Lucius31
    • Topic Starter

    • Members
    • 117 posts
    • OFFLINE
    •  
    • Local time:10:37 PM

    Posted 22 February 2015 - 11:32 AM

    Well it is behaving the same. It always runs quite nicely, apart from some game crashes due to me overmodding certain games (which is expected).

     

    I haven't had any weird popups and I think the one I got was because I was curious about something I had just watched on TV and that got me looking up things I probably shouldn't have. (lol)

     

    This system is purely for games, and I try to limit searches online and rather keep that on the dreaded laptop of death we have instead.

     

    So from your perspective this is a clean pc then?


    Edited by Lucius31, 22 February 2015 - 11:32 AM.


    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:06:37 AM

    Posted 22 February 2015 - 12:31 PM

    I think your good to go, we can do a free online virus scanner if you have time, I have seen this run in a half hour and on some systems a few hours on others so do it when you have the time, read the instructions and be sure Remove Found Threats is unchecked as we don't want it removing a false positive and causing any problems

     

     

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
     
    •  
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    • Click the esetOnline.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      •  
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
     
    • Check esetAcceptTerms.png
    • Click the esetStart.png button.
    • Accept any security warnings from your browser.
    • Check esetScanArchives.png
    • Make sure that the option "Remove found threats" is Unchecked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
    • Push the esetBack.png button.
    • Push esetFinish.png
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
     
     

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users