Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow internet when p.c. is on


  • This topic is locked This topic is locked
20 replies to this topic

#1 ncooper1977

ncooper1977

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 05 July 2015 - 09:06 AM

I seem to have a problem with something using my internet but only when this computer is on. I have a phone, a tablet and a smart tv and have no issues until I log on with this computer. I am running Windows 8.1 with a full version of agv internet security and malwarebyes free both up to date. If I run a speed test from my phone with this pc off i get a down speed of average 3mbps, with this pc on i get average of .79mbps both from my phone and this pc. Please help me find what i'm missing .
thank you 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015
Ran by NATHAN (administrator) on COOPER on 05-07-2015 06:33:22
Running from C:\Users\NATHAN\Downloads
Loaded Profiles: NATHAN (Available Profiles: NATHAN)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cisco) C:\Users\NATHAN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\NATHAN\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
() C:\Users\NATHAN\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AceBIT) C:\Program Files (x86)\AceBIT\Password Depot 7\pdMessagingHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Farbar) C:\Users\NATHAN\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5213136 2015-06-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [uTorrent] => C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [HydraVisionMDEngine] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [565248 2013-05-15] (AMD)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Grid] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-05-15] ()
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Obwjics] => regsvr32.exe C:\Users\NATHAN\AppData\Local\Obwjics\CoreText.dll <===== ATTENTION
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Google Update] => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-17] (Google Inc.)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [GoogleChromeAutoLaunch_E71A23038D07E5791FAFB40B8D08580E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [PCShowServer] => C:\Users\NATHAN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631520 2015-04-08] (Cisco)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Octoshape Streaming Services] => C:\Users\NATHAN\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Password Depot] => C:\Program Files (x86)\AceBIT\Password Depot 7\PasswordDepot.exe [12273312 2014-09-03] (AceBIT GmbH)
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: K - "K:\setup.exe" 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: {2decce34-9266-11e4-bebd-b8763f0dd2f6} - "L:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: {ecc53012-1444-11e4-be8e-b8763f0dd2f6} - "M:\TL-BootStrap.exe" 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File not found
IFEO\allshare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hitmanpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2015-05-09]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-02-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-09-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=523482&fr=spigot-yhp-ie
SearchScopes: HKLM -> {42FC2394-1A4D-41FC-8801-31F5B945139E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {42FC2394-1A4D-41FC-8801-31F5B945139E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> {42FC2394-1A4D-41FC-8801-31F5B945139E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> {956824DD-8D36-4C21-9BF2-72A49D227149} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0FtD0D0DtB0FyBtA0E0FtDtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyE0EtB0D0CyByEyBtGtA0F0DyEtG0E0EyByEtGyEtBtAzytGtDzy0EyDtC0CyE0EyDyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0AyDyD0B0EtG0A0F0B0AtGyE0AtCtDtGzytAzy0BtG0D0CzzyCtB0FtDyEyEzz0B0E2Q&cr=1386266058&ir=
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-12] (Oracle Corporation)
BHO: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn64.dll [2014-06-27] (AceBIT)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-12] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-09] (Oracle Corporation)
BHO-x32: Password Depot 7 -> {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} -> C:\Program Files (x86)\AceBIT\Password Depot 7\pdIEAddOn32.dll [2014-06-27] (AceBIT)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{153770F2-3E6A-4498-AA9A-214B76CEAD2C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{72E43ADA-FEF3-4BD1-AFBD-ADBA468D1BDF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7E901983-8706-4575-9CE8-8DDCEFE5DD8B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{99870CFC-4B51-4E72-8BBE-B5CA67EE7A23}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{99870CFC-4B51-4E72-8BBE-B5CA67EE7A23}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\NATHAN\AppData\Roaming\Mozilla\Firefox\Profiles\k8npl6z0.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://search.yahoo.com/?type=523482&fr=spigot-yhp-ff
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1581858979-3581953092-217864043-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\NATHAN\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1581858979-3581953092-217864043-1001: @tools.google.com/Google Update;version=3 -> C:\Users\NATHAN\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1581858979-3581953092-217864043-1001: @tools.google.com/Google Update;version=9 -> C:\Users\NATHAN\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1581858979-3581953092-217864043-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\NATHAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\NATHAN\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-05-02] (Octoshape ApS)
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\NATHAN\AppData\Roaming\Mozilla\Firefox\Profiles\k8npl6z0.default\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B} [2015-03-04]
FF HKLM-x32\...\Firefox\Extensions: [passworddepot@acebit.com] - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox
FF Extension: Password Depot Extension - C:\Program Files (x86)\AceBIT\Password Depot 7\Firefox [2015-06-20]
FF HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg [2015-06-05]
CHR Extension: (Entanglement Web App) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-01-22]
CHR Extension: (Sudoku) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2014-08-03]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-01-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-02-01]
CHR Extension: (Oil price) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmcabneknmhglhmbdjoekbjojjinfg [2015-01-27]
CHR Extension: (Google Docs) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (YouTube) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Duck Hunter) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmdgpgpoggmdbkfhdegpidfoiomdjnle [2014-01-22]
CHR Extension: (Google Cast) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-01]
CHR Extension: (Bible) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb [2014-01-22]
CHR Extension: (Adblock Plus) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-22]
CHR Extension: (Let's fish!) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cllcnemhlcbajfagpgedoiifogemaimb [2015-01-24]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-01-24]
CHR Extension: (Google Search) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Google Cast (Beta)) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-04-26]
CHR Extension: (Word Search) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2014-01-22]
CHR Extension: (Max Arrow) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjnelddndmdgkghhepkmhocgggpbehc [2015-01-27]
CHR Extension: (Bottle Shooting) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\enlhholpgabnfajcblcglijhianldmjj [2014-12-06]
CHR Extension: (Kid Games - For New Tab) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\facobadjfejjdkjnjdncfflhnhegcclc [2015-01-20]
CHR Extension: (Digital Clock) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2014-01-22]
CHR Extension: (Longbow - Archery 3D) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\helcoidggejhedkbbgbofkfcheikaoec [2014-12-06]
CHR Extension: (Crazy Shooting) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood [2014-01-22]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-01-22]
CHR Extension: (theHunter) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo [2014-01-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-07-01]
CHR Extension: (Google Play) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-10-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-01-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-08]
CHR Extension: (Poppit!) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-22]
CHR Extension: (Password Depot Add-On) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgmdbhgeplifgopfnmafmhfmoekiekn [2015-06-26]
CHR Extension: (3D Ferrari F458) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfjnhanfponogkaieppfaelmojggamo [2014-05-27]
CHR Extension: (HTML validate!) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn [2014-01-22]
CHR Extension: (WeatherBug) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mekeaeklopjambfhgndcddmpfbinkdpb [2014-01-22]
CHR Extension: (AVG Secure Search) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-29]
