Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SecuirtyHelper.dll Sathurbot Trojan Virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 WatsonSSG

WatsonSSG

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 17 April 2015 - 06:52 AM

Hi,

 

About one week ago, my AVG Detected this evil virus known as SecurityHelper.dll, apparently its quite a nasty virus and I would like some help removing it as i'm not really comfortable trying to remove it myself. I am running Windows 8.1 and my computer is a HP Pavilion desktop.

 

Any help would be greatly appreciated!

 

Kind Regards,

 

Nick



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 17 April 2015 - 02:14 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 17 April 2015 - 04:46 PM

Ok, thanks for the reply, here are the logs you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by earltowers (administrator) on FAMILYWORKPC on 17-04-2015 22:42:09
Running from C:\Users\earltowers\Downloads
Loaded Profiles: earltowers (Available profiles: earltowers)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-11] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Ubpdmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\earltowers\AppData\Local\Igcjsoft\Test.dll
Startup: C:\Users\earltowers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\earltowers\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK13/2
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={BDB543CD-C65F-432A-977C-BA0F88CA65BA}&mid=fdc2be53441a47d29d25a9aaf32cf934-95eb0ec6aca0bb588aa7b696b2c3f93ff8ea6e7b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-08 09:36:43&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {E9E634EB-E7CB-49E0-A1ED-9E2DE8050DCC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-31] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-31] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll [2014-11-08] (AVG)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll [2014-11-08] (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 148.197.254.3 148.197.159.247
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default
FF DefaultSearchEngine: search
FF SelectedSearchEngine: search
FF Homepage: https://mysearch.avg.com?cid={BDB543CD-C65F-432A-977C-BA0F88CA65BA}&mid=fdc2be53441a47d29d25a9aaf32cf934-95eb0ec6aca0bb588aa7b696b2c3f93ff8ea6e7b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-08 09:36:43&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-08-29] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-31] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-02-02] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804254913-3732533996-1344380941-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\earltowers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\searchplugins\avg-secure-search.xml [2014-11-08]
FF SearchPlugin: C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\searchplugins\search.xml [2015-03-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-11-08]
FF Extension: No Name - C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2014-10-12]
FF Extension: AVG Web TuneUp - C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\avg@toolbar [2014-11-08]
FF Extension: No Name - C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\bgMwfEe1@gmail.com [2015-04-15]
FF Extension: regexptestersebastianzartnerathcx - C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\regexptester@sebastianzartner.ath.cx [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-01]
CHR Extension: (Google Docs) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01]
CHR Extension: (Google Drive) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-01]
CHR Extension: (YouTube) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-01]
CHR Extension: (Google Search) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
CHR Extension: (Google Sheets) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-01]
CHR Extension: (AdBlock) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-08]
CHR Extension: (Bookmark Manager) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Gmail) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
 
