Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SSalePluuss and other malware/viruses have taken over my browsers!

ssalepluuss ads superantispyware

  • This topic is locked This topic is locked

#1
th1nker

th1nker

    Member

  • Member
  • PipPip
  • 38 posts

Recently, my chrome extensions have been replaced with one called SSalePluuss which I am unable to remove. It keeps coming back. Besides that, periodically, it gets so bad that it downloads hundreds of ad programs that pop up as I browse. I have ran malware bytes, super anti spyware, and windows defender nearly daily to remove hundreds of adwares, and they always come back hundreds more at a time. I even tried manually using system investigator in super anti spyware and weeding out some parts the program missed, but they always came back. At this point, I'm out of ideas and don't know what else I can do to get rid of this infection.  :smashcomp:

 

In the past, I have used your site to get rid of even worse infections, so I'm confident that this will not be a problem at all for you! Thanks in advance for your help   :geek:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by George (administrator) on EREDITH on 13-04-2015 20:58:04
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available profiles: George)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUS) C:\Program Files (x86)\ASUS\USB-AC53 WLAN Card Utilities\WlanMgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\GenValObj.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\Run: [GoogleChromeAutoLaunch_B4EC1D2429CD24DC38F0F0B254F35ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\Run: [uTorrent] => C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe [1743952 2015-04-12] (BitTorrent Inc.)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScarletKnife Install Beta 10.0.5.lnk
ShortcutTarget: ScarletKnife Install Beta 10.0.5.lnk -> C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066}\ScarletKnife Install Beta 10.0.5.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-12] (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24390&r=2015/04/12&hid=6916836094339092537&lg=EN&cc=CA&unqvl=86"
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R3 BCMH43XX; C:\Windows\system32\DRIVERS\bcmwlhigh63a.sys [2071624 2012-11-17] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-08-12] (VIA Technologies, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:57 - 2015-04-13 20:58 - 00014574 _____ () C:\Users\George\Desktop\FRST.txt
2015-04-13 20:55 - 2015-04-13 20:55 - 02096640 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe
2015-04-13 20:54 - 2015-04-13 20:58 - 00000000 ____D () C:\FRST
2015-04-13 20:50 - 2015-04-13 20:50 - 00003538 _____ () C:\WINDOWS\System32\Tasks\USBAC53WLANMGR
2015-04-13 20:49 - 2015-04-13 20:49 - 00000924 _____ () C:\Users\Public\Desktop\ASUS USB-AC53 WLAN Control Center.lnk
2015-04-13 20:49 - 2015-04-13 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-04-13 20:49 - 2015-04-13 20:49 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-13 20:49 - 2012-12-13 19:15 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-04-13 20:49 - 2012-12-13 19:15 - 00092688 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2015-04-13 20:49 - 2012-12-13 19:15 - 00053299 _____ () C:\WINDOWS\SysWOW64\pthreadVC.dll
2015-04-13 20:49 - 2012-12-13 19:15 - 00047632 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\Drivers\npf.sys
2015-04-13 20:49 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\SysWOW64\Drivers\PcaSp60.sys
2015-04-12 18:31 - 2015-04-12 18:31 - 00037230 _____ () C:\Users\George\Downloads\[kickass.to]avid.media.composer.8.0.0.win.64.patch.v.r.chingliu.torrent
2015-04-12 18:23 - 2015-04-12 18:23 - 00160762 _____ () C:\Users\George\Downloads\[kickass.to]adobe.creative.cloud.collection.december.2014.x86.and.x64.p2p.helg420.torrent
2015-04-12 17:53 - 2015-04-12 17:53 - 00002140 _____ () C:\Users\George\Desktop\Desktop Backgrounds.lnk
2015-04-12 17:38 - 2015-04-12 17:38 - 00000000 ____D () C:\Users\George\AppData\Roaming\WinRAR
2015-04-12 17:38 - 2015-04-12 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-04-12 17:36 - 2015-04-12 17:36 - 00000000 ____D () C:\Users\George\Downloads\Microsoft Toolkit 2.5.3 Official Torrent
2015-04-12 17:27 - 2015-04-12 18:49 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 17:20 - 2015-04-12 17:23 - 00000000 ____D () C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066}
2015-04-12 17:19 - 2015-04-12 17:33 - 00000000 ____D () C:\ProgramData\{1738ca3d-5e34-df62-1738-8ca3d5e328f5}
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\SSalePluuss
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\Share on Tumblr
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-12 17:18 - 2015-04-12 17:26 - 00000000 ____D () C:\Program Files (x86)\SegmentAmplifier
2015-04-12 17:18 - 2015-04-12 17:18 - 00000000 ____D () C:\ProgramData\gpimanbojhelbdhedhdnebfdffbeckgj
2015-04-12 17:18 - 2015-04-12 17:18 - 00000000 ____D () C:\ProgramData\16265104164591406528
2015-04-12 17:17 - 2015-04-12 17:33 - 00000000 ____D () C:\ProgramData\{6d6cbec2-9659-dfae-6d6c-cbec2965fb0a}
2015-04-12 17:16 - 2015-04-12 17:16 - 00001142 _____ () C:\Users\George\Downloads\Links.txt
2015-04-12 17:00 - 2015-04-12 23:53 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2015-04-12 17:00 - 2015-04-12 17:00 - 00000840 _____ () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-04-12 16:59 - 2015-04-12 17:00 - 01743952 _____ (BitTorrent Inc.) C:\Users\George\Downloads\uTorrent.exe