CHR Extension: (Mahjong Solitaire) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2014-01-22]
CHR Extension: (Girl Games - For New Tab) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhccecppcjphhifpjblgkcminelgcbfk [2015-01-20]
CHR Extension: (Pro Kicker) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnoiomnnknlhopdjhjalnbnngfkhplc [2015-01-28]
CHR Extension: (LocalChromecast Player) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-01-22]
CHR Extension: (Adblock Pro) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-12-03]
CHR Extension: (FreeKaTV Free Live TV) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbanmeaafgiadoihpklghcmohdjphief [2014-04-10]
CHR Extension: (Music Bubbles) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjimkanhpmeohjmkdjefoodcmigdbcop [2015-02-01]
CHR Extension: (Gmail) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR Extension: (Forest Lake) - C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkjjfcnbaheonflpipcohjdledpccpig [2015-07-01]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1581858979-3581953092-217864043-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1581858979-3581953092-217864043-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mcgmdbhgeplifgopfnmafmhfmoekiekn] - C:\Program Files (x86)\AceBIT\Password Depot 7\crx.crx [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440 2012-09-06] (AMD) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1441648 2015-06-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3257808 2015-06-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300408 2015-06-12] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-18] (SurfRight B.V.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2014-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2014-01-25] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U3 ufldqpoc; \??\C:\Users\NATHAN\AppData\Local\Temp\ufldqpoc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 06:29 - 2015-07-05 06:30 - 02112512 _____ (Farbar) C:\Users\NATHAN\Downloads\FRST64 (1).exe
2015-07-05 06:07 - 2015-07-05 06:07 - 00380416 _____ C:\Users\NATHAN\Downloads\q0fzm8mh.exe
2015-07-04 18:24 - 2015-07-04 18:24 - 00380416 _____ C:\Users\NATHAN\Downloads\6n6uefo2.exe
2015-07-04 18:18 - 2015-07-04 18:18 - 00380416 _____ C:\Users\NATHAN\Downloads\oni8884t.exe
2015-07-04 18:18 - 2015-07-04 18:18 - 00370943 _____ C:\Users\NATHAN\Downloads\gmer.zip
2015-07-04 18:14 - 2015-07-04 18:14 - 00380416 _____ C:\Users\NATHAN\Downloads\8netq3xs.exe
2015-07-04 18:12 - 2015-07-04 18:12 - 00380416 _____ C:\Users\NATHAN\Downloads\p2ms3pce.exe
2015-07-04 18:10 - 2015-07-04 18:11 - 00064822 _____ C:\Users\NATHAN\Downloads\Addition.txt
2015-07-04 18:09 - 2015-07-05 06:33 - 00037715 _____ C:\Users\NATHAN\Downloads\FRST.txt
2015-07-04 18:09 - 2015-07-05 06:33 - 00000000 ____D C:\FRST
2015-07-04 18:08 - 2015-07-04 18:08 - 02112512 _____ (Farbar) C:\Users\NATHAN\Downloads\FRST64.exe
2015-07-04 16:40 - 2015-07-04 16:40 - 00000000 ____H C:\ProgramData\cm-lock
2015-07-04 11:22 - 2015-07-04 11:22 - 00000000 ____D C:\Users\NATHAN\Downloads\samsung_2493hm_ch.ls24kie
2015-07-04 11:20 - 2015-07-04 11:22 - 20360801 _____ C:\Users\NATHAN\Downloads\samsung_2493hm_ch.ls24kie.rar
2015-06-28 07:19 - 2015-07-01 17:58 - 00000000 ____D C:\Users\NATHAN\Downloads\Jurassic World 2015 HDTS V2 x264 AC3-CPG
2015-06-28 07:18 - 2015-06-28 07:19 - 00130739 _____ C:\Users\NATHAN\Downloads\EE0B41983C0A71E19B0CF06854CD5C7732D8D3BE.torrent
2015-06-25 09:13 - 2015-06-25 09:13 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-22 22:26 - 2015-06-23 01:19 - 00000000 ____D C:\Users\NATHAN\Downloads\Solidworks 2015 SP2.0 x64
2015-06-22 02:41 - 2015-06-22 02:44 - 00000000 ____D C:\Users\NATHAN\Downloads\Edgecam_2012_R1
2015-06-21 22:00 - 2015-06-22 00:44 - 00000000 ____D C:\Users\NATHAN\Downloads\Planit EdgeCAM 2013 R2
2015-06-21 12:50 - 2015-06-21 12:50 - 00044051 _____ C:\Users\NATHAN\Downloads\[demonoid.pw]-Solidworks_2015_SP2_0_x64.TORRENT
2015-06-21 12:38 - 2015-06-21 12:38 - 00012844 _____ C:\Users\NATHAN\Downloads\Planit_Edgecam_2011_R1-((demonoid.pw)).TORRENT
2015-06-21 12:11 - 2015-06-21 12:11 - 00017444 _____ C:\Users\NATHAN\Downloads\Planit+EdgeCAM+2013+R2.torrent
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 ____D C:\Users\NATHAN\Documents\Password Depot
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 ____D C:\Users\NATHAN\AppData\Roaming\AceBIT
2015-06-20 15:01 - 2015-06-20 15:01 - 00000000 ____D C:\Users\NATHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AceBIT
2015-06-20 15:01 - 2015-06-20 15:01 - 00000000 ____D C:\Program Files (x86)\AceBIT
2015-06-20 15:01 - 2009-08-13 18:07 - 00729424 _____ (WeOnlyDo Software) C:\WINDOWS\SysWOW64\wodSFTP.dll
2015-06-20 15:01 - 2009-08-13 18:07 - 00672024 _____ (WeOnlyDo! COM) C:\WINDOWS\SysWOW64\wodKeys.dll
2015-06-20 08:23 - 2015-06-20 08:24 - 03150919 _____ C:\Users\NATHAN\Downloads\Tdwin_Taper_Crack.zip
2015-06-13 22:00 - 2015-06-13 22:52 - 00000000 ____D C:\Users\NATHAN\Downloads\Vero Edgecam 2015 R1
2015-06-13 10:59 - 2015-06-13 10:59 - 00019032 _____ C:\Users\NATHAN\Downloads\[kickass-torrents.ytsre.eu]vero.edgecam.2015.r1.torrent
2015-06-13 10:54 - 2015-06-13 10:54 - 00019032 _____ C:\Users\NATHAN\Downloads\Vero Edgecam 2015 R1.torrent
2015-06-10 06:26 - 2015-06-10 06:26 - 00000000 ____D C:\Users\NATHAN\AppData\Local\GWX
2015-06-09 22:28 - 2015-06-12 20:32 - 00000000 ____D C:\Users\NATHAN\Downloads\Fishing.Naked.2015.HDRip.XviD.AC3-EVO
2015-06-09 22:00 - 2015-06-13 10:37 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Nightmare.2015.HDRip.XViD-ETRG
2015-06-09 17:55 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 17:55 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 17:55 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 17:55 - 2015-04-08 17:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 17:55 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 17:55 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 17:55 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 17:55 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 17:55 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 17:55 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 17:55 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 17:55 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 17:54 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 17:54 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 17:54 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 17:54 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 17:54 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 17:54 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 17:54 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 17:54 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 17:54 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 17:54 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 17:54 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 17:54 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 17:54 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 17:54 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 17:54 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 17:54 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 17:54 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 17:54 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 17:54 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 17:54 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 17:54 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 17:54 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 17:54 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 17:54 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 17:54 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 17:54 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 17:54 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 17:54 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 17:54 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 17:54 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 17:54 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 17:54 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 17:54 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 17:54 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 17:54 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 17:54 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 17:54 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 17:54 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 17:54 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 17:54 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 17:54 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 17:54 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 17:54 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 17:54 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 17:54 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 17:54 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 17:54 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 17:54 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 17:54 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 17:54 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 17:54 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 17:54 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 17:54 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 17:54 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 17:54 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 17:54 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 17:54 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:54 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 17:54 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 17:54 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 17:54 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 06:54 - 2015-06-09 06:54 - 00115987 _____ C:\Users\NATHAN\Downloads\DAA85801BFF681D1477DA2D4B7B371E7E0B3EAB8.torrent