Opera: 
=======
OPR Extension: (mr fun) - C:\Users\earltowers\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpclmfjinbmadbbclhkbabnnecmaaopa [2015-04-15]
OPR Extension: (cgagpckjofhomehafhognmangbjdiaap) - C:\Users\earltowers\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgagpckjofhomehafhognmangbjdiaap [2015-04-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-24] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-09] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 22:42 - 2015-04-17 22:42 - 00025016 _____ () C:\Users\earltowers\Downloads\FRST.txt
2015-04-17 17:29 - 2015-04-17 17:29 - 00000941 _____ () C:\Users\earltowers\Downloads\Documents - Shortcut.lnk
2015-04-16 22:33 - 2015-04-16 22:33 - 00000002 _____ () C:\runcheck.txt
2015-04-16 22:33 - 2015-04-16 22:33 - 00000000 ____D () C:\zoek_backup
2015-04-16 22:32 - 2015-04-16 22:32 - 04317228 _____ () C:\Users\earltowers\Downloads\zoek.rar
2015-04-16 22:32 - 2015-04-16 22:32 - 00000000 ____D () C:\Users\earltowers\Downloads\zoek
2015-04-16 20:54 - 2015-04-16 20:54 - 00063870 _____ () C:\Users\earltowers\Downloads\HitmanPro_20150416_2053.log
2015-04-16 20:47 - 2015-04-16 20:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-16 20:47 - 2015-04-16 20:48 - 02347384 _____ (ESET) C:\Users\earltowers\Downloads\esetsmartinstaller_enu.exe
2015-04-16 20:33 - 2015-04-17 22:42 - 00000000 ____D () C:\FRST
2015-04-16 20:32 - 2015-04-16 20:32 - 02097664 _____ (Farbar) C:\Users\earltowers\Downloads\FRST64.exe
2015-04-16 20:18 - 2015-04-16 20:19 - 11028616 _____ (SurfRight B.V.) C:\Users\earltowers\Downloads\HitmanPro_x64.exe
2015-04-16 19:45 - 2015-04-16 20:02 - 00000000 ____D () C:\WINDOWS\pss
2015-04-16 19:37 - 2015-04-16 19:37 - 46627408 _____ () C:\Users\earltowers\Downloads\BDPUARLauncher.exe
2015-04-16 19:30 - 2015-04-16 19:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\earltowers\Downloads\tdsskiller.exe
2015-04-16 19:28 - 2015-04-16 19:28 - 00000000 _____ () C:\autoexec.bat
2015-04-16 19:26 - 2015-04-16 19:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\earltowers\Downloads\SpyHunter-Installer.exe
2015-04-16 17:50 - 2015-04-16 17:50 - 00000000 ____D () C:\Users\earltowers\AppData\Local\openvr
2015-04-16 16:56 - 2015-04-16 21:57 - 00000000 ____D () C:\Users\earltowers\Downloads\Dubloadz and Friendz 20k EP
2015-04-16 16:50 - 2015-04-16 16:55 - 104856799 _____ () C:\Users\earltowers\Downloads\Dubloadz and Friendz 20k EP.zip
2015-04-15 20:15 - 2015-04-15 20:15 - 00000000 ____D () C:\Users\earltowers\Tracing
2015-04-15 18:18 - 2015-04-15 18:21 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-15 18:18 - 2015-04-15 18:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-15 18:13 - 2015-04-15 18:13 - 00000000 ____D () C:\Users\earltowers\Downloads\Darkwatch (USA)
2015-04-15 17:40 - 2015-04-15 17:46 - 2041703795 _____ () C:\Users\earltowers\Downloads\Darkwatch (USA).7z
2015-04-15 17:36 - 2015-04-15 17:36 - 13177882 _____ () C:\Users\earltowers\Downloads\AppNee.com.PS2.BIOS.files.AiO.package.for.PCSX2.emulator.7z
2015-04-15 17:36 - 2015-04-15 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-04-15 17:35 - 2015-04-15 17:35 - 10658408 _____ () C:\Users\earltowers\Downloads\pcsx2-1.2.1-r5875-setup.exe
2015-04-15 17:24 - 2015-04-15 17:24 - 00000000 ____D () C:\Users\earltowers\AppData\Local\uhowe
2015-04-15 17:20 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 17:20 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 17:20 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 17:20 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 17:20 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 17:20 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 17:20 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 17:20 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 17:20 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 17:20 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 17:20 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 17:20 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 17:20 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 17:20 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 17:20 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 17:20 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 17:20 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 17:20 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 17:20 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 17:20 - 2014-10-29 03:48 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-04-15 17:20 - 2014-10-29 03:43 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2015-04-15 17:20 - 2014-10-29 03:17 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\logman.exe
2015-04-15 17:20 - 2014-10-29 02:58 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskperf.exe
2015-04-15 17:20 - 2014-10-29 02:38 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logman.exe
2015-04-15 17:20 - 2014-10-29 02:26 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\typeperf.exe
2015-04-15 17:20 - 2014-10-29 02:26 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\relog.exe
2015-04-15 17:20 - 2014-10-29 02:04 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\typeperf.exe
2015-04-15 17:20 - 2014-10-29 02:04 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\relog.exe
2015-04-15 17:19 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 17:19 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 17:19 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 17:19 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 17:19 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 17:19 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 17:19 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 17:19 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 17:19 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 17:19 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 17:19 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 17:19 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 17:19 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 17:19 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 17:19 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 17:19 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 17:19 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 17:19 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 17:19 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 17:19 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 17:19 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 17:19 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 17:19 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 17:19 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 17:19 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 17:19 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 17:19 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 17:19 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 17:19 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 17:19 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 17:19 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 17:19 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 17:19 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 17:19 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 17:19 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 17:19 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 17:19 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 17:19 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 17:19 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 17:19 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 17:19 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 17:19 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 17:19 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 17:19 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 17:19 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 17:19 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-15 17:10 - 2015-04-17 22:35 - 00001326 _____ () C:\WINDOWS\Tasks\mr_fun_notification_service.job
2015-04-15 17:10 - 2015-04-17 22:35 - 00001054 _____ () C:\WINDOWS\Tasks\PWoQW7QLMj1OIjyJzK.job
2015-04-15 17:10 - 2015-04-17 22:35 - 00001050 _____ () C:\WINDOWS\Tasks\Z6Bk67WhHksWUKlD.job
2015-04-15 17:10 - 2015-04-17 22:35 - 00000688 _____ () C:\WINDOWS\Tasks\mr_fun_updating_service.job
2015-04-15 17:10 - 2015-04-15 17:10 - 00004342 _____ () C:\WINDOWS\System32\Tasks\mr_fun_notification_service
2015-04-15 17:10 - 2015-04-15 17:10 - 00004080 _____ () C:\WINDOWS\System32\Tasks\PWoQW7QLMj1OIjyJzK
2015-04-15 17:10 - 2015-04-15 17:10 - 00004074 _____ () C:\WINDOWS\System32\Tasks\Z6Bk67WhHksWUKlD
2015-04-15 17:10 - 2015-04-15 17:10 - 00003704 _____ () C:\WINDOWS\System32\Tasks\mr_fun_updating_service
2015-04-15 17:10 - 2015-04-15 17:10 - 00000000 ____D () C:\Program Files (x86)\mr fun
2015-03-31 09:14 - 2015-03-31 09:14 - 00005655 _____ () C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK
2015-03-31 09:14 - 2015-03-31 09:14 - 00004387 _____ () C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD
2015-03-27 00:03 - 2015-04-16 14:06 - 00000344 _____ () C:\WINDOWS\Tasks\FreeFixer background scan.job
2015-03-27 00:03 - 2015-03-27 00:23 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\FreeFixer
2015-03-27 00:03 - 2015-03-27 00:12 - 00000000 ____D () C:\Users\earltowers\AppData\Local\FreeFixer
2015-03-27 00:03 - 2015-03-27 00:03 - 02666167 _____ (Kephyr) C:\Users\earltowers\Downloads\freefixersetup.exe
2015-03-27 00:03 - 2015-03-27 00:03 - 00002998 _____ () C:\WINDOWS\System32\Tasks\FreeFixer background scan
2015-03-27 00:03 - 2015-03-27 00:03 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2015-03-27 00:03 - 2015-03-27 00:03 - 00000000 ____D () C:\Program Files\FreeFixer
2015-03-26 15:41 - 2015-03-26 18:03 - 00000400 ____H () C:\ProgramData\@system3.att
2015-03-26 15:40 - 2015-03-26 18:03 - 00000664 ____H () C:\ProgramData\@system.temp
2015-03-26 15:40 - 2015-03-26 15:49 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\FrameworkUpdate
2015-03-26 15:40 - 2015-03-26 15:40 - 00000480 ____H () C:\Users\earltowers\AppData\Roaming\麽鎒駓覜
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-03-24 22:37 - 2015-03-24 22:38 - 35189438 _____ () C:\Users\earltowers\Downloads\NEGATIVE - WARNING [FINAL].rar
2015-03-24 21:14 - 2015-03-24 21:14 - 00250078 _____ () C:\Users\earltowers\Downloads\Roman-Caps.zip
2015-03-24 20:54 - 2015-03-27 00:02 - 00000288 _____ () C:\Users\earltowers\AppData\Roaming\92EE1DB6.reg
2015-03-24 20:15 - 2015-03-24 20:15 - 00000132 _____ () C:\Users\earltowers\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-24 17:51 - 2015-03-24 17:51 - 00000000 ____D () C:\Users\earltowers\Desktop\Adobe
2015-03-24 17:48 - 2015-03-24 18:03 - 00000000 ____D () C:\Users\earltowers\Documents\Adobe
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\PACE Anti-Piracy
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\Users\earltowers\AppData\Local\PACE Anti-Piracy
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-03-24 17:32 - 2015-03-24 17:32 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-03-24 17:28 - 2015-03-24 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2015-03-24 17:28 - 2015-03-24 17:37 - 00000000 ____D () C:\Program Files\Adobe
2015-03-23 22:20 - 2015-03-23 22:20 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-03-23 22:20 - 2015-03-23 22:20 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-23 22:20 - 2015-03-23 22:20 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-23 21:55 - 2015-02-20 20:09 - 00000000 ____D () C:\Users\earltowers\Downloads\Adobe CS6
2015-03-22 12:17 - 2015-03-22 12:17 - 41840320 _____ (Microsoft Corporation) C:\Users\earltowers\Downloads\Windows-KB890830-x64-V5.22.exe
2015-03-21 20:35 - 2015-03-21 20:35 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\earltowers\Downloads\autodetectutility (1).exe
2015-03-21 20:21 - 2015-03-21 20:21 - 01046528 _____ () C:\Users\earltowers\Downloads\MicrosoftFixit50848.msi
2015-03-21 20:07 - 2015-03-21 20:07 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\AMD
2015-03-21 19:53 - 2015-03-21 19:53 - 00000000 ____D () C:\Users\earltowers\AppData\Local\AMD
2015-03-21 19:52 - 2015-03-21 19:52 - 00000000 ____D () C:\Users\earltowers\AppData\Local\AppEx Networks
2015-03-21 19:52 - 2015-03-21 19:52 - 00000000 ____D () C:\ProgramData\ATI
2015-03-21 19:50 - 2015-03-21 19:50 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-03-21 19:49 - 2015-03-21 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-03-21 19:48 - 2015-03-22 12:14 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Raptr
2015-03-21 19:48 - 2015-03-21 19:48 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\library_dir
2015-03-21 19:48 - 2015-03-21 19:48 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-03-21 19:47 - 2015-03-21 19:47 - 00058610 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503211847294578.log
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-03-21 19:47 - 2014-10-28 15:24 - 00229056 _____ (AppEx Networks Corporation) C:\WINDOWS\system32\Drivers\appexDrv.sys
2015-03-21 19:41 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files\AMD
2015-03-21 19:41 - 2015-03-21 19:41 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-03-21 19:40 - 2015-03-21 19:40 - 00000000 ____D () C:\AMD
2015-03-21 19:35 - 2015-03-21 19:35 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\earltowers\Downloads\autodetectutility.exe
2015-03-21 19:07 - 2015-03-21 19:07 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Users\earltowers\Documents\Penumbra
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-03-21 18:52 - 2015-03-22 22:05 - 00000000 ____D () C:\Users\earltowers\Documents\UHC Season 2
2015-03-21 18:48 - 2015-03-22 22:21 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Ori and the Blind Forest
2015-03-19 22:09 - 2015-03-19 22:09 - 01660981 _____ () C:\Users\earltowers\Downloads\Channel Art Template (Photoshop) (1).psd
2015-03-19 20:54 - 2015-03-19 22:20 - 21768064 _____ () C:\Users\earltowers\Downloads\Channel Art Template (Photoshop).psd
2015-03-19 20:27 - 2015-03-26 19:06 - 00000000 ____D () C:\Users\earltowers\Documents\Channel Art
2015-03-19 16:05 - 2015-03-19 16:05 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 22:36 - 2015-01-09 18:12 - 01738790 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-17 22:36 - 2014-08-29 18:09 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Skype
2015-04-17 22:35 - 2014-10-12 13:15 - 00002466 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user.job
2015-04-17 22:35 - 2014-10-12 13:15 - 00002466 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5.job
2015-04-17 22:35 - 2014-10-12 13:15 - 00001396 _____ () C:\WINDOWS\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00005204 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00004514 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00004178 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00003834 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00003490 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00003134 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00002130 _____ () C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00000922 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-17 22:35 - 2014-10-12 13:14 - 00000586 _____ () C:\WINDOWS\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.job
2015-04-17 22:35 - 2014-10-12 13:09 - 00001384 _____ () C:\WINDOWS\Tasks\DUPBJQ.job
2015-04-17 22:35 - 2014-10-12 13:08 - 00001382 _____ () C:\WINDOWS\Tasks\DXDCU.job
2015-04-17 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-17 19:19 - 2014-10-12 13:14 - 00000926 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-17 18:49 - 2014-09-01 19:27 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 18:46 - 2013-08-22 15:46 - 00366495 _____ () C:\WINDOWS\setupact.log
2015-04-17 17:50 - 2014-09-24 17:21 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-17 17:44 - 2014-09-24 09:08 - 00011996 _____ () C:\WINDOWS\PFRO.log
2015-04-17 17:44 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-17 17:43 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 17:35 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\earltowers\Desktop\Steam Games
2015-04-17 17:30 - 2014-08-29 18:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-17 16:43 - 2014-01-25 20:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-804254913-3732533996-1344380941-1001
2015-04-17 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 16:21 - 2015-01-15 19:55 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C778D2E-B2CF-49A3-A7DD-C050BCB1F7A2}
2015-04-17 16:21 - 2014-10-12 13:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-16 19:55 - 2013-11-05 22:30 - 00000000 ____D () C:\ProgramData\Temp
2015-04-16 19:27 - 2015-01-09 18:04 - 00000000 ____D () C:\Users\earltowers
2015-04-16 13:50 - 2015-01-26 14:50 - 00003202 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForearltowers
2015-04-16 13:50 - 2015-01-26 14:50 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForearltowers.job
2015-04-16 13:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 23:54 - 2014-09-01 20:13 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\.minecraft
2015-04-15 22:53 - 2014-09-01 19:51 - 00002268 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 20:14 - 2014-09-30 13:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 20:14 - 2014-08-29 18:09 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 19:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 18:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 18:22 - 2015-01-04 17:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 18:22 - 2014-09-24 19:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 18:20 - 2013-08-22 15:44 - 05080368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-15 17:36 - 2014-08-31 13:11 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-04-15 17:36 - 2014-08-31 13:10 - 00002004 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2015-04-15 17:36 - 2014-08-31 13:10 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2015-04-15 17:15 - 2014-10-12 13:05 - 00000988 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-15 17:15 - 2014-10-12 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-15 17:15 - 2014-02-02 14:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-04-15 17:12 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-15 17:10 - 2014-08-29 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 00:24 - 2015-01-16 12:59 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2015-01-16 12:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-27 00:02 - 2015-02-21 15:23 - 00001784 _____ () C:\Users\earltowers\Desktop\Computer.lnk
2015-03-26 11:08 - 2015-02-24 16:12 - 00000000 ____D () C:\Users\earltowers\Documents\Thumbs
2015-03-26 10:55 - 2015-02-21 13:47 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Igcjsoft
2015-03-25 11:29 - 2015-03-14 15:05 - 30549534 _____ () C:\Users\earltowers\Desktop\UHC_Season2Intro.mp4
2015-03-25 00:31 - 2014-01-25 20:07 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Adobe
2015-03-24 17:48 - 2013-07-02 10:11 - 00000000 ___HD () C:\Users\earltowers\AppData\Local\AIuTiROlR
2015-03-24 17:48 - 2013-06-14 20:49 - 00000000 ___HD () C:\Users\earltowers\AppData\Local\2Mu7HoZr
2015-03-24 17:45 - 2015-03-05 20:58 - 00002758 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-03-24 17:37 - 2015-02-21 17:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-24 17:33 - 2015-02-21 17:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-24 17:31 - 2015-02-21 17:44 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-24 16:14 - 2015-02-21 17:39 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Adobe
2015-03-23 22:37 - 2015-02-21 18:08 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-23 21:42 - 2015-02-21 20:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-21 20:37 - 2014-11-29 14:27 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Bioshock
2015-03-21 20:07 - 2014-11-03 21:03 - 00000000 ____D () C:\Users\earltowers\Documents\Amnesia
2015-03-21 19:51 - 2013-11-05 22:29 - 00000000 ____D () C:\ProgramData\AMD
2015-03-21 19:41 - 2013-04-03 16:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 18:13 - 2015-02-21 13:47 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Imjfsoft
 
==================== Files in the root of some directories =======
 
2015-03-24 20:54 - 2015-03-27 00:02 - 0000288 _____ () C:\Users\earltowers\AppData\Roaming\92EE1DB6.reg
2015-03-24 20:15 - 2015-03-24 20:15 - 0000132 _____ () C:\Users\earltowers\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\earltowers\AppData\Roaming\DUPBJQ
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\earltowers\AppData\Roaming\DXDCU
2015-02-21 15:23 - 2015-03-27 00:02 - 0009728 _____ () C:\Users\earltowers\AppData\Roaming\mcp.ico
2015-03-31 09:14 - 2015-03-31 09:14 - 0005655 _____ () C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK
2015-03-31 09:14 - 2015-03-31 09:14 - 0004387 _____ () C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD
2015-03-26 15:40 - 2015-03-26 15:40 - 0000480 ____H () C:\Users\earltowers\AppData\Roaming\麽鎒駓覜
2014-09-11 20:40 - 2015-02-09 16:39 - 0005632 _____ () C:\Users\earltowers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-28 20:27 - 2014-10-28 20:27 - 0006516 _____ () C:\Users\earltowers\AppData\Local\recently-used.xbel
2014-09-21 21:38 - 2014-10-13 19:35 - 0089738 _____ () C:\Users\earltowers\AppData\Local\Tempmusic.ogg
2015-03-26 15:40 - 2015-03-26 18:03 - 0000664 ____H () C:\ProgramData\@system.temp
2015-03-26 15:41 - 2015-03-26 18:03 - 0000400 ____H () C:\ProgramData\@system3.att
 
Some content of TEMP:
====================
C:\Users\earltowers\AppData\Local\Temp\7za.exe
C:\Users\earltowers\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\earltowers\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\earltowers\AppData\Local\Temp\DaS_21.exe
C:\Users\earltowers\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\earltowers\AppData\Local\Temp\Extract.exe
C:\Users\earltowers\AppData\Local\Temp\hijackthis.exe
C:\Users\earltowers\AppData\Local\Temp\NirCmd.exe
C:\Users\earltowers\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\earltowers\AppData\Local\Temp\PEVZ.EXE
C:\Users\earltowers\AppData\Local\Temp\raptrpatch.exe
C:\Users\earltowers\AppData\Local\Temp\raptr_stub.exe
C:\Users\earltowers\AppData\Local\Temp\remove.exe
C:\Users\earltowers\AppData\Local\Temp\sed.exe
C:\Users\earltowers\AppData\Local\Temp\shortcut.exe
C:\Users\earltowers\AppData\Local\Temp\SP64635.exe
C:\Users\earltowers\AppData\Local\Temp\SP64769.exe
C:\Users\earltowers\AppData\Local\Temp\swreg.exe
C:\Users\earltowers\AppData\Local\Temp\swxcacls.exe
C:\Users\earltowers\AppData\Local\Temp\wget.exe
C:\Users\earltowers\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-17 18:25
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by earltowers at 2015-04-17 22:43:12
Running from C:\Users\earltowers\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version:  - Valve)
Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
Desura: Doorways (HKLM-x32\...\Desura_91646012162080) (Version: Chapters 1 - 2 - Saibot Studios)
Desura: ERIE (HKLM-x32\...\Desura_81776177315872) (Version: Full - UGF)
Desura: Five Nights at Freddy's (HKLM-x32\...\Desura_129355825020960) (Version: Full - animdude)
Desura: The Mask Reveals Disgusting Face (HKLM-x32\...\Desura_126087354908704) (Version: Full - EZeddy)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Hektor (HKLM-x32\...\Steam App 334070) (Version:  - Rubycone)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kraven Manor (HKLM-x32\...\Steam App 296630) (Version:  - Demon Wagon Studios)
Kraven Manor Demo (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Kraven Manor Demo) (Version: 1.1.0 - Demon Wagon Studios)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-2618297b-5e77-421b-ac9d-d1a4f01e55a1) (Version:  - Epic Games, Inc.)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version:  - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Serato DJ  (HKLM-x32\...\{cff70cd3-29c4-4043-b20c-e085773b05e0}) (Version: 1.6.3.7539 - )
Serato DJ  (x32 Version: 1.6.3.7539 - Serato) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Slender - The Arrival (HKLM-x32\...\Slender - The Arrival_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SPEAR v0.7.4 r.148 (HKLM-x32\...\{164F4A4D-9564-4C61-BD10-CA24B4CBBC66}_is1) (Version:  - Michael Klingbeil)
Spectro (HKLM-x32\...\{1F8D186D-8C5C-4589-BC28-1A8964CA74A6}) (Version: 1.0.93 - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-804254913-3732533996-1344380941-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\earltowers\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
15-04-2015 17:47:48 Windows Update
16-04-2015 20:13:00 Removed Bonjour
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2015-03-07 21:11 - 00001509 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.100 www.google-analytics.com.
85.25.107.100 google-analytics.com.
85.25.107.100 connect.facebook.net.
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
195.162.68.58 www.google-analytics.com.
195.162.68.58 google-analytics.com.
195.162.68.58 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {023CCE03-9E8E-4A08-85F4-5F5736ADFD91} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {024FECC6-0B53-47D2-9EFD-6482878EC862} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {086725F4-C49D-43DF-BD16-C3A81992EE03} - System32\Tasks\HPCeeScheduleForearltowers => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1538805E-1265-4EB7-822F-DB4869C6EA1A} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1 => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== ATTENTION
Task: {1DBFF1CD-6864-41AD-9425-BC858113D61E} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-2.exe <==== ATTENTION
Task: {316DF9B1-F306-4910-B6E9-35D0C35B0CA8} - System32\Tasks\PWoQW7QLMj1OIjyJzK => C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe <==== ATTENTION
Task: {3C559310-CC10-4E81-9B6F-FB62A7029036} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {3CCC2516-CEBE-42AE-A239-DC5DBFFD9C05} - System32\Tasks\DUPBJQ => C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe <==== ATTENTION
Task: {3CD384A3-D580-440B-A323-21083CA6630D} - System32\Tasks\Z6Bk67WhHksWUKlD => C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe <==== ATTENTION
Task: {40D16430-816E-4050-973F-FF5939218459} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-7.exe <==== ATTENTION
Task: {45DB949A-E398-45B5-B4FA-1D2187FEE159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {54DBCA0C-B126-43A9-A8C8-3832ABB66691} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-4.exe <==== ATTENTION
Task: {5583ABB8-1FD1-45EC-BCFC-8B8DD332591B} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-11.exe <==== ATTENTION
Task: {57CEB2C3-145F-47ED-B781-261682098C77} - System32\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e => C:\Program Files (x86)\TheTorntv V10\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.exe <==== ATTENTION
Task: {58F5CF40-5958-4A93-9545-DE3698436D97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {68DC5999-342A-4D33-A3C7-63218E6C63F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {72D2448C-CF6F-47F7-BB90-A311131EDD38} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {75F3C0BD-19BF-46B2-8206-935DF4A24282} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {78EC5F9E-6C62-4E0C-B7A8-C38D827B6D58} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-6.exe <==== ATTENTION
Task: {7DBDB80F-C3E1-4B6C-AAF5-73196FB37E5C} - System32\Tasks\mr_fun_notification_service => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe <==== ATTENTION
Task: {8AFE7975-DEAD-4958-B2FE-8CF7300A417D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {8F03DECE-2013-4F24-A31A-DC8553139115} - System32\Tasks\DXDCU => C:\Users\earltowers\AppData\Roaming\DXDCU.exe <==== ATTENTION
Task: {91C950FB-E6B0-466A-9C4D-B2EEFF56E773} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-09-16] (Kephyr)
Task: {94746291-C364-4BB0-8CC8-6D34874C28F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {967BECFF-4A89-49FA-90E3-082D0CE46300} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {A7075752-3E5D-40C5-A75A-429E0E6E6FA2} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe <==== ATTENTION
Task: {B42DAB4C-6A09-4734-8E1C-6C3FAA40FA24} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B90588D1-B72B-4C9B-A989-7E739AB665A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {C14CF2CD-6EE6-4322-821A-869BAC3DB623} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {CAC5F34A-A9DF-4EFE-A96D-6B5BDEAB27D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CB30B1DB-973E-497C-A32B-DA687EF15DD6} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe <==== ATTENTION
Task: {CE611E08-8D07-497A-B2F9-6D97D40C16FF} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-3.exe <==== ATTENTION
Task: {CEF0FAA5-C49B-429E-84A0-04F023B485CC} - System32\Tasks\mr_fun_updating_service => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe <==== ATTENTION
Task: {D01554E6-E919-495B-91D7-62F1808E286B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D3A9171C-D070-476D-8CD7-FB971BCDB569} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {E140D962-EAC6-46C8-B3EF-BF9FD193591A} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-04] ()
Task: {E8958A6D-624E-4D82-89C7-B709D5D2AF4C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {EF6DB5D6-694B-404B-8F2E-5C87BD67BC13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {EF782C2D-F80C-43B5-A290-669520F6936E} - System32\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54 => C:\Program Files (x86)\TheTorntv V10\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.exe <==== ATTENTION
Task: {F34D433C-F97F-404E-9C34-24AB3723AB31} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {F64F9A7B-BB2E-4DBB-9769-8033A1A8A524} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: C:\WINDOWS\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.job => C:\Program Files (x86)\TheTorntv V10\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.job => C:\Program Files (x86)\TheTorntv V10\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.exeõ/agentregpath='TheTorntv V10' /appid=63311 /srcid='001823' /subid='0' /zdata='0' /bic=615CB7F8047C476699C97A0E58700480IE /verifier=1b0032225d17bb78271b19b78c96c49d /installerversion=1_35_09_29 /installationtime=1413116055 /statsdomain=http:/stats.newdemoonlinecloud.com /errorsdomain=http:/errors.newdemoonlinecloud.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,184-0 /monetizationdomain=http:/logs.newdemoonlinecloud.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1.job => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DUPBJQ.job => C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DXDCU.job => C:\Users\earltowers\AppData\Roaming\DXDCU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForearltowers.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\mr_fun_notification_service.job => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='0c9ac65336f0e90b2dc9ce4bc0c1fec7' /verifier='132d1203777d41d88bfc3e55d2a37df2' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\WINDOWS\Tasks\mr_fun_updating_service.job => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=mr_fun_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\PWoQW7QLMj1OIjyJzK.job => C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Z6Bk67WhHksWUKlD.job => C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-26 13:40 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2014-09-05 11:47 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-17 11:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-08 10:36 - 2014-11-08 10:35 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2015-03-16 18:13 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-08 10:36 - 2014-11-08 10:35 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-11-08 10:36 - 2014-11-08 10:35 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2013-11-05 22:32 - 2013-03-12 15:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-15 22:53 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 22:53 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\earltowers\AppData\Local:UzjZPQMN3KBcgcTocwetGH07
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68608389.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68608389.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\earltowers\Downloads\10926366_1420276464930452_9025936073372539356_n.jpg
DNS Servers: 148.197.254.3 - 148.197.159.247
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\StartupFolder: => "TornTvDownloader.lnk"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\Run: => ""
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-804254913-3732533996-1344380941-500 - Administrator - Disabled)
earltowers (S-1-5-21-804254913-3732533996-1344380941-1001 - Administrator - Enabled) => C:\Users\earltowers
Guest (S-1-5-21-804254913-3732533996-1344380941-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/17/2015 10:41:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x1780
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0xc5c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0xf3c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x1160
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x1708
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x20
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x17e4
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x1638
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x538
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/17/2015 06:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: vorbis.acm, version: 0.0.3.6, time stamp: 0x50a51541
Exception code: 0xc0000005
Fault offset: 0x0000000000001f4f
Faulting process ID: 0x17ec
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
 