2015-06-09 06:50 - 2015-06-09 06:50 - 00057823 _____ C:\Users\NATHAN\Downloads\9A179A2BB5016A3B412DE4E4543BCC7BA3467E59.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 06:33 - 2014-01-25 08:58 - 00000000 ____D C:\Users\NATHAN\AppData\Roaming\uTorrent
2015-07-05 06:25 - 2014-02-07 00:46 - 02001997 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-05 06:21 - 2015-01-17 13:06 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001UA.job
2015-07-05 06:06 - 2014-01-22 08:18 - 00000000 ____D C:\ProgramData\MFAData
2015-07-05 06:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-05 05:55 - 2014-01-22 08:03 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 05:55 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 05:52 - 2014-09-09 05:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-05 05:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-05 05:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-05 00:55 - 2014-01-22 08:03 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-04 23:04 - 2015-05-08 12:28 - 00000000 ____D C:\Users\NATHAN\Downloads\Home 2015 Full Movie TELESYNC x264 - CPG
2015-07-04 23:04 - 2015-04-24 05:45 - 00000000 ____D C:\Users\NATHAN\Downloads\Dive.Olly.Dive.and.the.Pirate.Treasure.2014.1080p.WEBRip.AC3.x264-[ETRG]
2015-07-04 23:04 - 2015-04-19 03:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Interstellar 2014 IMAX BluRay 1080p AVC DTS-HD MA 5.1 x264-MgB [ETRG]
2015-07-04 23:04 - 2015-04-05 11:30 - 00000000 ____D C:\Users\NATHAN\Downloads\HOME 2015 HQTS LAT MKV AC3 MURD3R
2015-07-04 23:04 - 2015-03-19 22:00 - 00000000 ____D C:\Users\NATHAN\Downloads\Extraterrestrial.2014.BRRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2015-02-15 17:59 - 00000000 ____D C:\Users\NATHAN\Downloads\I.Am.Here.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2015-01-25 23:32 - 00000000 ____D C:\Users\NATHAN\Downloads\Bones S10E10 HDTV XviD-FUM[ettv]
2015-07-04 23:04 - 2015-01-25 23:15 - 00000000 ____D C:\Users\NATHAN\Downloads\Bones.S10E09.HDTV.x264-KILLERS[ettv]
2015-07-04 23:04 - 2015-01-25 10:31 - 00000000 ____D C:\Users\NATHAN\Downloads\Bones.S10E08.HDTV.x264-KILLERS[ettv]
2015-07-04 23:04 - 2014-12-26 15:22 - 00000000 ____D C:\Users\NATHAN\Downloads\Downton.Abbey.S01.Season.1.COMPLETE.BDRip.XviD-HAGGiS
2015-07-04 23:04 - 2014-12-14 08:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Field.of.Lost.Shoes.2014.HDRip
2015-07-04 23:04 - 2014-11-08 08:55 - 00000000 ____D C:\Users\NATHAN\Downloads\Dracula.Untold.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-10-26 11:51 - 00000000 ____D C:\Users\NATHAN\Downloads\Exists.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-10-04 15:34 - 00000000 ____D C:\Users\NATHAN\Downloads\Horns.2013.HDRip.XViD.AC3-juggs[ETRG]
2015-07-04 23:04 - 2014-10-02 08:54 - 00000000 ____D C:\Users\NATHAN\Downloads\Dolphin.Tale 2.2014.HC.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-10-02 08:21 - 00000000 ____D C:\Users\NATHAN\Downloads\Dolphin Tale[2011]DVDRip XviD-ExtraTorrentRG
2015-07-04 23:04 - 2014-09-25 06:20 - 00000000 ____D C:\Users\NATHAN\Downloads\Cold.in.July.2014.BRRip.XviD-SaM[ETRG]
2015-07-04 23:04 - 2014-09-19 18:12 - 00000000 ____D C:\Users\NATHAN\Downloads\Dead.Within.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-09-19 06:23 - 00000000 ____D C:\Users\NATHAN\Downloads\Deliverance.Creek.2014.HDRip.XviD-SaM[ETRG]
2015-07-04 23:04 - 2014-09-13 08:05 - 00000000 ____D C:\Users\NATHAN\Downloads\Honeymoon.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-09-10 07:03 - 00000000 ____D C:\Users\NATHAN\Downloads\Falcon.Rising.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-09-02 06:42 - 00000000 ____D C:\Users\NATHAN\Downloads\Edge.of.Tomorrow.2014.HC.HDRip.XViD.AC3-juggs[ETRG]
2015-07-04 23:04 - 2014-08-27 07:26 - 00000000 ____D C:\Users\NATHAN\Downloads\Hunting the Legend 2014 WEBRip XViD-RR
2015-07-04 23:04 - 2014-08-22 05:06 - 00000000 ____D C:\Users\NATHAN\Downloads\Draft.Day.2014.BRRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-08-17 08:13 - 00000000 ____D C:\Users\NATHAN\Downloads\Coldwater.2013.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-08-13 08:06 - 00000000 ____D C:\Users\NATHAN\Downloads\Crawl.or.Die.2014.HDRip.XViD-juggs[ETRG]
2015-07-04 23:04 - 2014-08-04 08:30 - 00000000 ____D C:\Users\NATHAN\Downloads\Final Destination 1, 2, 3, 4, 5 - Pentalogy Horror Eng [H264-mp4]
2015-07-04 23:04 - 2014-07-26 10:40 - 00000000 ____D C:\Users\NATHAN\Downloads\Dawn.Of.The.Planet.Of.The.Apes.2014.TS.x264.AAC-SPRG
2015-07-04 23:04 - 2014-06-21 17:23 - 00000000 ____D C:\Users\NATHAN\Downloads\In.The.Blood.2014.720p.BDRip.x264.AAC-WiNTeaM
2015-07-04 23:04 - 2014-06-20 11:28 - 00000000 ____D C:\Users\NATHAN\Downloads\Homefront 2013 DVDRip Xvid AC3 LKRG
2015-07-04 23:04 - 2014-05-04 13:08 - 00000000 ____D C:\Users\NATHAN\Downloads\Enemy [2013] HDRip XViD juggs[ETRG]
2015-07-04 23:04 - 2014-05-04 10:36 - 00000000 ____D C:\Users\NATHAN\Downloads\Favor [2013] HDRip XViD juggs[ETRG]
2015-07-04 23:02 - 2015-05-17 04:47 - 00000000 ____D C:\Users\NATHAN\Downloads\Bates.Motel.S03E06.HDTV.x264-KILLERS[ettv]
2015-07-04 23:02 - 2015-05-09 19:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Bates.Motel.S03E03.HDTV.x264-KILLERS[ettv]
2015-07-04 23:02 - 2015-05-09 19:21 - 00000000 ____D C:\Users\NATHAN\Downloads\Bates.Motel.S03E02.HDTV.x264-KILLERS[ettv]
2015-07-04 17:03 - 2013-03-29 18:13 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-07-04 17:02 - 2014-03-06 13:39 - 00003166 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNATHAN
2015-07-04 17:02 - 2014-03-06 13:39 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNATHAN.job
2015-07-04 17:02 - 2014-01-25 07:58 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-04 16:43 - 2014-01-26 16:51 - 00000000 ___RD C:\Users\NATHAN\Google Drive
2015-07-04 16:42 - 2014-02-07 06:01 - 00000000 __RDO C:\Users\NATHAN\SkyDrive
2015-07-04 16:40 - 2015-03-06 18:48 - 00006341 _____ C:\WINDOWS\setupact.log
2015-07-04 16:40 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-04 16:40 - 2012-09-26 11:53 - 00000950 _____ C:\WINDOWS\SysWOW64\bscs.ini
2015-07-04 16:39 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-04 16:27 - 2014-01-22 07:57 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{199145D4-4535-4E84-BC0D-E79657F78E64}
2015-07-04 11:21 - 2015-01-17 13:05 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001Core.job
2015-07-03 07:34 - 2014-01-22 08:05 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1581858979-3581953092-217864043-1001
2015-07-03 04:58 - 2014-04-11 18:52 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 04:37 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-01 17:58 - 2014-10-29 08:01 - 00000000 ____D C:\Users\NATHAN\Downloads\Into.the.Storm.2014.HDRip.XviD-SaM[ETRG]
2015-07-01 17:58 - 2014-08-19 07:38 - 00000000 ____D C:\Users\NATHAN\Downloads\Jarhead.2.Field.of.Fire.2014.BRRip.XViD.AC3-SaM[ETRG]
2015-07-01 17:58 - 2014-06-20 13:46 - 00000000 ____D C:\Users\NATHAN\Downloads\Joy.Ride.3.2014.HDRip.XViD.-juggs[ETRG]
2015-07-01 17:58 - 2014-02-24 07:57 - 00000000 ____D C:\Users\NATHAN\Downloads\Jailbait.2013 HDRip XViD juggs
2015-07-01 17:58 - 2014-01-31 08:36 - 00000000 ____D C:\Users\NATHAN\Downloads\Jackass.Presents.Bad.Grandpa.2013.Unrated.BDRip.XviD.AC3-WAR
2015-07-01 17:55 - 2014-05-17 11:04 - 00000000 ____D C:\Users\NATHAN\Downloads\10 Rules
2015-06-29 06:51 - 2014-07-08 07:42 - 00000000 ____D C:\Users\NATHAN\Downloads\Heatstroke.2013.HDRip.XViD.juggs[ETRG]
2015-06-29 06:51 - 2014-06-20 12:44 - 00000000 ____D C:\Users\NATHAN\Downloads\Hellion.2014.HDRip.X264
2015-06-29 06:50 - 2014-12-13 17:55 - 00000000 ____D C:\Users\NATHAN\Downloads\Gone.Girl.2014.HDRip.XviD-SaM[ETRG]
2015-06-29 06:50 - 2014-09-27 05:59 - 00000000 ____D C:\Users\NATHAN\Downloads\Good.People.2014.HDRip.XViD-juggs[ETRG]
2015-06-29 06:50 - 2014-09-06 06:22 - 00000000 ____D C:\Users\NATHAN\Downloads\Fort.Bliss.2014.DVDRip.XviD.AC3-juggs[ETRG]
2015-06-29 06:50 - 2014-09-03 06:44 - 00000000 ____D C:\Users\NATHAN\Downloads\Find.Me.2014.HDRip.XViD-juggs[ETRG]
2015-06-29 06:50 - 2014-08-22 05:58 - 00000000 ____D C:\Users\NATHAN\Downloads\Godzilla (2014)
2015-06-29 06:50 - 2014-08-10 09:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Frontera.2014.720p.WEB-DL.x264[ETRG]
2015-06-29 06:50 - 2014-08-04 07:32 - 00000000 ____D C:\Users\NATHAN\Downloads\Final Destination 5[2011]BRRip XviD-ExtraTorrentRG
2015-06-29 06:50 - 2014-06-15 15:06 - 00000000 ____D C:\Users\NATHAN\Downloads\Godzilla (2014) 720p HDTS LiNE x264 AAC-CPG
2015-06-29 06:46 - 2015-03-21 22:00 - 00000000 ____D C:\Users\NATHAN\Downloads\Backcountry.2014.HDRip.XViD-juggs[ETRG]
2015-06-29 06:46 - 2015-02-24 19:57 - 00000000 ____D C:\Users\NATHAN\Downloads\Better.Call.Saul.S01E04.HDTV.x264-LOL[ettv]
2015-06-29 06:46 - 2014-11-16 10:17 - 00000000 ____D C:\Users\NATHAN\Downloads\Before I Go to Sleep 2014 HDRip
2015-06-29 06:46 - 2014-10-18 12:12 - 00000000 ____D C:\Users\NATHAN\Downloads\Annabelle.2014.HC.HDRip.XViD.AC3-juggs[ETRG]
2015-06-29 06:46 - 2014-10-16 06:44 - 00000000 ____D C:\Users\NATHAN\Downloads\Another.Me.2013.HDRip.XViD-juggs[ETRG]
2015-06-29 06:46 - 2014-09-09 06:43 - 00000000 ____D C:\Users\NATHAN\Downloads\Bermuda.Tentacles.2014.480p.BRRip.XviD.AC3-EVO
2015-06-29 06:46 - 2014-08-13 07:19 - 00000000 ____D C:\Users\NATHAN\Downloads\Blended.2014.HDRip.XviD-SaM[ETRG]
2015-06-29 06:46 - 2014-08-10 07:40 - 00000000 ____D C:\Users\NATHAN\Downloads\At.the.Devil's.Door.2014.HDRip.XViD-juggs[ETRG]
2015-06-29 06:46 - 2014-08-03 10:29 - 00000000 ____D C:\Users\NATHAN\Downloads\Black Sails Season 1 Complete 480p x264 AAC [GWC]
2015-06-29 06:46 - 2014-07-01 07:47 - 00000000 ____D C:\Users\NATHAN\Downloads\Beneath.2013.HDRip.XViD.juggs[ETRG]
2015-06-29 06:46 - 2014-06-21 16:01 - 00000000 ____D C:\Users\NATHAN\Downloads\Bad.Neighbours.2014.HC.WEBRip.XViD-juggs[ETRG]
2015-06-29 06:46 - 2014-06-20 09:45 - 00000000 ____D C:\Users\NATHAN\Downloads\Bad.Country.2013.DVDRip.Xvid.AC3-MYSELF
2015-06-29 06:46 - 2014-06-18 05:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Animal.2014.UNRATED.HDRip.XViD-juggs[ETRG]
2015-06-29 06:46 - 2014-04-06 11:26 - 00000000 ____D C:\Users\NATHAN\Downloads\Beauty and the Beast 1991 BluRay 720p DD MULTi x264-MarGe
2015-06-29 06:46 - 2014-01-25 11:50 - 00000000 ____D C:\Users\NATHAN\Downloads\Black.Water.Vampire.2014.UNRATED.HDRiP.XViD.AC3-FiRE
2015-06-29 06:45 - 2015-05-22 08:46 - 00017128 ____H C:\Users\NATHAN\Downloads\101.Dalmations(1961)H264.ENGLISH.DVDRip.Rza.AVI.mta
2015-06-29 06:45 - 2015-01-11 14:10 - 00000000 ____D C:\Users\NATHAN\Downloads\American.Sniper.2014.DVDSCR.XviD.AC3-EVO
2015-06-29 06:45 - 2014-11-15 14:22 - 00000000 ____D C:\Users\NATHAN\Downloads\Alpha and Omega The Legend of the Saw Tooth Cave 2014 DVDRip
2015-06-29 06:45 - 2014-10-23 09:38 - 00000000 ____D C:\Users\NATHAN\Downloads\A.Most.Wanted.Man.2014.BRRip.XViD-juggs[ETRG]
2015-06-29 06:45 - 2014-10-18 06:22 - 00000000 ____D C:\Users\NATHAN\Downloads\36.Saints.2013.HDRip.XViD-juggs[ETRG]
2015-06-29 06:45 - 2014-10-02 06:39 - 00000000 ____D C:\Users\NATHAN\Downloads\A.Walk.Among.the.Tombstones.2014.HC.HDRip.XViD-juggs[ETRG]
2015-06-29 06:45 - 2014-09-27 04:56 - 00000000 ____D C:\Users\NATHAN\Downloads\22.Jump.Street.2014.HDRip.XviD-SaM[ETRG]
2015-06-29 06:45 - 2014-09-09 06:11 - 00000000 ____D C:\Users\NATHAN\Downloads\7500.2014.BRRip.XViD-juggs[ETRG]
2015-06-29 06:45 - 2014-08-30 09:33 - 00000000 ____D C:\Users\NATHAN\Downloads\A.Good.Man.2014.DVDRip.XViD-juggs[ETRG]
2015-06-29 06:45 - 2014-08-23 14:33 - 00000000 ____D C:\Users\NATHAN\Downloads\A Turtles Tale Sammys Adventure 2010 BluRay 720p DTS x264-MgB [ETRG]
2015-06-29 06:45 - 2014-07-14 09:50 - 00000000 ____D C:\Users\NATHAN\Downloads\All.Cheerleaders.Die.2013.HDRip.XViD.juggs[ETRG]
2015-06-29 06:45 - 2014-07-05 14:45 - 00000000 ____D C:\Users\NATHAN\Downloads\Afternoon.Delight.2013.1080p.BluRay.AAC.x264-tomcat12[ETRG]
2015-06-29 06:45 - 2014-06-15 12:51 - 00000000 ____D C:\Users\NATHAN\Downloads\A Million Ways To Die In The West 2014 WEBRip HC XVID AC3 ACAB
2015-06-29 06:45 - 2014-05-17 07:03 - 00000000 ____D C:\Users\NATHAN\Downloads\A Night in Old Mexico 2013 HDRip
2015-06-28 13:06 - 2014-02-08 16:35 - 00000000 ____D C:\Users\NATHAN\AppData\Roaming\vlc
2015-06-28 07:34 - 2014-02-07 00:37 - 00000000 ____D C:\Users\NATHAN
2015-06-28 07:29 - 2015-03-13 06:13 - 00011692 _____ C:\WINDOWS\PFRO.log
2015-06-26 05:23 - 2014-04-11 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-26 05:23 - 2014-04-11 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-26 05:23 - 2014-03-10 07:50 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-26 05:15 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-25 09:12 - 2014-03-31 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-25 09:12 - 2014-01-22 08:23 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-06-23 11:53 - 2014-09-09 05:42 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-23 00:05 - 2014-01-22 08:06 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 14:59 - 2014-10-17 21:31 - 00000000 ____D C:\Users\NATHAN\Downloads\Password Depot Professional 7.6.0 + Reg
2015-06-19 22:02 - 2014-11-16 18:34 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2014-11-16 18:34 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2014-04-11 18:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-04-11 18:52 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-03-10 07:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-12 18:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-12 16:10 - 2013-08-22 09:44 - 00351976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-12 16:06 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-12 16:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 07:33 - 2014-01-25 09:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 07:27 - 2014-01-25 09:27 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 06:00 - 2015-04-15 02:10 - 00000000 ____D C:\Users\NATHAN\Downloads\[ www.Torrenting.com ] - Teen.Wolf.S03E01.720p.HDTV.x264-2HD
2015-06-08 06:00 - 2014-10-15 04:51 - 00000000 ____D C:\Users\NATHAN\Downloads\Wrong.Turn.6.Last.Resort.2014.DVDRip.XviD-EVO
2015-06-08 06:00 - 2014-05-17 11:46 - 00000000 ____D C:\Users\NATHAN\Downloads\Winters.Tale.2014.DVDRip.XviD.AC3-EVO
2015-06-08 06:00 - 2014-04-21 08:09 - 00000000 ____D C:\Users\NATHAN\Downloads\Wolf.Creek.2.2013.HDRip.Xvid-DiNGO
2015-06-08 05:59 - 2014-11-08 10:02 - 00000000 ____D C:\Users\NATHAN\Downloads\Willow Creek (2013)
2015-06-08 05:59 - 2014-09-27 06:33 - 00000000 ____D C:\Users\NATHAN\Downloads\What.If.2013.HDRip.XviD-SaM[ETRG]
2015-06-08 05:59 - 2014-02-24 07:50 - 00000000 ____D C:\Users\NATHAN\Downloads\Wicked Blood [2014] BRRip XViD juggs[ETRG]
2015-06-08 05:58 - 2014-10-26 12:24 - 00000000 ____D C:\Users\NATHAN\Downloads\VHS.Viral.2014.HDRip.XViD-juggs[ETRG]
2015-06-08 05:58 - 2014-10-04 11:35 - 00000000 ____D C:\Users\NATHAN\Downloads\Werewolf Rising (2014) DVDRip XviD AC3 peaSoup
2015-06-08 05:58 - 2014-09-09 05:04 - 00000000 ____D C:\Users\NATHAN\Downloads\Wer.2013.HDRip.XViD-juggs[ETRG]
2015-06-08 05:58 - 2014-07-17 07:30 - 00000000 ____D C:\Users\NATHAN\Downloads\Veronica Mars The Movie [2014] BRRip XViD[AC3]juggs[ETRG]
2015-06-08 05:58 - 2014-05-17 13:22 - 00000000 ____D C:\Users\NATHAN\Downloads\Walk Of Shame [2014] HDRip XViD juggs[ETRG]
2015-06-07 10:57 - 2015-02-26 20:31 - 00000000 ____D C:\Users\NATHAN\Downloads\Tinker Bell and the Legend of the NeverBeast 2014 BluRay 720p DTS x264-MgB [ETRG]
2015-06-07 10:57 - 2014-10-16 06:11 - 00000000 ____D C:\Users\NATHAN\Downloads\Treehouse.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:57 - 2014-08-13 08:59 - 00000000 ____D C:\Users\NATHAN\Downloads\Toy Story of Terror 2013 BluRay 1080p DTS-HD MA 7.1 x264-MgB [ETRG]
2015-06-07 10:57 - 2014-07-01 09:19 - 00000000 ____D C:\Users\NATHAN\Downloads\Under.the.Skin.2013.HDRip.XViD.juggs[ETRG]
2015-06-07 10:23 - 2015-05-22 08:55 - 00017052 ____H C:\Users\NATHAN\Downloads\The.Strain.S01E01.HDTV.x264-2HD.MP4.mta
2015-06-07 10:23 - 2015-05-22 08:55 - 00016988 ____H C:\Users\NATHAN\Downloads\The.Walking.Dead.S01E01.Days.Gone.Bye.HDTV.XviD-FQM.[VTV].AVI.mta
2015-06-07 10:23 - 2015-05-22 08:55 - 00015887 ____H C:\Users\NATHAN\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.MP4.mta
2015-06-07 10:23 - 2015-05-22 08:55 - 00015875 ____H C:\Users\NATHAN\Downloads\The.Strain.S01E05.PROPER.HDTV.x264-2HD.MP4.mta
2015-06-07 10:23 - 2015-05-22 08:55 - 00015383 ____H C:\Users\NATHAN\Downloads\The.Strain.S01E06.HDTV.x264-2HD.MP4.mta
2015-06-07 10:23 - 2015-05-22 08:55 - 00014051 ____H C:\Users\NATHAN\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.MP4.mta
2015-06-07 10:23 - 2015-04-05 08:11 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Dead.Lands.2014.BRRip.XviD.AC3-EVO
2015-06-07 10:23 - 2015-03-21 07:07 - 00000000 ____D C:\Users\NATHAN\Downloads\The.7th.Dwarf.2014.HDRip.XviD.AC3-EVO
2015-06-07 10:23 - 2014-12-14 09:39 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Equalizer.2014.BRRip.XviD-SaM[ETRG]
2015-06-07 10:23 - 2014-11-16 10:41 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Guest.2014.HDRip.XviD.AC3-EVO
2015-06-07 10:23 - 2014-10-19 15:48 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Town.That.Dreaded.Sundown.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-10-18 07:17 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Anomaly.2014.DVDRip.XviD-EVO
2015-06-07 10:23 - 2014-10-15 05:35 - 00000000 ____D C:\Users\NATHAN\Downloads\Throwdown.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-10-13 06:46 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Canal.2014.HDRip.x264-juggs[ETRG]
2015-06-07 10:23 - 2014-09-27 05:28 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Homesman.2014.BRRip.XviD-SaM[ETRG]
2015-06-07 10:23 - 2014-09-25 07:57 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Hunted.2013.720p.WEB-DL.x264[ETRG]
2015-06-07 10:23 - 2014-09-13 08:41 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Giver.2014.REPACK.HDRip.XviD-SaM[ETRG]
2015-06-07 10:23 - 2014-09-10 05:43 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Signal.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-09-09 18:38 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Pact.2.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-09-09 17:57 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Hornet's.Nest.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-08-30 06:32 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Longest.Week.2014.HDRip.XviD.AC3-EVO