System errors:
=============
Error: (04/17/2015 07:31:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/17/2015 06:25:52 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/17/2015 05:43:11 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:11 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:11 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:11 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:06 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:06 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:06 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (04/17/2015 05:43:06 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (04/17/2015 10:41:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f178001d0795735f0433fC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm7490a7fe-e54a-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4fc5c01d07930d31fcfbeC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm115a7b7f-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4ff3c01d07930d256625bC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm1038658f-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f116001d07930d151bfe4C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm0f76e78a-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f170801d07930d064c468C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm0e6dff2a-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f2001d07930cef63b04C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm0d81ee18-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f17e401d07930cd6052eaC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm0c13d9e1-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f163801d07930cc57dfd2C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acm0a7e6709-e524-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f53801d07930bdc950f0C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acmfc9f0674-e523-11e4-bece-78e3b5c810c7
 
Error: (04/17/2015 06:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6vorbis.acm0.0.3.650a51541c00000050000000000001f4f17ec01d07930bd0bf1a9C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\vorbis.acmfae430af-e523-11e4-bece-78e3b5c810c7
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 5317.12 MB
Available physical RAM: 3626.92 MB
Total Pagefile: 7621.12 MB
Available Pagefile: 5594.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:912.59 GB) (Free:137.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 880CF096)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 18 April 2015 - 10:39 AM

Hi there,

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Attached File  fixlist.txt   16.27KB   3 downloads


Step 2

Do you know how to make zip files? :)
 

  • Locate the file or folder that you want to compress.
  • Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.
    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.

I want you to do following:

Please temporary disable your AntiVirus protection - instructions here. Search for the folder below and create a zip-files of it. Please upload the zip-file to http://www.filedropper.com/ and send me the download link via private message.

C:\FRST\Quarantine

Thank you!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 18 April 2015 - 02:16 PM

Okay, I uninstalled uTorrent and sent you the Quaratine Zip file, here is the Fixlog from FRST :rolleyes: :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by earltowers at 2015-04-18 20:04:37 Run:2
Running from C:\Users\earltowers\Downloads
Loaded Profiles: earltowers (Available profiles: earltowers)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Ubpdmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\earltowers\AppData\Local\Igcjsoft\Test.dll
Startup: C:\Users\earltowers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
Toolbar: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\earltowers\AppData\Local\Igcjsoft\
2015-04-16 19:26 - 2015-04-16 19:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\earltowers\Downloads\SpyHunter-Installer.exe
Task: {1538805E-1265-4EB7-822F-DB4869C6EA1A} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1 => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe 
Task: {1DBFF1CD-6864-41AD-9425-BC858113D61E} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-2.exe 
Task: {316DF9B1-F306-4910-B6E9-35D0C35B0CA8} - System32\Tasks\PWoQW7QLMj1OIjyJzK => C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe 
Task: {3CCC2516-CEBE-42AE-A239-DC5DBFFD9C05} - System32\Tasks\DUPBJQ => C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe 
Task: {3CD384A3-D580-440B-A323-21083CA6630D} - System32\Tasks\Z6Bk67WhHksWUKlD => C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe 
Task: {40D16430-816E-4050-973F-FF5939218459} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-7.exe 
Task: {54DBCA0C-B126-43A9-A8C8-3832ABB66691} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-4.exe 
Task: {5583ABB8-1FD1-45EC-BCFC-8B8DD332591B} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-11.exe 
Task: {57CEB2C3-145F-47ED-B781-261682098C77} - System32\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e => C:\Program Files (x86)\TheTorntv V10\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.exe 
Task: {72D2448C-CF6F-47F7-BB90-A311131EDD38} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
Task: {78EC5F9E-6C62-4E0C-B7A8-C38D827B6D58} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-6.exe 
Task: {7DBDB80F-C3E1-4B6C-AAF5-73196FB37E5C} - System32\Tasks\mr_fun_notification_service => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe 
Task: {8F03DECE-2013-4F24-A31A-DC8553139115} - System32\Tasks\DXDCU => C:\Users\earltowers\AppData\Roaming\DXDCU.exe 
Task: {A7075752-3E5D-40C5-A75A-429E0E6E6FA2} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe 
Task: {CB30B1DB-973E-497C-A32B-DA687EF15DD6} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe 
Task: {CE611E08-8D07-497A-B2F9-6D97D40C16FF} - System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3 => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-3.exe 
Task: {CEF0FAA5-C49B-429E-84A0-04F023B485CC} - System32\Tasks\mr_fun_updating_service => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe 
Task: {D01554E6-E919-495B-91D7-62F1808E286B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
Task: {EF782C2D-F80C-43B5-A290-669520F6936E} - System32\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54 => C:\Program Files (x86)\TheTorntv V10\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.exe 
Task: C:\WINDOWS\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.job => C:\Program Files (x86)\TheTorntv V10\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.exe 
Task: C:\WINDOWS\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.job => C:\Program Files (x86)\TheTorntv V10\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.exeõ/agentregpath='TheTorntv V10' /appid=63311 /srcid='001823' /subid='0' /zdata='0' /bic=615CB7F8047C476699C97A0E58700480IE /verifier=1b0032225d17bb78271b19b78c96c49d /installerversion=1_35_09_29 /installationtime=1413116055 /statsdomain=http:/stats.newdemoonlinecloud.com /errorsdomain=http:/errors.newdemoonlinecloud.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,184-0 /monetizationdomain=http:/logs.newdemoonlinecloud.com 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1.job => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-11.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-2.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-3.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-4.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-5.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-6.exe 
Task: C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7.job => C:\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747-7.exe 
Task: C:\WINDOWS\Tasks\DUPBJQ.job => C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe 
Task: C:\WINDOWS\Tasks\DXDCU.job => C:\Users\earltowers\AppData\Roaming\DXDCU.exe 
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
Task: C:\WINDOWS\Tasks\mr_fun_notification_service.job => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='0c9ac65336f0e90b2dc9ce4bc0c1fec7' /verifier='132d1203777d41d88bfc3e55d2a37df2' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif 
Task: C:\WINDOWS\Tasks\mr_fun_updating_service.job => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=mr_fun_updating_service /funurl=http:/stats.buildomserv.com 
Task: C:\WINDOWS\Tasks\PWoQW7QLMj1OIjyJzK.job => C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe 
Task: C:\WINDOWS\Tasks\Z6Bk67WhHksWUKlD.job => C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe 
AlternateDataStreams: C:\Users\earltowers\AppData\Local:UzjZPQMN3KBcgcTocwetGH07
C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe 
C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe
C:\Program Files (x86)\globalUpdate\Update
C:\Users\earltowers\AppData\Roaming\DXDCU.exe 
C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe 
C:\Program Files (x86)\TheTorntv V10
C:\Program Files (x86)\mr fun\
C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe
C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe 
2015-03-26 15:41 - 2015-03-26 18:03 - 00000400 ____H () C:\ProgramData\@system3.att
2015-03-26 15:40 - 2015-03-26 18:03 - 00000664 ____H () C:\ProgramData\@system.temp
2015-03-26 15:40 - 2015-03-26 15:49 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\FrameworkUpdate
2015-03-26 15:40 - 2015-03-26 15:40 - 00000480 ____H () C:\Users\earltowers\AppData\Roaming\麽鎒駓覜
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ubpdmedia => value deleted successfully.
C:\Users\earltowers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
C:\Users\earltowers\AppData\Local\Igcjsoft => Moved successfully.
C:\Users\earltowers\Downloads\SpyHunter-Installer.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1538805E-1265-4EB7-822F-DB4869C6EA1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1538805E-1265-4EB7-822F-DB4869C6EA1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DBFF1CD-6864-41AD-9425-BC858113D61E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DBFF1CD-6864-41AD-9425-BC858113D61E}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{316DF9B1-F306-4910-B6E9-35D0C35B0CA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{316DF9B1-F306-4910-B6E9-35D0C35B0CA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\PWoQW7QLMj1OIjyJzK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PWoQW7QLMj1OIjyJzK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CCC2516-CEBE-42AE-A239-DC5DBFFD9C05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CCC2516-CEBE-42AE-A239-DC5DBFFD9C05}" => Key deleted successfully.
C:\Windows\System32\Tasks\DUPBJQ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DUPBJQ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CD384A3-D580-440B-A323-21083CA6630D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD384A3-D580-440B-A323-21083CA6630D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Z6Bk67WhHksWUKlD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Z6Bk67WhHksWUKlD" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40D16430-816E-4050-973F-FF5939218459}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40D16430-816E-4050-973F-FF5939218459}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54DBCA0C-B126-43A9-A8C8-3832ABB66691}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54DBCA0C-B126-43A9-A8C8-3832ABB66691}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5583ABB8-1FD1-45EC-BCFC-8B8DD332591B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5583ABB8-1FD1-45EC-BCFC-8B8DD332591B}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57CEB2C3-145F-47ED-B781-261682098C77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57CEB2C3-145F-47ED-B781-261682098C77}" => Key deleted successfully.
C:\Windows\System32\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bee5b7c-dfd3-4bba-8926-cb819ebc476e" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72D2448C-CF6F-47F7-BB90-A311131EDD38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D2448C-CF6F-47F7-BB90-A311131EDD38}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78EC5F9E-6C62-4E0C-B7A8-C38D827B6D58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78EC5F9E-6C62-4E0C-B7A8-C38D827B6D58}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DBDB80F-C3E1-4B6C-AAF5-73196FB37E5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DBDB80F-C3E1-4B6C-AAF5-73196FB37E5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\mr_fun_notification_service => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mr_fun_notification_service" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F03DECE-2013-4F24-A31A-DC8553139115}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F03DECE-2013-4F24-A31A-DC8553139115}" => Key deleted successfully.
C:\Windows\System32\Tasks\DXDCU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DXDCU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7075752-3E5D-40C5-A75A-429E0E6E6FA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7075752-3E5D-40C5-A75A-429E0E6E6FA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB30B1DB-973E-497C-A32B-DA687EF15DD6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB30B1DB-973E-497C-A32B-DA687EF15DD6}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE611E08-8D07-497A-B2F9-6D97D40C16FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE611E08-8D07-497A-B2F9-6D97D40C16FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d88e4f-8166-4295-92d2-d78e2970f747-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEF0FAA5-C49B-429E-84A0-04F023B485CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEF0FAA5-C49B-429E-84A0-04F023B485CC}" => Key deleted successfully.
C:\Windows\System32\Tasks\mr_fun_updating_service => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mr_fun_updating_service" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D01554E6-E919-495B-91D7-62F1808E286B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D01554E6-E919-495B-91D7-62F1808E286B}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF782C2D-F80C-43B5-A290-669520F6936E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF782C2D-F80C-43B5-A290-669520F6936E}" => Key deleted successfully.
C:\Windows\System32\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3af4cf1d-5371-4ef7-ad49-4c98abc79e54" => Key deleted successfully.
C:\WINDOWS\Tasks\3af4cf1d-5371-4ef7-ad49-4c98abc79e54.job => Moved successfully.
C:\WINDOWS\Tasks\6bee5b7c-dfd3-4bba-8926-cb819ebc476e.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-1.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-11.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-2.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-3.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-4.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-5_user.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-6.job => Moved successfully.
C:\WINDOWS\Tasks\b9d88e4f-8166-4295-92d2-d78e2970f747-7.job => Moved successfully.
C:\WINDOWS\Tasks\DUPBJQ.job => Moved successfully.
C:\WINDOWS\Tasks\DXDCU.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\mr_fun_notification_service.job => Moved successfully.
C:\WINDOWS\Tasks\mr_fun_updating_service.job => Moved successfully.
C:\WINDOWS\Tasks\PWoQW7QLMj1OIjyJzK.job => Moved successfully.
C:\WINDOWS\Tasks\Z6Bk67WhHksWUKlD.job => Moved successfully.
C:\Users\earltowers\AppData\Local => ":UzjZPQMN3KBcgcTocwetGH07" ADS removed successfully.
"C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe" => File/Directory not found.
"C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe" => File/Directory not found.
C:\Program Files (x86)\globalUpdate\Update => Moved successfully.
"C:\Users\earltowers\AppData\Roaming\DXDCU.exe" => File/Directory not found.
"C:\Users\earltowers\AppData\Roaming\DUPBJQ.exe" => File/Directory not found.
C:\Program Files (x86)\TheTorntv V10 => Moved successfully.
C:\Program Files (x86)\mr fun => Moved successfully.
"C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD.exe" => File/Directory not found.
"C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK.exe" => File/Directory not found.
C:\ProgramData\@system3.att => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\Users\earltowers\AppData\Roaming\FrameworkUpdate => Moved successfully.
C:\Users\earltowers\AppData\Roaming\麽鎒駓覜 => Moved successfully.
EmptyTemp: => Removed 34.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:05:21 ====