2015-06-07 10:23 - 2014-08-10 07:51 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Maid's.Room.2013.HDRip.XViD-juggs[ETRG]
2015-06-07 10:23 - 2014-08-03 12:44 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Final.Destination.2009.BRRip.XviD-SaM[ETRG]
2015-06-07 10:23 - 2014-07-14 09:03 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Surrogate.2013.DVDRip.XviD-SaM[ETRG]
2015-06-07 10:23 - 2014-07-04 12:16 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Other.Woman.2014
2015-06-07 10:23 - 2014-06-27 08:00 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Addicted.2013.HDRip.XViD.juggs[ETRG]
2015-06-07 10:23 - 2014-06-20 08:00 - 00000000 ____D C:\Users\NATHAN\Downloads\The Wrong House 2009 DVDrip Xvid AC3 LKRG
2015-06-07 10:23 - 2014-04-11 06:33 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Walking.Dead.S04.Season.4.COMPLETE.1080p.WEB-DL.H264-PublicHD
2015-06-07 10:23 - 2014-03-23 16:32 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Pirate.Fairy.2014.720p.BRRip.x264.AAC-WiNTeaM
2015-06-07 10:23 - 2014-02-27 07:56 - 00000000 ____D C:\Users\NATHAN\Downloads\The.Perfect.House.UNCUT.2013.BDRiP.x264-LiViDiTY
2015-06-07 10:22 - 2015-02-26 23:24 - 00000000 ____D C:\Users\NATHAN\Downloads\The Frozen Ground (2013)
2015-06-07 10:22 - 2014-12-14 18:58 - 00000000 ____D C:\Users\NATHAN\Downloads\The Retrieval 2013 HDRip
2015-06-07 10:22 - 2014-08-30 07:59 - 00000000 ____D C:\Users\NATHAN\Downloads\The Wizard of Oz 1939 DVDRip XviD AC3 [PDU - ENCODE]
2015-06-07 10:22 - 2014-08-30 05:19 - 00000000 ____D C:\Users\NATHAN\Downloads\The Possession of Michael King 2014 WEBRip XvID-RR
2015-06-07 10:22 - 2014-07-12 11:32 - 00000000 ____D C:\Users\NATHAN\Downloads\The Vampire Diaries Season 1 2009-10 by vladtepes3176
2015-06-07 10:22 - 2014-05-16 07:12 - 00000000 ____D C:\Users\NATHAN\Downloads\The Mummy Resurrected 2014 DVDRip x264 AC3-MiLLENiUM
2015-06-07 10:22 - 2014-04-06 11:24 - 00000000 ____D C:\Users\NATHAN\Downloads\The Lion King BDRip 720p TRNC English,Español,French Audio
2015-06-07 10:22 - 2014-03-23 16:32 - 00000000 ____D C:\Users\NATHAN\Downloads\The Wolf of Wall Street [2013] 1080p BluRay AAC x264-tomcat12[ETRG]
2015-06-07 10:21 - 2015-05-22 08:54 - 00016276 ____H C:\Users\NATHAN\Downloads\The Flight Before Christmas (2008).AVI.mta
2015-06-07 10:21 - 2015-05-22 08:54 - 00014447 ____H C:\Users\NATHAN\Downloads\Teen.Wolf.S03E00.HDTV.x264-EVOLVE.MP4.mta
2015-06-07 10:21 - 2015-05-22 08:53 - 00017980 ____H C:\Users\NATHAN\Downloads\Sons.of.Anarchy.S07E02.HDTV.x264-2HD.MP4.mta
2015-06-07 10:21 - 2015-05-05 00:40 - 00000000 ____D C:\Users\NATHAN\Downloads\Teen Wolf  4
2015-06-07 10:21 - 2015-05-04 22:00 - 00000000 ____D C:\Users\NATHAN\Downloads\Teen Wolf S03 Complete 480p WEB-DL x264-EncodeKing
2015-06-07 10:21 - 2015-04-15 22:20 - 00000000 ____D C:\Users\NATHAN\Downloads\Teen Wolf S03E02 HDTV NL Subs DutchReleaseTeam
2015-06-07 10:21 - 2015-04-15 00:47 - 00000000 ____D C:\Users\NATHAN\Downloads\TEEN WOLF S02 480p 150mb MrLss
2015-06-07 10:21 - 2015-04-14 19:04 - 00000000 ____D C:\Users\NATHAN\Downloads\Teen Wolf Season 1
2015-06-07 10:21 - 2014-12-11 06:10 - 00000000 ____D C:\Users\NATHAN\Downloads\Sons of Anarchy S07E13 WEB-DL XviD-FUM[ettv]
2015-06-07 10:21 - 2014-12-06 09:09 - 00000000 ____D C:\Users\NATHAN\Downloads\Sons of Anarchy S07
2015-06-07 10:21 - 2014-11-16 07:07 - 00000000 ____D C:\Users\NATHAN\Downloads\St.Vincent.2014.HDRip.XViD.AC3-GLY
2015-06-07 10:21 - 2014-10-05 13:48 - 00000000 ____D C:\Users\NATHAN\Downloads\Stalker S01E01 HDTV x264-LOL[ettv]
2015-06-07 10:21 - 2014-08-23 10:51 - 00000000 ____D C:\Users\NATHAN\Downloads\Tangled 2010 BluRay 720p DTS x264-MgB [ETRG]
2015-06-07 10:21 - 2014-07-14 06:53 - 00000000 ____D C:\Users\NATHAN\Downloads\Survivor 2014 BRRip x264 AC3-MiLLENiUM
2015-06-07 10:21 - 2014-06-21 20:29 - 00000000 ____D C:\Users\NATHAN\Downloads\Swelter.2014.BRRip.480p.x264.AAC-VYTO
2015-06-07 10:21 - 2014-06-20 15:23 - 00000000 ____D C:\Users\NATHAN\Downloads\The Amazing SpiderMan 2 (2014) 720p HDTS LiNE Audio x263 AC3-CPG
2015-06-07 10:21 - 2014-06-20 14:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Stripped.2012.BRRip.XViD-juggs[ETRG]
2015-06-07 10:21 - 2014-03-24 18:22 - 00000000 ____D C:\Users\NATHAN\Downloads\Sons Of Anarchy Season 2 480p.BDRip.XviD.AC3-ELiTE[Pawulon]
2015-06-07 10:20 - 2014-11-02 09:40 - 00000000 ____D C:\Users\NATHAN\Downloads\Rush US S01E06 HDTV x264-2HD[ettv]
2015-06-07 10:20 - 2014-10-09 06:56 - 00000000 ____D C:\Users\NATHAN\Downloads\See.No.Evil.2.2014.BRRip.XViD-juggs[ETRG]
2015-06-07 10:20 - 2014-10-05 06:31 - 00000000 ____D C:\Users\NATHAN\Downloads\Sex.Tape.2014.BRRip.XViD-juggs[ETRG]
2015-06-07 10:20 - 2014-09-19 04:52 - 00000000 ____D C:\Users\NATHAN\Downloads\Satisfaction US S01E10 HDTV x264-LOL[ettv]
2015-06-07 10:20 - 2014-09-13 05:45 - 00000000 ____D C:\Users\NATHAN\Downloads\SATISFACTION
2015-06-07 10:20 - 2014-09-03 07:28 - 00000000 ____D C:\Users\NATHAN\Downloads\Rob.the.Mob.2014.LIMITED.BRRip.XviD-SaM[ETRG]
2015-06-07 10:20 - 2014-08-23 07:39 - 00000000 ____D C:\Users\NATHAN\Downloads\Scream Park 2012 DVDrip Xvid LKRG
2015-06-07 10:20 - 2014-07-01 08:30 - 00000000 ____D C:\Users\NATHAN\Downloads\Perfect Sisters.2014.DVDRip.XViD.juggs[ETRG]
2015-06-07 10:20 - 2014-05-20 05:39 - 00000000 ____D C:\Users\NATHAN\Downloads\Rio 2 2014 HDTS x264 AC3-MiLLENiUM
2015-06-07 10:20 - 2014-04-29 07:40 - 00000000 ____D C:\Users\NATHAN\Downloads\RoboCop [2014] HDRip XviD-SaM[ETRG]
2015-06-07 10:18 - 2015-05-22 08:51 - 00020028 ____H C:\Users\NATHAN\Downloads\Mia and Me S01E26 End of an Era.MP4.mta
2015-06-07 10:18 - 2015-05-22 08:51 - 00016984 ____H C:\Users\NATHAN\Downloads\Mia and Me S01E21 Against the Wind.MP4.mta
2015-06-07 10:18 - 2015-05-22 08:51 - 00015339 ____H C:\Users\NATHAN\Downloads\MOL027.3GP.mta
2015-06-07 10:18 - 2015-05-22 08:51 - 00015051 ____H C:\Users\NATHAN\Downloads\MOL027_1.AVI.mta
2015-06-07 10:18 - 2015-05-22 08:51 - 00013471 ____H C:\Users\NATHAN\Downloads\MOL027.AVI.mta
2015-06-07 10:18 - 2015-01-15 20:24 - 00000000 ____D C:\Users\NATHAN\Downloads\Mia.and.Me.S01E02.Centopia's.Hope.720p.WEB-DL.AAC2.0.H.264-CtrlHD [PublicHD]
2015-06-07 10:18 - 2014-10-02 07:49 - 00000000 ____D C:\Users\NATHAN\Downloads\Not.Cool.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:18 - 2014-08-22 07:01 - 00000000 ____D C:\Users\NATHAN\Downloads\Night.Moves.2013.BRRip.XViD.AC3-juggs[ETRG]
2015-06-07 10:18 - 2014-07-05 10:01 - 00000000 ____D C:\Users\NATHAN\Downloads\Noah (2014) DVDRip XviD-MAXSPEED
2015-06-07 10:18 - 2014-07-05 05:09 - 00000000 ____D C:\Users\NATHAN\Downloads\Longmire Season 2 HDTV.XviD[Multi.Subs][Pawulon]
2015-06-07 10:18 - 2014-05-20 09:06 - 00000000 ____D C:\Users\NATHAN\Downloads\Not Safe for Work[2014] DVDRip XViD juggs[ETRG]
2015-06-07 10:17 - 2015-05-22 08:50 - 00017919 ____H C:\Users\NATHAN\Downloads\Justified.S06E05.HDTV.x264-LOL.MP4.mta
2015-06-07 10:17 - 2015-05-22 08:50 - 00017139 ____H C:\Users\NATHAN\Downloads\Justified.S06E06.HDTV.x264-LOL.MP4.mta
2015-06-07 10:17 - 2015-05-22 08:50 - 00015175 ____H C:\Users\NATHAN\Downloads\Justified.S06E02.HDTV.x264-KILLERS.MP4.mta
2015-06-07 10:17 - 2014-11-23 14:58 - 00000000 ____D C:\Users\NATHAN\Downloads\Late.Phases.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:17 - 2014-10-23 04:53 - 00000000 ____D C:\Users\NATHAN\Downloads\Left.Behind.2014.HDRip.XviD.AC3-EVO
2015-06-07 10:17 - 2014-09-15 07:13 - 00000000 ____D C:\Users\NATHAN\Downloads\Kite 2014 WEBRip 480p XVID.AC3 ACAB
2015-06-07 10:17 - 2014-09-10 06:16 - 00000000 ____D C:\Users\NATHAN\Downloads\KITE 2014 HD.Rip
2015-06-07 10:17 - 2014-08-26 05:33 - 00000000 ____D C:\Users\NATHAN\Downloads\Leprechaun.Origins.2014.HDRip.XViD-juggs[ETRG]
2015-06-07 10:17 - 2014-08-09 07:55 - 00000000 ____D C:\Users\NATHAN\Downloads\Legends.Of.Oz.Dorothys.Return.2013.BluRay.1080p.AAC.x264-tomcat12[ETRG]
2015-06-07 10:17 - 2014-06-20 08:52 - 00000000 ____D C:\Users\NATHAN\Downloads\Kid Cannabis (2014)
2015-06-07 10:05 - 2014-12-12 07:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-07 10:05 - 2014-07-19 10:41 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-05 23:58 - 2014-01-26 16:48 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-05 23:58 - 2014-01-26 16:48 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-05 23:58 - 2014-01-26 16:48 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-05 23:58 - 2014-01-26 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2014-12-29 21:38 - 2014-12-29 21:39 - 0000096 _____ () C:\Users\NATHAN\AppData\Roaming\LauncherSettings_live.cfg
2014-11-21 11:13 - 2014-11-21 11:13 - 0000480 ____H () C:\Users\NATHAN\AppData\Roaming\麽鎒駓覜
2015-05-24 10:25 - 2015-05-24 10:25 - 0005632 _____ () C:\Users\NATHAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-03 19:57 - 2014-03-03 19:57 - 0000017 _____ () C:\Users\NATHAN\AppData\Local\resmon.resmoncfg
2014-11-21 11:13 - 2014-12-18 06:34 - 0000000 _____ () C:\ProgramData\@system.temp
2014-11-21 11:13 - 2014-11-21 11:13 - 0000288 ____H () C:\ProgramData\@system3.att
2015-07-04 16:40 - 2015-07-04 16:40 - 0000000 ____H () C:\ProgramData\cm-lock
2014-02-02 10:28 - 2014-02-02 10:38 - 0000856 _____ () C:\ProgramData\hpzinstall.log
2014-01-22 07:57 - 2014-01-22 07:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 17:03
 