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 18 April 2015 - 02:46 PM

Thanks for the upload!

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 05:03 AM

Ok, here is the log for the Adwcleaner scan, just in the process of completing the Malwarebytes section of your reply, should be done shortly:

 

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 10:58:14
# Updated 08/04/2015 by Xplode
# Database : 2015-04-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : earltowers - FAMILYWORKPC
# Running from : C:\Users\earltowers\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.1.10
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\FreeFixer
Folder Deleted : C:\Users\earltowers\AppData\Local\FreeFixer
Folder Deleted : C:\Users\earltowers\AppData\Local\globalUpdate
Folder Deleted : C:\Users\earltowers\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\earltowers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Folder Deleted : C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\Avg@toolbar
Folder Deleted : C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com
Folder Deleted : C:\Users\earltowers\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpclmfjinbmadbbclhkbabnnecmaaopa
File Deleted : C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\searchplugins\search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : FreeFixer background scan
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331111}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335511}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336611}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611331111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335511}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336611}
Key Deleted : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\TheTorntv V10
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\TheTorntv V10
Key Deleted : HKU\.DEFAULT\Software\TornTv Downloader


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 19 April 2015 - 05:08 AM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 05:41 AM

Computer asked me for a restart after the scan, I copied to clipboard but It restarted before I could save the log, :(  is there anyway I can find the log?



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 19 April 2015 - 05:43 AM

Computer asked me for a restart after the scan, I copied to clipboard but It restarted before I could save the log, :(  is there anyway I can find the log?


No problem! :)

scanlog1.png
scanlog2.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 05:46 AM

Heres my scan log  :)
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/04/2015
Scan Time: 11:06:09
Logfile: Log.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.19.02
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: earltowers
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390200
Time Elapsed: 24 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:10 AM

Posted 19 April 2015 - 05:48 AM

Let's do a final check up:

Step 1


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running


Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 07:29 AM

The ESET Scan is taking a while but here is the Hitman log:

 

HitmanPro 3.7.9.240
www.hitmanpro.com
 
   Computer name . . . . : FAMILYWORKPC
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : familyworkpc\earltowers
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-04-19 11:52:31
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 43s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 24
 
   Objects scanned . . . : 2,111,079
   Files scanned . . . . : 144,121
   Remnants scanned  . . : 702,576 files / 1,264,382 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\earltowers\Desktop\Pokemon Insurgence 1.0.12\gif.dll
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 90.7 days (2015-01-18 17:55:02)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Desktop\Pokemon Insurgence 1.0.12\rubyscreen.dll
      Size . . . . . . . : 28,160 bytes
      Age  . . . . . . . : 90.7 days (2015-01-18 17:56:30)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Desktop\Pokemon Omicron 1.4 (Win)\gif.dll
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 218.6 days (2014-09-12 20:35:53)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Desktop\Pokemon Omicron 1.4 (Win)\rubyscreen.dll
      Size . . . . . . . : 28,160 bytes
      Age  . . . . . . . : 218.6 days (2014-09-12 20:37:12)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Desktop\Pokémon Solar Light & Lunar Dark Demo 4.0\gif.dll
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 64.8 days (2015-02-13 17:05:06)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Desktop\Pokémon Solar Light & Lunar Dark Demo 4.0\rubyscreen.dll
      Size . . . . . . . : 28,160 bytes
      Age  . . . . . . . : 64.8 days (2015-02-13 17:05:06)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Documents\Pokémon Solar Light & Lunar Dark Demo 3.0\gif.dll
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 75.0 days (2015-02-03 11:35:52)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Documents\Pokémon Solar Light & Lunar Dark Demo 3.0\rubyscreen.dll
      Size . . . . . . . : 28,160 bytes
      Age  . . . . . . . : 75.0 days (2015-02-03 11:35:56)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\earltowers\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,097,664 bytes
      Age  . . . . . . . : 2.6 days (2015-04-16 20:32:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5E25CB59ECC2FC8A9B2B8E852A4FF11621595BA5613AD601AF63742D7EAA3353
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\earltowers\Downloads\FRST64.exe
      Size . . . . . . . : 2,098,176 bytes
      Age  . . . . . . . : 0.7 days (2015-04-18 20:04:05)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 4C4C9D8553A42A06AE56771FEDC72909028A0F98B3CB94C7159406D408831E81
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
   HKU\S-1-5-21-804254913-3732533996-1344380941-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
 
Repairs _____________________________________________________________________
 
   hosts
   C:\WINDOWS\system32\drivers\etc\
 
 
Cookies _____________________________________________________________________
 
   C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Cookies:7search.com
   C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\0AR2MACJ.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\CTG5FLUJ.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\EXJQBU78.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\H9UL0G7Q.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\IP31AFLU.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\LKJSC4GA.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\MD169QTA.txt
   C:\Users\earltowers\AppData\Local\Microsoft\Windows\INetCookies\RZ12HHUG.txt
 
 


#14 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 10:31 AM

Okay, the ESET Scanner is finally done, here are the results:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e6e352a2cc5dbe4199ff0ae52c57130c
# engine=23453
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-19 03:26:48
# local_time=2015-04-19 04:26:48 (+0000, GMT Summer Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 109562 116587592 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3378442 19228850 0 0
# scanned=498709
# found=34
# cleaned=0
# scan_time=15395
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\28.js.vir"
sh=A09EC8461BEA6390FCCA19F184BD2BB95493D869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\91.js.vir"
sh=E13F8D72EBADC71AB81C5D476D9C37F629C06E51 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\FRST\Quarantine.zip"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"
sh=F729C4CDF49744729357319E10DA2514EC40CB03 ft=0 fh=0000000000000000 vn="Win32/AlteredSoftware.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
sh=644F7D7493337B1C476B3EDAED8C9816BB5C9063 ft=1 fh=c71c001192caf50d vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll"
sh=5E3C51EB46A11EF91B84F3AC7DBDC91A8264CCE5 ft=1 fh=d9cdf1c8ff17595a vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll"
sh=4F1A1ECBC53648728576DC417328B2DD70532367 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\TheTorntv V10\1293297481.mxaddon"
sh=7F861257E506D1A631451E849F3FE8B1EE9B6BA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\TheTorntv V10\3096373b-cb2c-4fc4-8dd1-8ea29e62bcff.crx"
sh=F27849F762314791C014BDC50B10F572FD3475C3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\TheTorntv V10\6e822ef9-861c-4d67-8bce-67459ec84a8e.crx"
sh=F27849F762314791C014BDC50B10F572FD3475C3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747.crx"
sh=FE810075E407BDA825F13C7080C5F05290699A49 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\TheTorntv V10\b9d88e4f-8166-4295-92d2-d78e2970f747.xpi"
sh=5A6F667A3E90449DC22D7B42931B3F056C1D9D30 ft=1 fh=c71c0011d7a72305 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\SecurityHelper.dll"
sh=7445C302C5998FD99F2EE3A6B43E8A8EC752AE04 ft=1 fh=c71c0011e72da5e5 vn="Win64/Sathurbot.F trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Security\Client\SecurityProvider.dll"
sh=F9AA5034C2A5BCD683ACAA9E3EDE984AE95D8018 ft=1 fh=c071c408bdd2526d vn="a variant of Win32/Kryptik.DDTN trojan" ac=I fn="C:\FRST\Quarantine\C\Users\earltowers\AppData\Local\Igcjsoft\Test.dll.old"
sh=790BD1E4299C9E2A6A5ADAEDFD99EB0BEA35D7F8 ft=1 fh=597895b2bdd2526d vn="a variant of Win32/Kryptik.DDTN trojan" ac=I fn="C:\FRST\Quarantine\C\Users\earltowers\AppData\Local\Igcjsoft\Test.dll.temp"
sh=91201934F5939FF92B29B922BA0C89DFE1E80C8D ft=1 fh=23db2be7288f56df vn="NSIS/TrojanDownloader.Adload.Y trojan" ac=I fn="C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=A425BD6D4DEBA0A801538B2D47B18365092FCBD5 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.DCWK trojan" ac=I fn="C:\Users\earltowers\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\20d718c65e40485d\120712-0049\Att\200078bb\pic (1).zip"
sh=A425BD6D4DEBA0A801538B2D47B18365092FCBD5 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.DCWK trojan" ac=I fn="C:\Users\earltowers\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\20d718c65e40485d\120712-0049\Att\200078bb\pic (2).zip"
sh=A425BD6D4DEBA0A801538B2D47B18365092FCBD5 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.DCWK trojan" ac=I fn="C:\Users\earltowers\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\20d718c65e40485d\120712-0049\Att\200078bb\pic.zip"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\earltowers\AppData\Roaming\DUPBJQ"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\earltowers\AppData\Roaming\DXDCU"
sh=55D78AC37CF3425F3EFD8ACC3255C2CC92D26277 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application" ac=I fn="C:\Users\earltowers\AppData\Roaming\Skype\My Skype Received Files\Adobe CS6.rar"
sh=3AC763E9636ED184E470B34D1CE23FED832577E1 ft=1 fh=3bc72a96a1c8db23 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\earltowers\Documents\FL Studio Producer Edition 11.1.1 (32-64 bit) (Reg R2R) [ChingLiu]\flstudio_11.1.1.exe"
sh=3AC763E9636ED184E470B34D1CE23FED832577E1 ft=1 fh=3bc72a96a1c8db23 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\earltowers\Downloads\flstudio_11.1.1.exe"
sh=39B1D53CA06FF3570CB274990A6D56E4BC7E4E7B ft=1 fh=7ac5f65956e80094 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\earltowers\Downloads\flstudio_11.1.exe"
sh=7E60FF60775C7BBED9D243DB61C2F55511CBC797 ft=1 fh=998376138842e10e vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\earltowers\Downloads\FreeVideoToMP3Converter.exe"
sh=B7DFEC2266DC965E375D411AE8D6D1E44378696A ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application" ac=I fn="C:\Users\earltowers\Downloads\Adobe CS6\Crack\Patch.rar"
 
 
My computer seems to be running quickly and AVG seems to have stopped noticing the virus, most adware seems to be gone as well, but im not 100% sure. Mostly, my internet and system in general seems to be running relatively smoothly.


#15 WatsonSSG

WatsonSSG
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 April 2015 - 10:38 AM

Here are the FRST Scan results as well:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by earltowers (administrator) on FAMILYWORKPC on 19-04-2015 16:34:16
Running from C:\Users\earltowers\Downloads
Loaded Profiles: earltowers (Available profiles: earltowers)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-11] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK13/2
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-804254913-3732533996-1344380941-1001 -> {E9E634EB-E7CB-49E0-A1ED-9E2DE8050DCC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-31] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-31] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 148.197.254.3 148.197.159.247
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default
FF DefaultSearchEngine: search
FF SelectedSearchEngine: search
FF Homepage: https://mysearch.avg.com?cid={BDB543CD-C65F-432A-977C-BA0F88CA65BA}&mid=fdc2be53441a47d29d25a9aaf32cf934-95eb0ec6aca0bb588aa7b696b2c3f93ff8ea6e7b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-08 09:36:43&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-08-29] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-31] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-02-02] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804254913-3732533996-1344380941-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\earltowers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Extension: regexptestersebastianzartnerathcx - C:\Users\earltowers\AppData\Roaming\Mozilla\Firefox\Profiles\774e7guh.default\Extensions\regexptester@sebastianzartner.ath.cx [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-01]
CHR Extension: (Google Docs) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01]
CHR Extension: (Google Drive) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-01]
CHR Extension: (YouTube) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-01]
CHR Extension: (Google Search) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
CHR Extension: (Google Sheets) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-01]
CHR Extension: (AdBlock) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-08]
CHR Extension: (Bookmark Manager) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Gmail) - C:\Users\earltowers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
 