==================== End of log ============================


Edited by hamluis, 06 July 2015 - 08:38 AM.
Moved from AII to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 06 July 2015 - 06:34 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by NATHAN at 2015-07-04 18:10:49
Running from C:\Users\NATHAN\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1581858979-3581953092-217864043-500 - Administrator - Disabled)
Guest (S-1-5-21-1581858979-3581953092-217864043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1581858979-3581953092-217864043-1005 - Limited - Enabled)
NATHAN (S-1-5-21-1581858979-3581953092-217864043-1001 - Administrator - Enabled) => C:\Users\NATHAN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2014 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{425D8EBC-EDEE-A047-63BA-F02A2D3D531E}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4813 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4813 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
AVI DVD Burner v6.6.0.117 (HKLM-x32\...\AVI DVD Burner_is1) (Version:  - AviDvdBurner.com Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser Extensions (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8 - Spigot, Inc.) <==== ATTENTION
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ChromecastApp (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
CIMCO Software V7 (HKLM-x32\...\CIMCO Software V7) (Version: 7.00.26 - CIMCO A/S)
CodeMeter Runtime Kit v4.50b (HKLM\...\{CC6C8E0B-51BC-40EF-856D-7172AEC4E60D}) (Version: 4.50.901.502 - WIBU-SYSTEMS AG)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
estamp_exe (HKLM\...\{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Free AVI Video Converter version 5.0.36.319 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.36.319 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8500 A909 Series (HKLM\...\{49C2B7C1-A4E7-4770-8E30-255795AD4712}) (Version: 14.0 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infinite HD™ App (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Korloy TM CNC Generator Version 12.0.1 (HKLM-x32\...\Korloy TM CNC Generator Version 12.0.1_is1) (Version:  - Vargus LTD.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mastercam X5 (HKLM-x32\...\InstallShield_{9910A499-33A8-4EF3-925F-726F2E16ED9E}) (Version: 14.0.4.33 - CNC Software, Inc.)
Mastercam X5 (x32 Version: 14.0.4.33 - CNC Software, Inc.) Hidden
Mastercam X8 (HKLM-x32\...\Mastercam X8) (Version: 17.0.14947.0 - CNC Software, Inc.)
Mastercam X8 (Version: 17.0.14947.0 - CNC Software, Inc.) Hidden
Mastercam X8 Art (Version: 17.0.14947.0 - CNC Software, Inc.) Hidden
Mastercam X8 Catia Translator (Version: 17.0.14947.0 - CNC Software, Inc.) Hidden
Mastercam X8 Sample Files (Version: 17.0.14947.0 - CNC Software, Inc.) Hidden
Mastercam X8 Wire Power (Version: 17.0.14947.0 - CNC Software, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monopoly by Parker Brothers (HKLM-x32\...\Monopoly by Parker Brothers) (Version: 1.0.406.0 - GameHouse, Inc.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
NASCAR The Game 2013 (HKLM-x32\...\{859F1EE7-D931-4FBB-AFE9-8A226AB5881D}_is1) (Version:  - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Password Depot 7 (HKLM-x32\...\{500F4898-C705-4B91-9C98-3D125330A022}_is1) (Version: 7.6.0 - AceBIT GmbH)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD)
RAIDXpert (x32 Version: 3.3.1540.28 - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1503181422 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1503181422 - Copyright 2013 SAMSUNG)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Search Protection (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Search Protection) (Version: 11.2.0.2 - Spigot, Inc.) <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
System Requirements Lab Detection (HKLM-x32\...\{A9BF900F-B54C-4E18-BDA0-75E639443977}) (Version: 2.0.0.0 - Husdawg, LLC)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
theHunter Launcher (HKLM-x32\...\FBDFBE7F-2DB8-47E2-B88E-32F4A2A74AA8_is1) (Version: 736 - Expansive Worlds)
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.0.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
XBMC (HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1581858979-3581953092-217864043-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\NATHAN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1581858979-3581953092-217864043-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NATHAN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1581858979-3581953092-217864043-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NATHAN\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
10-06-2015 05:51:59 Windows Update
26-06-2015 05:13:23 Windows Update
03-07-2015 06:01:07 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-04-18 16:00 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F49B3E-E3EC-429C-B1DA-D1CD238A2631} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {04FF1186-D7AB-4F17-BEEE-675A2E32EFBF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {2194FA04-ABCF-457B-A483-A0556A8DC9C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001UA => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {35174C46-EFA0-4E34-8C1A-FDC9480FC1C8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1581858979-3581953092-217864043-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {3724A2EF-4830-41ED-8D8E-9A5F3C1DCD5D} - System32\Tasks\HPCeeScheduleForNATHAN => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3C6B0015-442A-41C2-8A8A-4F017881EBD0} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {3F5DBF15-FDB9-4469-B208-7321CE791D1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {40896E21-C9FA-4E02-8127-199123814601} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4BC04F81-0129-4CF5-A732-D4A94E68C285} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {4E26BD39-1D63-4C2B-8703-8DDE10F4B6C4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {5DAD87A3-3BE5-477E-B9D2-928C3110620A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {6ACCE140-405C-487D-B14F-1A734E6D360B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {6CF930C6-C0E7-4332-83BF-587525DF8D03} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {7513F788-C1E0-4B74-839B-BD825BCE099B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {83203536-5856-49DE-8F02-9CDF0FC27331} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001Core => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {87C58936-28F9-4EB8-99A9-7813B8EAA2C7} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {A8BE5E69-77DF-4459-AAEE-39945A11184B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {BDB61ADE-3F2C-41F6-AE27-875A63213AA4} - System32\Tasks\Google Updater and Installer => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {C90C8F93-15CA-4CBE-A0A6-EBA173AE472B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {CA7EF00D-6781-49DF-94C0-444374137688} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {D817C7F8-7386-4B86-8DBF-679B95ECACD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {DC08AF4F-A169-49FE-8F53-44666C58160D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {E07A8892-EF63-4F18-A9A9-DD9175A66CB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {E726B20E-CE65-40D8-BB16-A0FC3CB75562} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E96420EB-5219-4E60-9067-4C2E1ADBB9DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001Core.job => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581858979-3581953092-217864043-1001UA.job => C:\Users\NATHAN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNATHAN.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-14 05:26 - 2014-07-14 05:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00017160 _____ () C:\windows\system32\BsHelpCSps.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\windows\system32\BsTrace.dll
2014-03-09 14:28 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-02 09:58 - 2012-01-20 17:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00363784 _____ () C:\windows\system32\BsExtendFunc.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00062216 _____ () C:\windows\system32\BlueSoleilCSps.dll
2013-05-15 10:15 - 2013-05-15 10:15 - 00401408 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
2015-04-08 22:54 - 2015-04-08 22:54 - 01383192 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-12 19:22 - 2012-10-12 19:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 19:22 - 2012-10-12 19:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 19:22 - 2012-10-12 19:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-02-12 18:05 - 2013-02-12 18:05 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-02-12 18:05 - 2013-02-12 18:05 - 00028672 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-02-07 06:00 - 2014-02-07 06:00 - 00120224 _____ () C:\Users\NATHAN\AppData\Local\assembly\dl3\TEEJ4AZX.Q6D\EVO50BMN.CP2\345da0cb\008b7bc6_d8a8cd01\HPItunesModule.DLL
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2012-09-06 12:10 - 2012-09-06 12:10 - 00536576 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00017160 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00062216 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\windows\SYSTEM32\BsTrace.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 11420944 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\PCShowServer.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 00339216 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\ndsLogStore.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 03300112 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\DrmSingleton.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 02099992 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 08345872 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 00688920 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2015-04-08 22:54 - 2015-04-08 22:54 - 01403144 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\libxml2-2.dll
2015-04-08 22:55 - 2015-04-08 22:55 - 00091896 _____ () C:\Users\NATHAN\AppData\Local\DIRECTV Player\z.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00079624 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00363784 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-03-29 17:58 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-04 16:42 - 2015-07-04 16:42 - 00098816 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32api.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00110080 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\pywintypes27.dll
2015-07-04 16:42 - 2015-07-04 16:42 - 00364544 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\pythoncom27.dll
2015-07-04 16:42 - 2015-07-04 16:42 - 00045568 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_socket.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 01161216 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_ssl.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00320512 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32com.shell.shell.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00713216 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_hashlib.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 01175040 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._core_.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00805888 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._gdi_.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00811008 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._windows_.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 01062400 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._controls_.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00735232 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._misc_.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00682496 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\pysqlite2._sqlite.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00087552 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_ctypes.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00119808 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32file.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00108544 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32security.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00007168 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\hashobjs_ext.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00026624 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\usb_ext.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00167936 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32gui.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00018432 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32event.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00128512 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_elementtree.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00127488 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\pyexpat.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00013824 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\common.time34.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00036864 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_psutil_windows.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00038912 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32inet.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00011264 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32crypt.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00070656 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._html2.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00027136 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_multiprocessing.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00020480 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\_yappi.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00035840 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32process.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00686080 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\unicodedata.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00122368 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._wizard.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00024064 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32pipe.pyd
2015-07-04 16:42 - 2015-07-04 16:42 - 00010240 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\select.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00025600 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32pdh.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00525640 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\windows._lib_cacheinvalidation.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00017408 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32profile.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00022528 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\win32ts.pyd
2015-07-04 16:43 - 2015-07-04 16:43 - 00078336 _____ () C:\Users\NATHAN\AppData\Local\Temp\_MEI70562\wx._animate.pyd
2015-01-18 17:29 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-01-18 17:29 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-06-23 00:05 - 2015-06-20 00:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\NATHAN\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NATHAN\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AllShareAgent"
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\StartupApproved\Run: => "Google Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2AB7B2E1-3F50-475B-BB8A-29A1749E032D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{44879AF1-05AD-4335-BA46-1053458FD326}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{3801C912-A14F-40A7-9554-09D7C9142FBC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4559C4F7-C77F-4CDF-84B1-D00D6C526C3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7809E61A-CD42-4CD5-AF1C-7D9766D4A9EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{11BF93A6-CFD8-4E3D-80E5-ACD1CA7EA5FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{BD0F806E-F6F0-4928-AE9D-D0373377580E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{6DFA3843-0211-48AA-9BFD-CD5566926E2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9B63EA59-8379-4190-A363-38A6E7198CBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C91E8DF2-590A-4006-B1FF-1BE121C9396B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{693AC96C-1FE2-4D65-B8BB-C81B5FF52158}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E033BD0E-DBC5-4531-8599-53E9A2DDE249}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{58E70D8B-5B1A-4099-B411-F894E3156CC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B584562F-3605-4948-B772-4E17986E6F32}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{1873B31E-B92E-48D4-9AED-B7785D9D713A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FD7025B3-9FC6-4ED3-AAB2-6420DDEF82C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{76422B99-A6B8-42D3-9598-F7631FD2FF25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2ACD5D8F-9F57-4A7A-9798-970F653CEE3D}] => (Allow) C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7080AC85-A325-4A46-8BAC-80D7AE9BBB3F}] => (Allow) C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60589CC2-BEEA-4ECB-A2A3-1B6D69DDC236}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{EBB52C30-6612-4927-B0F8-034F8351F8C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7D06D696-C6CC-47A2-839A-13C56E058581}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{E75906E2-B2E3-43E1-9CDF-3AC2E2AB1862}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{168F5439-B8FD-4521-8E65-8C44B6D68185}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7C901639-23B2-40C3-A11C-772EF935EDC6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E591DD14-FD17-43E6-AE35-299E8A3DBD7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D76D7542-D3B3-48DF-9C24-097220D27BCE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE53FF43-CF0D-4163-945B-7166E2520A56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{883E920A-F339-4271-83B6-4BCB5B50704B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{93E097F7-AFFE-4738-99E0-4D3D87B3688F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E526FA97-97BA-4414-A286-3FC95E028426}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F7A51A63-CFE3-4E7A-A7AF-BC866BD556EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E017CC47-4B1B-4701-B548-957480205FF9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94230930-A3E7-416C-BBAF-C6F10CFFFC3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D74D9DDC-EC75-4890-A242-276E7D6267F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4BD1F10-76DB-4B4C-8167-E1EE19E563F7}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{736875F6-98B9-432F-AD17-5E7033483BFB}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{418CD36B-76B5-49A0-9F88-DA808EF6ED0E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7E680439-DF59-4F46-8CB7-77916639BD73}] => (Allow) LPort=2869
FirewallRules: [{F18C606E-9594-4494-BF3D-9E3E6EA163FC}] => (Allow) LPort=1900
FirewallRules: [{5A71AFBE-47C1-4123-98EA-CC2A34118073}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{92D0477C-067A-48C6-92AB-E6E9243223C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{7D2776A2-39AC-4D65-873B-08485288F894}] => (Allow) C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD1B00D9-82DE-4879-BA69-96DBECBEAD22}] => (Allow) C:\Users\NATHAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{65CA775A-F2D6-44D6-9845-97036DEAF25E}] => (Allow) C:\WINDOWS\explorer.exe
FirewallRules: [{305362D1-4739-459A-A8EA-78E3437466FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{6F2DF356-CCBC-4633-8728-73A32ED3FF85}] => (Allow) C:\Program Files (x86)\theHunter\launcher\launcher.exe
FirewallRules: [{E3523884-D587-4EE1-9898-106BBDA860D3}] => (Allow) C:\Program Files (x86)\theHunter\launcher\launcher.exe
FirewallRules: [{5506762D-8FC8-418A-BFBD-058C0EEE4550}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{B5AD28D2-18F0-4813-95CD-99E18B06D4BF}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{37F2B5E9-2F85-4E4C-8E49-C1746D1613D3}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{ED61057C-6071-4087-834D-3090FF71D37C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{3C0511AB-EC35-4CC7-9727-CB9107378A3D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1F7ECF4A-A62E-4955-B95E-8481643740CD}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{255EC3BD-03AC-436E-A98F-865A5DF25FD0}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{640D2F94-FEA4-4FAB-AE03-BAA2E5630398}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{60C8559E-B6EE-47DE-88D2-8B8B16A0E270}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{E0FEF457-8AE0-4D3B-AB37-0AA691810589}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{66A8050C-40A8-4F47-B040-DD29AF495729}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{406CACEC-1805-4373-BBF0-B0B8671098DB}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{3B352415-505F-430C-80FB-74606723D78E}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{24819BB7-B1D6-49F2-B5C8-75A1EAF8CE33}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{2DC1D4E1-1158-49CB-96CF-1104E4A2A1A1}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{E9C57EE0-EB70-452E-84BA-11D25F505892}] => (Allow) LPort=8743
FirewallRules: [{8BE32FA1-6667-49B1-A1E3-3D0692C6D5F2}] => (Allow) LPort=8643
FirewallRules: [{9B5D0358-962C-47CB-AFD0-0FE6F1F16247}] => (Allow) LPort=7676
FirewallRules: [{AE8CBFA5-9DDE-4C27-81A7-51C505AC8EA3}] => (Allow) LPort=7679
FirewallRules: [{5125FF95-B404-4037-BF72-F482638CF272}] => (Allow) LPort=24234
FirewallRules: [{D22AD748-8FC3-412F-BDDD-C0668EF340A2}] => (Allow) LPort=7900
FirewallRules: [{E858ACE6-1271-4AC7-9914-9B4445940FD0}] => (Allow) LPort=1900
FirewallRules: [{65E85A81-AA97-47DA-85FD-A79731587DC6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{493DE807-CAB2-481A-8C19-C957CE77DD62}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{DECE030E-66FA-4687-B596-E5F7C6A11B54}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{94C28026-C549-4334-AD11-683D1A196A8C}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{03AA4A72-7618-4855-863C-F4A347CEA8FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{277AABC7-0872-46F7-958D-7DC318288047}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{D619AD4C-C4E3-4BD1-9A0A-585DC0F954F7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{015C0232-264D-4C5D-B641-E80058A30B68}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7AEF6F77-6EDE-4C4A-ACCE-43232C8C3253}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7AEBF0D2-F0C5-4BA4-9890-A811234B9592}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{86A9DCD8-3BC8-462B-9BEC-02C0CFF6309F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{A60A98C2-F666-4D86-A99D-A498D4F606A5}] => (Allow) LPort=53000
FirewallRules: [{15F55BFB-E431-4977-AB42-AF37F574CCB8}] => (Allow) LPort=52000
FirewallRules: [{DE016C2C-A86B-4DCC-A105-23B5E5EF9CB8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Faulty Device Manager Devices =============
 