Opera: 
=======
OPR Extension: (cgagpckjofhomehafhognmangbjdiaap) - C:\Users\earltowers\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgagpckjofhomehafhognmangbjdiaap [2015-04-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-24] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-09] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 12:04 - 2015-04-19 12:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-19 12:02 - 2015-04-19 12:02 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-19 11:59 - 2015-04-19 11:59 - 02347384 _____ (ESET) C:\Users\earltowers\Desktop\esetsmartinstaller_enu (1).exe
2015-04-19 11:58 - 2015-04-19 11:59 - 02347384 _____ (ESET) C:\Users\earltowers\Downloads\esetsmartinstaller_enu (1).exe
2015-04-19 11:57 - 2015-04-19 11:57 - 00022366 _____ () C:\Users\earltowers\Downloads\HitmanPro_20150419_1157.log
2015-04-19 11:50 - 2015-04-19 11:50 - 11028616 _____ (SurfRight B.V.) C:\Users\earltowers\Downloads\HitmanPro_x64 (1).exe
2015-04-19 11:05 - 2015-04-19 14:10 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 11:05 - 2015-04-19 11:05 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-19 11:05 - 2015-04-19 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 11:05 - 2015-04-19 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 11:05 - 2015-04-19 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-19 11:05 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-19 11:05 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-19 11:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-19 11:04 - 2015-04-19 11:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\earltowers\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-19 11:01 - 2015-04-19 11:01 - 02217984 _____ () C:\Users\earltowers\Downloads\adwcleaner_4.201.exe
2015-04-19 10:55 - 2015-04-19 10:59 - 00000000 ____D () C:\AdwCleaner
2015-04-18 23:09 - 2015-04-18 23:09 - 02217984 _____ () C:\Users\earltowers\Desktop\adwcleaner_4.201.exe
2015-04-18 20:04 - 2015-04-18 20:04 - 00000000 ____D () C:\Users\earltowers\Downloads\FRST-OlderVersion
2015-04-18 16:22 - 2015-04-18 16:22 - 00000184 _____ () C:\Users\earltowers\Downloads\eula.txt
2015-04-18 16:22 - 2015-04-18 16:22 - 00000061 _____ () C:\Users\earltowers\Downloads\server.properties
2015-04-17 22:43 - 2015-04-17 22:43 - 00047581 _____ () C:\Users\earltowers\Downloads\Addition.txt
2015-04-17 22:42 - 2015-04-19 16:34 - 00022685 _____ () C:\Users\earltowers\Downloads\FRST.txt
2015-04-17 17:29 - 2015-04-17 17:29 - 00000941 _____ () C:\Users\earltowers\Downloads\Documents - Shortcut.lnk
2015-04-16 22:33 - 2015-04-16 22:33 - 00000002 _____ () C:\runcheck.txt
2015-04-16 22:33 - 2015-04-16 22:33 - 00000000 ____D () C:\zoek_backup
2015-04-16 22:32 - 2015-04-16 22:32 - 04317228 _____ () C:\Users\earltowers\Downloads\zoek.rar
2015-04-16 22:32 - 2015-04-16 22:32 - 00000000 ____D () C:\Users\earltowers\Downloads\zoek
2015-04-16 20:54 - 2015-04-16 20:54 - 00063870 _____ () C:\Users\earltowers\Downloads\HitmanPro_20150416_2053.log
2015-04-16 20:47 - 2015-04-16 20:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-16 20:47 - 2015-04-16 20:48 - 02347384 _____ (ESET) C:\Users\earltowers\Downloads\esetsmartinstaller_enu.exe
2015-04-16 20:33 - 2015-04-19 16:34 - 00000000 ____D () C:\FRST
2015-04-16 20:32 - 2015-04-18 20:04 - 02098176 _____ (Farbar) C:\Users\earltowers\Downloads\FRST64.exe
2015-04-16 20:18 - 2015-04-16 20:19 - 11028616 _____ (SurfRight B.V.) C:\Users\earltowers\Desktop\HitmanPro_x64.exe
2015-04-16 19:45 - 2015-04-16 20:02 - 00000000 ____D () C:\WINDOWS\pss
2015-04-16 19:37 - 2015-04-16 19:37 - 46627408 _____ () C:\Users\earltowers\Downloads\BDPUARLauncher.exe
2015-04-16 19:30 - 2015-04-16 19:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\earltowers\Downloads\tdsskiller.exe
2015-04-16 19:28 - 2015-04-16 19:28 - 00000000 _____ () C:\autoexec.bat
2015-04-16 17:50 - 2015-04-16 17:50 - 00000000 ____D () C:\Users\earltowers\AppData\Local\openvr
2015-04-16 16:56 - 2015-04-18 16:15 - 00000000 ____D () C:\Users\earltowers\Downloads\Dubloadz and Friendz 20k EP
2015-04-16 16:50 - 2015-04-16 16:55 - 104856799 _____ () C:\Users\earltowers\Downloads\Dubloadz and Friendz 20k EP.zip
2015-04-15 20:15 - 2015-04-15 20:15 - 00000000 ____D () C:\Users\earltowers\Tracing
2015-04-15 18:18 - 2015-04-15 18:21 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-15 18:18 - 2015-04-15 18:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-15 18:13 - 2015-04-15 18:13 - 00000000 ____D () C:\Users\earltowers\Downloads\Darkwatch (USA)
2015-04-15 17:40 - 2015-04-15 17:46 - 2041703795 _____ () C:\Users\earltowers\Downloads\Darkwatch (USA).7z
2015-04-15 17:36 - 2015-04-15 17:36 - 13177882 _____ () C:\Users\earltowers\Downloads\AppNee.com.PS2.BIOS.files.AiO.package.for.PCSX2.emulator.7z
2015-04-15 17:36 - 2015-04-15 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-04-15 17:35 - 2015-04-15 17:35 - 10658408 _____ () C:\Users\earltowers\Downloads\pcsx2-1.2.1-r5875-setup.exe
2015-04-15 17:24 - 2015-04-15 17:24 - 00000000 ____D () C:\Users\earltowers\AppData\Local\uhowe
2015-04-15 17:20 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 17:20 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 17:20 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 17:20 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 17:20 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 17:20 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 17:20 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 17:20 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 17:20 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 17:20 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 17:20 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 17:20 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 17:20 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 17:20 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 17:20 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 17:20 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 17:20 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 17:20 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 17:20 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 17:20 - 2014-10-29 03:48 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-04-15 17:20 - 2014-10-29 03:43 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2015-04-15 17:20 - 2014-10-29 03:17 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\logman.exe
2015-04-15 17:20 - 2014-10-29 02:58 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskperf.exe
2015-04-15 17:20 - 2014-10-29 02:38 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logman.exe
2015-04-15 17:20 - 2014-10-29 02:26 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\typeperf.exe
2015-04-15 17:20 - 2014-10-29 02:26 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\relog.exe
2015-04-15 17:20 - 2014-10-29 02:04 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\typeperf.exe
2015-04-15 17:20 - 2014-10-29 02:04 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\relog.exe
2015-04-15 17:19 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 17:19 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 17:19 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 17:19 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 17:19 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 17:19 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 17:19 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 17:19 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 17:19 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 17:19 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 17:19 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 17:19 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 17:19 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 17:19 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 17:19 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 17:19 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 17:19 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 17:19 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 17:19 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 17:19 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 17:19 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 17:19 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 17:19 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 17:19 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 17:19 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 17:19 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 17:19 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 17:19 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 17:19 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 17:19 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 17:19 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 17:19 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 17:19 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 17:19 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 17:19 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 17:19 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 17:19 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 17:19 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 17:19 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 17:19 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 17:19 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 17:19 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 17:19 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 17:19 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 17:19 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 17:19 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 17:19 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-31 09:14 - 2015-03-31 09:14 - 00005655 _____ () C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK
2015-03-31 09:14 - 2015-03-31 09:14 - 00004387 _____ () C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD
2015-03-27 00:03 - 2015-03-27 00:03 - 02666167 _____ (Kephyr) C:\Users\earltowers\Downloads\freefixersetup.exe
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-03-24 22:37 - 2015-03-24 22:38 - 35189438 _____ () C:\Users\earltowers\Downloads\NEGATIVE - WARNING [FINAL].rar
2015-03-24 21:14 - 2015-03-24 21:14 - 00250078 _____ () C:\Users\earltowers\Downloads\Roman-Caps.zip
2015-03-24 20:54 - 2015-03-27 00:02 - 00000288 _____ () C:\Users\earltowers\AppData\Roaming\92EE1DB6.reg
2015-03-24 20:15 - 2015-03-24 20:15 - 00000132 _____ () C:\Users\earltowers\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-24 17:51 - 2015-03-24 17:51 - 00000000 ____D () C:\Users\earltowers\Desktop\Adobe
2015-03-24 17:48 - 2015-03-24 18:03 - 00000000 ____D () C:\Users\earltowers\Documents\Adobe
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\PACE Anti-Piracy
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\Users\earltowers\AppData\Local\PACE Anti-Piracy
2015-03-24 17:48 - 2015-03-24 17:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-03-24 17:32 - 2015-03-24 17:32 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-03-24 17:32 - 2015-03-24 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-03-24 17:28 - 2015-03-24 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2015-03-24 17:28 - 2015-03-24 17:37 - 00000000 ____D () C:\Program Files\Adobe
2015-03-23 22:20 - 2015-03-23 22:20 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-03-23 22:20 - 2015-03-23 22:20 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-23 22:20 - 2015-03-23 22:20 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-23 21:55 - 2015-02-20 20:09 - 00000000 ____D () C:\Users\earltowers\Downloads\Adobe CS6
2015-03-22 12:17 - 2015-03-22 12:17 - 41840320 _____ (Microsoft Corporation) C:\Users\earltowers\Downloads\Windows-KB890830-x64-V5.22.exe
2015-03-21 20:35 - 2015-03-21 20:35 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\earltowers\Downloads\autodetectutility (1).exe
2015-03-21 20:21 - 2015-03-21 20:21 - 01046528 _____ () C:\Users\earltowers\Downloads\MicrosoftFixit50848.msi
2015-03-21 20:07 - 2015-03-21 20:07 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\AMD
2015-03-21 19:53 - 2015-03-21 19:53 - 00000000 ____D () C:\Users\earltowers\AppData\Local\AMD
2015-03-21 19:52 - 2015-03-21 19:52 - 00000000 ____D () C:\Users\earltowers\AppData\Local\AppEx Networks
2015-03-21 19:52 - 2015-03-21 19:52 - 00000000 ____D () C:\ProgramData\ATI
2015-03-21 19:50 - 2015-03-21 19:50 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-03-21 19:49 - 2015-03-21 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-03-21 19:48 - 2015-03-22 12:14 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Raptr
2015-03-21 19:48 - 2015-03-21 19:48 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\library_dir
2015-03-21 19:48 - 2015-03-21 19:48 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-03-21 19:47 - 2015-03-21 19:47 - 00058610 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503211847294578.log
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-03-21 19:47 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-03-21 19:47 - 2014-10-28 15:24 - 00229056 _____ (AppEx Networks Corporation) C:\WINDOWS\system32\Drivers\appexDrv.sys
2015-03-21 19:41 - 2015-03-21 19:47 - 00000000 ____D () C:\Program Files\AMD
2015-03-21 19:41 - 2015-03-21 19:41 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-03-21 19:40 - 2015-03-21 19:40 - 00000000 ____D () C:\AMD
2015-03-21 19:35 - 2015-03-21 19:35 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\earltowers\Downloads\autodetectutility.exe
2015-03-21 19:07 - 2015-03-21 19:07 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Users\earltowers\Documents\Penumbra
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-03-21 18:52 - 2015-03-22 22:05 - 00000000 ____D () C:\Users\earltowers\Documents\UHC Season 2
2015-03-21 18:48 - 2015-03-22 22:21 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Ori and the Blind Forest
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 16:34 - 2015-01-09 18:12 - 01048761 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-19 16:34 - 2014-08-29 18:09 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Skype
2015-04-19 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 15:49 - 2014-09-01 19:27 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 15:42 - 2015-01-15 19:55 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C778D2E-B2CF-49A3-A7DD-C050BCB1F7A2}
2015-04-19 12:12 - 2014-01-25 20:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-804254913-3732533996-1344380941-1001
2015-04-19 11:33 - 2014-09-24 09:08 - 00017946 _____ () C:\WINDOWS\PFRO.log
2015-04-19 11:33 - 2013-08-22 15:46 - 00366957 _____ () C:\WINDOWS\setupact.log
2015-04-19 11:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 11:33 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SchCache
2015-04-19 11:32 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-19 10:56 - 2014-10-12 13:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-18 21:49 - 2014-09-01 20:13 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\.minecraft
2015-04-18 20:02 - 2014-08-29 20:20 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\uTorrent
2015-04-18 14:13 - 2014-02-07 17:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-18 13:09 - 2014-09-27 21:41 - 00000000 ____D () C:\Users\earltowers\Documents\My Games
2015-04-18 13:09 - 2014-08-29 18:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-18 10:18 - 2015-03-19 20:27 - 00000000 ____D () C:\Users\earltowers\Documents\Channel Art
2015-04-17 17:50 - 2014-09-24 17:21 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-17 17:35 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\earltowers\Desktop\Steam Games
2015-04-17 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-16 19:55 - 2013-11-05 22:30 - 00000000 ____D () C:\ProgramData\Temp
2015-04-16 19:27 - 2015-01-09 18:04 - 00000000 ____D () C:\Users\earltowers
2015-04-16 13:50 - 2015-01-26 14:50 - 00003202 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForearltowers
2015-04-16 13:50 - 2015-01-26 14:50 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForearltowers.job
2015-04-16 13:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 22:53 - 2014-09-01 19:51 - 00002268 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 20:14 - 2014-09-30 13:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 20:14 - 2014-08-29 18:09 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 19:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 18:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 18:22 - 2015-01-04 17:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 18:22 - 2014-09-24 19:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 18:20 - 2013-08-22 15:44 - 05080368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-15 17:36 - 2014-08-31 13:11 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-04-15 17:36 - 2014-08-31 13:10 - 00002004 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2015-04-15 17:36 - 2014-08-31 13:10 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2015-04-15 17:15 - 2014-10-12 13:05 - 00000988 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-15 17:15 - 2014-10-12 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-15 17:15 - 2014-02-02 14:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-04-15 17:12 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-15 17:10 - 2014-08-29 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 00:24 - 2015-01-16 12:59 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2015-01-16 12:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 11:16 - 2014-02-07 17:37 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-27 00:02 - 2015-02-21 15:23 - 00001784 _____ () C:\Users\earltowers\Desktop\Computer.lnk
2015-03-26 11:08 - 2015-02-24 16:12 - 00000000 ____D () C:\Users\earltowers\Documents\Thumbs
2015-03-25 11:29 - 2015-03-14 15:05 - 30549534 _____ () C:\Users\earltowers\Desktop\UHC_Season2Intro.mp4
2015-03-25 00:31 - 2014-01-25 20:07 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Adobe
2015-03-24 17:48 - 2013-07-02 10:11 - 00000000 ___HD () C:\Users\earltowers\AppData\Local\AIuTiROlR
2015-03-24 17:48 - 2013-06-14 20:49 - 00000000 ___HD () C:\Users\earltowers\AppData\Local\2Mu7HoZr
2015-03-24 17:45 - 2015-03-05 20:58 - 00002758 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-03-24 17:37 - 2015-02-21 17:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-24 17:33 - 2015-02-21 17:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-24 17:31 - 2015-02-21 17:44 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-24 16:14 - 2015-02-21 17:39 - 00000000 ____D () C:\Users\earltowers\AppData\Local\Adobe
2015-03-23 22:37 - 2015-02-21 18:08 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-23 21:42 - 2015-02-21 20:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-21 20:37 - 2014-11-29 14:27 - 00000000 ____D () C:\Users\earltowers\AppData\Roaming\Bioshock
2015-03-21 20:07 - 2014-11-03 21:03 - 00000000 ____D () C:\Users\earltowers\Documents\Amnesia
2015-03-21 19:51 - 2013-11-05 22:29 - 00000000 ____D () C:\ProgramData\AMD
2015-03-21 19:41 - 2013-04-03 16:09 - 00000000 ____D () C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2015-03-24 20:54 - 2015-03-27 00:02 - 0000288 _____ () C:\Users\earltowers\AppData\Roaming\92EE1DB6.reg
2015-03-24 20:15 - 2015-03-24 20:15 - 0000132 _____ () C:\Users\earltowers\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\earltowers\AppData\Roaming\DUPBJQ
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\earltowers\AppData\Roaming\DXDCU
2015-02-21 15:23 - 2015-03-27 00:02 - 0009728 _____ () C:\Users\earltowers\AppData\Roaming\mcp.ico
2015-03-31 09:14 - 2015-03-31 09:14 - 0005655 _____ () C:\Users\earltowers\AppData\Roaming\PWoQW7QLMj1OIjyJzK
2015-03-31 09:14 - 2015-03-31 09:14 - 0004387 _____ () C:\Users\earltowers\AppData\Roaming\Z6Bk67WhHksWUKlD
2014-09-11 20:40 - 2015-02-09 16:39 - 0005632 _____ () C:\Users\earltowers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-28 20:27 - 2014-10-28 20:27 - 0006516 _____ () C:\Users\earltowers\AppData\Local\recently-used.xbel
2014-09-21 21:38 - 2014-10-13 19:35 - 0089738 _____ () C:\Users\earltowers\AppData\Local\Tempmusic.ogg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-19 12:12
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by earltowers at 2015-04-19 16:35:32
Running from C:\Users\earltowers\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version:  - Valve)
Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
Desura: Doorways (HKLM-x32\...\Desura_91646012162080) (Version: Chapters 1 - 2 - Saibot Studios)
Desura: ERIE (HKLM-x32\...\Desura_81776177315872) (Version: Full - UGF)
Desura: Five Nights at Freddy's (HKLM-x32\...\Desura_129355825020960) (Version: Full - animdude)
Desura: The Mask Reveals Disgusting Face (HKLM-x32\...\Desura_126087354908704) (Version: Full - EZeddy)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Hektor (HKLM-x32\...\Steam App 334070) (Version:  - Rubycone)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kraven Manor (HKLM-x32\...\Steam App 296630) (Version:  - Demon Wagon Studios)
Kraven Manor Demo (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\Kraven Manor Demo) (Version: 1.1.0 - Demon Wagon Studios)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-2618297b-5e77-421b-ac9d-d1a4f01e55a1) (Version:  - Epic Games, Inc.)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version:  - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Serato DJ  (HKLM-x32\...\{cff70cd3-29c4-4043-b20c-e085773b05e0}) (Version: 1.6.3.7539 - )
Serato DJ  (x32 Version: 1.6.3.7539 - Serato) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Slender - The Arrival (HKLM-x32\...\Slender - The Arrival_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SPEAR v0.7.4 r.148 (HKLM-x32\...\{164F4A4D-9564-4C61-BD10-CA24B4CBBC66}_is1) (Version:  - Michael Klingbeil)
Spectro (HKLM-x32\...\{1F8D186D-8C5C-4589-BC28-1A8964CA74A6}) (Version: 1.0.93 - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-804254913-3732533996-1344380941-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\earltowers\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
16-04-2015 20:13:00 Removed Bonjour
19-04-2015 11:59:51 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2015-03-07 21:11 - 00001509 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.100 www.google-analytics.com.
85.25.107.100 google-analytics.com.
85.25.107.100 connect.facebook.net.
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
195.162.68.58 www.google-analytics.com.
195.162.68.58 google-analytics.com.
195.162.68.58 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {023CCE03-9E8E-4A08-85F4-5F5736ADFD91} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {024FECC6-0B53-47D2-9EFD-6482878EC862} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {086725F4-C49D-43DF-BD16-C3A81992EE03} - System32\Tasks\HPCeeScheduleForearltowers => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {3C559310-CC10-4E81-9B6F-FB62A7029036} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {45DB949A-E398-45B5-B4FA-1D2187FEE159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {58F5CF40-5958-4A93-9545-DE3698436D97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {5C12846A-556E-409C-AA1D-8C6CC4046FD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {68DC5999-342A-4D33-A3C7-63218E6C63F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {75F3C0BD-19BF-46B2-8206-935DF4A24282} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8AFE7975-DEAD-4958-B2FE-8CF7300A417D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {94746291-C364-4BB0-8CC8-6D34874C28F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B42DAB4C-6A09-4734-8E1C-6C3FAA40FA24} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B90588D1-B72B-4C9B-A989-7E739AB665A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {C14CF2CD-6EE6-4322-821A-869BAC3DB623} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {CAC5F34A-A9DF-4EFE-A96D-6B5BDEAB27D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D3A9171C-D070-476D-8CD7-FB971BCDB569} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {E140D962-EAC6-46C8-B3EF-BF9FD193591A} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-04] ()
Task: {E8958A6D-624E-4D82-89C7-B709D5D2AF4C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {EF6DB5D6-694B-404B-8F2E-5C87BD67BC13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {F34D433C-F97F-404E-9C34-24AB3723AB31} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {F64F9A7B-BB2E-4DBB-9769-8033A1A8A524} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForearltowers.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-26 13:40 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2014-09-05 11:47 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-17 11:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-16 18:13 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-05 22:32 - 2013-03-12 15:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-08 10:36 - 2014-11-08 10:35 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-04-15 22:53 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 22:53 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68608389.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68608389.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\earltowers\Downloads\10926366_1420276464930452_9025936073372539356_n.jpg
DNS Servers: 148.197.254.3 - 148.197.159.247
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\StartupFolder: => "TornTvDownloader.lnk"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-804254913-3732533996-1344380941-1001\...\StartupApproved\Run: => ""
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-804254913-3732533996-1344380941-500 - Administrator - Disabled)
earltowers (S-1-5-21-804254913-3732533996-1344380941-1001 - Administrator - Enabled) => C:\Users\earltowers
Guest (S-1-5-21-804254913-3732533996-1344380941-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 04:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 00:04:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/19/2015 00:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HitmanPro_x64.exe version 3.7.9.240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2a0
 
Start Time: 01d07a8ee3d754c0
 
Termination Time: 4294967295
 
Application Path: C:\Users\earltowers\Desktop\HitmanPro_x64.exe
 
Report Id: 4447ecd2-e683-11e4-bed1-78e3b5c810c7
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/19/2015 11:59:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91561601-830d-4f3e-9ba2-36e6345b6d07}
 
 
System errors:
=============
Error: (04/19/2015 03:53:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/19/2015 03:53:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/19/2015 00:13:31 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/19/2015 00:13:01 PM) (Source: DCOM) (EventID: 10010) (User: familyworkpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/19/2015 11:00:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%3
 
Error: (04/19/2015 10:59:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 3 time(s).
 
Error: (04/19/2015 10:59:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/19/2015 10:59:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/19/2015 10:59:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/19/2015 10:59:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 04:33:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 04:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 00:04:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 00:04:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\earltowers\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (04/19/2015 00:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HitmanPro_x64.exe3.7.9.2402a001d07a8ee3d754c04294967295C:\Users\earltowers\Desktop\HitmanPro_x64.exe4447ecd2-e683-11e4-bed1-78e3b5c810c7
 
Error: (04/19/2015 11:59:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91561601-830d-4f3e-9ba2-36e6345b6d07}
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 45%
Total physical RAM: 5317.12 MB
Available physical RAM: 2897.54 MB
Total Pagefile: 7621.12 MB
Available Pagefile: 4817.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:912.59 GB) (Free:151.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 880CF096)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users