Name: XT1254 Audio/Video Remote Control HID
Description: Bluetooth Audio/Video Remote Control HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: BthAvrcpTg
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Ralink Bluetooth Adapter
Description: Ralink Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Technology, Corp.
Service: BTHUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2015 05:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x00000000000394ca
Faulting process id: 0xecc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (07/04/2015 04:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x2070
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5
 
Error: (07/04/2015 04:23:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0xac0
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5
 
Error: (07/04/2015 04:10:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: osk.exe, version: 6.3.9600.17415, time stamp: 0x545048d7
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x18bc
Faulting application start time: 0xosk.exe0
Faulting application path: osk.exe1
Faulting module path: osk.exe2
Report Id: osk.exe3
Faulting package full name: osk.exe4
Faulting package-relative application ID: osk.exe5
 
Error: (07/04/2015 06:46:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
 
Error: (07/04/2015 06:45:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/04/2015 06:40:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/04/2015 06:26:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/03/2015 08:06:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume My Book (J:) was not optimized because an error was encountered: The disk being optimized is full. (0x8900001F)
 
Error: (07/03/2015 07:53:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
 
 
System errors:
=============
Error: (07/04/2015 04:40:28 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (07/04/2015 04:39:02 PM) (Source: DCOM) (EventID: 10010) (User: COOPER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/04/2015 04:39:02 PM) (Source: DCOM) (EventID: 10010) (User: COOPER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/04/2015 04:39:02 PM) (Source: DCOM) (EventID: 10010) (User: COOPER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/04/2015 04:39:02 PM) (Source: DCOM) (EventID: 10010) (User: COOPER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/03/2015 04:33:48 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (07/02/2015 06:00:22 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (07/02/2015 05:23:08 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (07/01/2015 06:24:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/01/2015 05:53:28 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start.  The data contains the error code.
 
 
Microsoft Office:
=========================
Error: (07/04/2015 05:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.1741554504177combase.dll6.3.9600.17415545044f9c000000500000000000394caecc01d0b6a21665d26fC:\windows\system32\svchost.exeC:\WINDOWS\SYSTEM32\combase.dllb718afb7-2298-11e5-bedd-b8763f0dd2f6
 
Error: (07/04/2015 04:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.17736550f4336c000014200000000000ec180207001d0b6a04bf35e7cC:\WINDOWS\System32\rundll32.exeUSER32.dll89aa8086-2293-11e5-bedc-b8763f0dd2f6
 
Error: (07/04/2015 04:23:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.17736550f4336c000014200000000000ec180ac001d0b69f9b97c20eC:\WINDOWS\System32\rundll32.exeUSER32.dlld94ee15f-2292-11e5-bedc-b8763f0dd2f6
 
Error: (07/04/2015 04:10:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: osk.exe6.3.9600.17415545048d7ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f2018bc01d0b576616679faC:\WINDOWS\System32\osk.exeC:\WINDOWS\SYSTEM32\ntdll.dll0db94ee5-2291-11e5-bedc-b8763f0dd2f6
 
Error: (07/04/2015 06:46:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
 
Error: (07/04/2015 06:45:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\theHunter\launcher\launcher.exe
 
Error: (07/04/2015 06:40:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\theHunter\launcher\launcher.exe
 
Error: (07/04/2015 06:26:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\theHunter\launcher\launcher.exe
 
Error: (07/03/2015 08:06:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: My Book (J:)The disk being optimized is full. (0x8900001F)
 
Error: (07/03/2015 07:53:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6200 Six-Core Processor 
Percentage of memory in use: 31%
Total physical RAM: 10031.25 MB
Available physical RAM: 6823.1 MB
Total Virtual: 11567.25 MB
Available Virtual: 7252.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1849.66 GB) (Free:795.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.17 GB) (Free:1.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (My Book) (Fixed) (Total:1397.23 GB) (Free:0 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1862.6 GB) (Disk ID: 17376156)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1397.2 GB) (Disk ID: 00021758)
Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:10 AM

Posted 09 July 2015 - 10:30 PM

Greetings ncooper1977 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please move FRST.exe from your Downloads folder onto your Desktop.

Did you install Octoshape Streaming Services?

We have a lot to do but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
closeprocesses:
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Obwjics] => regsvr32.exe C:\Users\NATHAN\AppData\Local\Obwjics\CoreText.dll 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: K - "K:\setup.exe" 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: {2decce34-9266-11e4-bebd-b8763f0dd2f6} - "L:\VerizonWirelessUpgradeAssistantSetup.exe" -a
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File not found
IFEO\allshare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hitmanpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1581858979-3581953092-217864043-1001 -> {956824DD-8D36-4C21-9BF2-72A49D227149} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0FtD0D0DtB0FyBtA0E0FtDtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyE0EtB0D0CyByEyBtGtA0F0DyEtG0E0EyByEtGyEtBtAzytGtDzy0EyDtC0CyE0EyDyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0AyDyD0B0EtG0A0F0B0AtGyE0AtCtDtGzytAzy0BtG0D0CzzyCtB0FtDyEyEzz0B0E2Q&cr=1386266058&ir=
U4 BthAvrcpTg; No ImagePath
U4 bthhfhid; No ImagePath
U3 ufldqpoc; \??\C:\Users\NATHAN\AppData\Local\Temp\ufldqpoc.sys [X]
2014-11-21 11:13 - 2014-12-18 06:34 - 0000000 _____ () C:\ProgramData\@system.temp
2014-11-21 11:13 - 2014-11-21 11:13 - 0000288 ____H () C:\ProgramData\@system3.att
Task: {3C6B0015-442A-41C2-8A8A-4F017881EBD0} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {4BC04F81-0129-4CF5-A732-D4A94E68C285} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {4E26BD39-1D63-4C2B-8703-8DDE10F4B6C4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {87C58936-28F9-4EB8-99A9-7813B8EAA2C7} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {CA7EF00D-6781-49DF-94C0-444374137688} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
2014-11-21 11:13 - 2014-11-21 11:13 - 0000480 ____H () C:\Users\NATHAN\AppData\Roaming\麽鎒駓覜
C:\Users\NATHAN\AppData\Local\Temp\_MEI70562
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File not found
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information

Edited by Oh My!, 09 July 2015 - 10:32 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 10 July 2015 - 06:59 AM

Hi Gary my name is Nathan. I have  uninstalled utorrent. I didn't  recognize  Octoshape Streaming Services. Is that something I should download? I have moved FRST.exe to my desktop . I do want to clean my machine . Do I need to keep my virus and malware programs from scanning to prevent them from changing anything. I will disconnect my machine from the internet while I am not here and as of now I haven't noticed any financial institution irregularities. I will start this cleaning and repair process this evening or in the morning after I hear back from you. Thank you very much for taking your time to help me it is greatly appreciated.

Nathan



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:10 AM

Posted 10 July 2015 - 08:49 AM

Hi Nathan, thanks for touching base. The Octoshape is already on your computer so if you don't recognize it we will remove it.

You can leave your virus/malware programs running unless a step includes instructions to temporarily disable them. Whenever you are ready we can get started.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 06:11 AM

# AdwCleaner v4.208 - Logfile created 11/07/2015 at 06:03:58
# Updated 09/07/2015 by Xplode
# Database : 2015-07-10.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : NATHAN - COOPER
# Running from : C:\Users\NATHAN\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : CouponPrinterService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\NATHAN\AppData\Local\GCC
Folder Deleted : C:\Users\NATHAN\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\NATHAN\AppData\Roaming\Mozilla\Firefox\Profiles\k8npl6z0.default\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B}
Folder Deleted : C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Folder Deleted : C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp
File Deleted : C:\Users\Public\Desktop\eBay.lnk
 
***** [ Scheduled tasks ] *****
 
Task Deleted : FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
Task Deleted : LaunchApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
[k8npl6z0.default\prefs.js] - Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=523482&p={searchTerms}");
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\NATHAN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/
 
*************************
 
AdwCleaner[R0].txt - [5370 bytes] - [11/07/2015 06:02:23]
AdwCleaner[S0].txt - [5242 bytes] - [11/07/2015 06:03:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5301  bytes] ##########


#7 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 06:28 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.2 (07.10.2015:3)
OS: Windows 8.1 x64
Ran by NATHAN on Sat 07/11/2015 at  6:22:17.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\GC_Informer
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\GC_Scheduler
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E71A23038D07E5791FAFB40B8D08580E
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update PacFunction
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util PacFunction
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\NATHAN\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak
 
[C:\Users\NATHAN\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\NATHAN\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
aaaaadgepjkdffhjbkfjgnnffnfcffbg
ihdkejbciahopmbagpnjmmkkdpfpaaak
lmnbobhffedhdhfpcjkjphcfpeeiocdn
ndibdjnfmopecpmkdieinmbadjfpblof
 
[C:\Users\NATHAN\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\NATHAN\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  aaaaadgepjkdffhjbkfjgnnffnfcffbg,
  amfclgbdpgndipgoegfpkkgobahigbcl,
  booedmolknjekdopkepjjeckmjkdpfgl,
  bopakagnckmlgajfccecajhnimjiiedh,
  flpcjncodpafbgdpnkljologafpionhb,
  igjjkeeamkpihpncmmbgdkhdnjpcfmfb,
  ihdkejbciahopmbagpnjmmkkdpfpaaak,
  lmnbobhffedhdhfpcjkjphcfpeeiocdn,
  ndibdjnfmopecpmkdieinmbadjfpblof,
  oilkkkefbalmbfppgjmgjoefbclebkce
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/11/2015 at  6:25:49.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 06:40 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by NATHAN at 2015-07-11 06:33:51 Run:1
Running from C:\Users\NATHAN\Desktop
Loaded Profiles: NATHAN (Available Profiles: NATHAN)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
closeprocesses:
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\Run: [Obwjics] => regsvr32.exe C:\Users\NATHAN\AppData\Local\Obwjics\CoreText.dll 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: K - "K:\setup.exe" 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\...\MountPoints2: {2decce34-9266-11e4-bebd-b8763f0dd2f6} - "L:\VerizonWirelessUpgradeAssistantSetup.exe" -a
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File not found
IFEO\allshare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hitmanpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
U4 BthAvrcpTg; No ImagePath
U4 bthhfhid; No ImagePath
U3 ufldqpoc; \??\C:\Users\NATHAN\AppData\Local\Temp\ufldqpoc.sys [X]
2014-11-21 11:13 - 2014-12-18 06:34 - 0000000 _____ () C:\ProgramData\@system.temp
2014-11-21 11:13 - 2014-11-21 11:13 - 0000288 ____H () C:\ProgramData\@system3.att
Task: {3C6B0015-442A-41C2-8A8A-4F017881EBD0} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {4BC04F81-0129-4CF5-A732-D4A94E68C285} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {4E26BD39-1D63-4C2B-8703-8DDE10F4B6C4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {87C58936-28F9-4EB8-99A9-7813B8EAA2C7} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {CA7EF00D-6781-49DF-94C0-444374137688} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
2014-11-21 11:13 - 2014-11-21 11:13 - 0000480 ____H () C:\Users\NATHAN\AppData\Roaming\????
C:\Users\NATHAN\AppData\Local\Temp\_MEI70562
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File not found
*****************
 
Processes closed successfully.
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Obwjics => value removed successfully
"HKU\S-1-5-21-1581858979-3581953092-217864043-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K" => key removed successfully
"HKU\S-1-5-21-1581858979-3581953092-217864043-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2decce34-9266-11e4-bebd-b8763f0dd2f6}" => key removed successfully
HKCR\CLSID\{2decce34-9266-11e4-bebd-b8763f0dd2f6} => key not found. 
"C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files" => value data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\allshare.exe => key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hitmanpro.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setup.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => key removed successfully
HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKU\S-1-5-21-1581858979-3581953092-217864043-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{956824DD-8D36-4C21-9BF2-72A49D227149} => key not found. 
HKCR\CLSID\{956824DD-8D36-4C21-9BF2-72A49D227149} => key not found. 
BthAvrcpTg => Service removed successfully
bthhfhid => Service removed successfully
ufldqpoc => Service not found.
C:\ProgramData\@system.temp => moved successfully.
C:\ProgramData\@system3.att => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6B0015-442A-41C2-8A8A-4F017881EBD0} => key not found. 
C:\Windows\System32\Tasks\GC_Scheduler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC04F81-0129-4CF5-A732-D4A94E68C285} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E26BD39-1D63-4C2B-8703-8DDE10F4B6C4} => key not found. 
C:\Windows\System32\Tasks\LaunchApp not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87C58936-28F9-4EB8-99A9-7813B8EAA2C7} => key not found. 
C:\Windows\System32\Tasks\GC_Informer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA7EF00D-6781-49DF-94C0-444374137688}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA7EF00D-6781-49DF-94C0-444374137688}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler" => key removed successfully
 
"C:\Users\NATHAN\AppData\Roaming\????" folder move:
 
Could not move "C:\Users\NATHAN\AppData\Roaming\????" folder => Scheduled to move on reboot.
 
"C:\Users\NATHAN\AppData\Local\Temp\_MEI70562" => File/Folder not found.
"C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files" => value data not found.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-11 06:36:39)<=
 
"C:\Users\NATHAN\AppData\Roaming\????" => Could not move
 
==== End of Fixlog 06:36:39 ====


#9 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 06:58 AM

Good morning Gary. I struggled a little  with this because i use winrar. i hope it made it

 

Attached File  summary.zip   230.82KB   1 downloads



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:10 AM

Posted 11 July 2015 - 07:13 AM

Hi Nathan,

I did get it, good job. A couple things. Hit the Windows + E key at the same time. Navigate to the C:\Users\NATHAN\AppData\Roaming folder. Right click and delete the below if you see it:

麽鎒駓覜
Mehaopitiao (translated)

Can you provide an update on your computer performance?

Edited by Oh My!, 11 July 2015 - 07:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 09:49 AM

Hey Gary,

 

Computer seems much more responsive. Been awhile since I could say that. You did a super job and i greatly appreciate it. I also thank you for the eye opening info about a back door  trojan. I will stay aware of my personal information and probably completely reformat when possible. Once again thank you very much

 

Nathan



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:10 AM

Posted 11 July 2015 - 09:56 AM

Hi Nathan,

That is great to hear but we are not quite done yet.

Were you able to delete that folder?

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 10:24 AM

yes i was able to delete that folder



#14 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 01:28 PM

C:\Users\NATHAN\AppData\Local\Microsoft\Windows\FileHistory\Data\6816\C\Users\NATHAN\Downloads\cbsidlm-cbsi176-Free_Virtual_Keyboard-SEO-75989972.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\AppData\Local\Microsoft\Windows\FileHistory\Data\6816\C\Users\NATHAN\Downloads\Easy HDTV DVR 1.4.0 setup.exe Win32/Spigot.A potentially unwanted application deleted - quarantined
C:\Users\NATHAN\AppData\Local\Microsoft\Windows\FileHistory\Data\6816\C\Users\NATHAN\Downloads\java-setup.exe a variant of Win32/DownloadAdmin.H potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\AppData\Local\Microsoft\Windows\FileHistory\Data\6816\C\Users\NATHAN\Downloads\SoftwareUpdater.exe Win32/Conduit.SearchProtect.W potentially unwanted application deleted - quarantined
C:\Users\NATHAN\AppData\Local\Microsoft\Windows\FileHistory\Data\6816\C\Users\NATHAN\Downloads\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\AppData\Local\Temp\HYDA81A.tmp.1436527915_permissionsCopy\updates\3.3.2_30488.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\Downloads\cbsidlm-cbsi176-Free_Virtual_Keyboard-SEO-75989972.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\Downloads\Easy HDTV DVR 1.4.0 setup.exe Win32/Spigot.A potentially unwanted application deleted - quarantined
C:\Users\NATHAN\Downloads\java-setup.exe a variant of Win32/DownloadAdmin.H potentially unwanted application cleaned by deleting - quarantined
C:\Users\NATHAN\Downloads\SoftwareUpdater.exe Win32/Conduit.SearchProtect.W potentially unwanted application deleted - quarantined
C:\Users\NATHAN\Downloads\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe Win32/Toolbar.Conduit.F potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64HPFICK\tbedrs[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\SwvUpdater\Updater.exe a variant of Win32/Amonetize.I potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\checktbexist.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\mconduitinstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\nsbD3EB.exe Win32/Conduit.SearchProtect.S potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\nsr744E.exe Win32/Conduit.SearchProtect.S potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\SecondStepInstaller.exe Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\tbMixi.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\uninstall329128428.exe a variant of Win32/ExpressFiles potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3285873\chLogic.exe Win32/Conduit.SearchProtect.J potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3285873\ctbe.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3285873\ieLogic.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3285873\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3285873\stub.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3289847\chLogic.exe Win32/Conduit.SearchProtect.J potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3289847\ctbe.exe Win32/Toolbar.Conduit.AO potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3289847\spch.exe Win32/Conduit.SearchProtect.J potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Local\Temp\ct3289847\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\hk64tbuTo2.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\hktbuTo2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\ldrtbuTo2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\tbuTo1.dll Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\tbuTo2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\Mozilla\Firefox\Profiles\user.js JS/SecurityDisabler.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.E potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\SPHook32.dll a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\SPRunner.exe Win32/Conduit.SearchProtect.D potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\AppData\Roaming\SearchProtect\bin\uninstall.exe Win32/Conduit.SearchProtect.S potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\Downloads\4kvideotomp3_1.3.exe Win32/Somoto.E potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\Downloads\AVG_Antivirus_Licence_Untill_2018_(reup)-Kuttootta.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\AVG_Licence_Keys_Till_2018.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\Beast_Beneath_2013_LIMITED_DVDRip_Xvid_UnKnOwN.exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\Nathan.For.You.S01E04.480p.HDTV.x264-mSD_secure.exe Win32/TopMedia.B potentially unwanted application deleted - quarantined
J:\C DRIVE\NATHAN\Downloads\PC_Pro_Installers.exe a variant of Win32/PCCleaners.A potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\the_dooley_and_pals_show_downloader_340b.exe a variant of Win32/ExpressFiles potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
J:\C DRIVE\NATHAN\Downloads\Morpheus Photo Animation Suite Ind v3.15\MorpheusPhotoAnimationSuite-315.exe a variant of Win32/Adware.RK.AG application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\cbsidlm-cbsi176-Free_Virtual_Keyboard-SEO-75989972 (2014_07_04 19_00_49 UTC).exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\cbsidlm-cbsi176-Free_Virtual_Keyboard-SEO-75989972 (2014_09_21 14_02_41 UTC).exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\Easy HDTV DVR 1.4.0 setup (2014_12_15 00_52_13 UTC).exe Win32/Spigot.A potentially unwanted application deleted - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\java-setup (2014_12_25 00_39_51 UTC).exe a variant of Win32/DownloadAdmin.H potentially unwanted application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\SoftwareUpdater (1) (2014_11_04 03_13_30 UTC).exe Win32/Conduit.SearchProtect.W potentially unwanted application deleted - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\SoftwareUpdater (2014_11_04 03_13_30 UTC).exe Win32/Conduit.SearchProtect.W potentially unwanted application deleted - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\Unconfirmed 295063 (2014_09_15 12_41_50 UTC).crdownload Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\utorrent (2014_07_04 12_37_54 UTC).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
J:\FileHistory\NATHAN\COOPER\Data\C\Users\NATHAN\Downloads\utorrent (2014_09_21 09_11_01 UTC).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
J:\recovered\Microsoft_Office_2010_(32-bit_PRO).exe multiple threats cleaned by deleting - quarantined
 


#15 ncooper1977

ncooper1977
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 11 July 2015 - 01:32 PM

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender             
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp 2014  
 AVG PC TuneUp 2014 (en-US) 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 17.0.0.191 Flash Player out of Date!  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.132) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users