2015-04-12 16:59 - 2015-04-12 16:59 - 00000000 ____D () C:\Program Files\VIA XHCI UASP Utility
2015-04-12 16:59 - 2013-08-12 11:12 - 00227840 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\ViaHub3.sys
2015-04-12 16:59 - 2013-01-18 03:11 - 00086064 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\vusbstor.sys
2015-04-12 16:58 - 2015-04-12 16:58 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-04-12 16:58 - 2013-08-12 11:12 - 00295424 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\xhcdrv.sys
2015-04-12 16:57 - 2015-04-12 16:57 - 00000000 ____D () C:\WINDOWS\SysWOW64\Atheros_L1e
2015-04-12 16:57 - 2013-07-17 22:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
2015-04-12 16:56 - 2015-04-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-12 16:56 - 2013-08-21 00:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-04-12 16:55 - 2015-04-12 16:55 - 00000024 _____ () C:\WINDOWS\SetupTemp.ini
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\Program Files\VIA
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\Program Files (x86)\VIA
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\Intel
2015-04-12 16:55 - 2013-12-16 01:48 - 00691888 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viahduaa.sys
2015-04-12 16:55 - 2013-12-16 01:48 - 00033456 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\VMfilt64.sys
2015-04-12 16:55 - 2013-12-09 18:29 - 01998104 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMAPO264.DLL
2015-04-12 16:55 - 2013-12-09 18:29 - 01727256 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMAPO232.DLL
2015-04-12 16:55 - 2013-10-31 18:21 - 27646720 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2015-04-12 16:55 - 2013-10-31 18:21 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2015-04-12 16:55 - 2013-10-31 18:21 - 01013504 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2015-04-12 16:55 - 2013-10-31 18:21 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-04-12 16:55 - 2013-10-11 02:46 - 00884400 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIASysFx.dll
2015-04-12 16:55 - 2013-07-30 01:15 - 03322368 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIAPropPageExt.dll
2015-04-12 16:55 - 2013-07-21 23:40 - 00388096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMWRP64.DLL
2015-04-12 16:55 - 2013-03-28 01:57 - 01845424 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaMicArrayAPO.dll
2015-04-12 16:55 - 2012-12-11 03:01 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\VtSrdAPO.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 01161336 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaKaraokeApo.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Dts2APO.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00123512 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaKaraokePropPageExt.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00095352 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaMicArrayPropPageExt.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00092280 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Dts2PropPageExt.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00055416 _____ (TODO: <Company name>) C:\WINDOWS\system32\PropPageExt.dll
2015-04-12 16:55 - 2012-12-11 03:00 - 00027768 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViakaraokeSrv.exe
2015-04-12 16:55 - 2012-11-14 19:06 - 00083968 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQAPO.dll
2015-04-12 16:55 - 2012-06-28 01:54 - 00086016 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQPropPageExt.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 07163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64H.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 07163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64H.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64H.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64H.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64H.dll
2015-04-12 16:55 - 2011-12-14 22:16 - 00075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64A.dll
2015-04-12 16:55 - 2011-09-27 03:13 - 00879616 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMAPO64.DLL
2015-04-12 16:55 - 2011-09-27 03:13 - 00739328 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMAPO32.DLL
2015-04-12 16:55 - 2011-09-27 03:13 - 00619520 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMTHX64.DLL
2015-04-12 16:55 - 2011-09-27 03:13 - 00554496 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMTHX32.DLL
2015-04-12 16:55 - 2011-09-27 03:13 - 00057856 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPLD64.DLL
2015-04-12 16:55 - 2010-10-26 03:54 - 00053760 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPCN64.DLL
2015-04-12 16:55 - 2007-04-11 00:35 - 00414632 ____N (Microsoft Corporation) C:\WINDOWS\difxapi.dll
2015-04-12 16:51 - 2015-04-12 16:51 - 00000000 ____D () C:\Users\George\Documents\My Games
2015-04-12 16:33 - 2015-04-12 16:33 - 00000666 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-12 16:33 - 2015-04-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-12 15:53 - 2015-04-13 19:55 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-12 15:53 - 2015-04-12 15:53 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-12 15:53 - 2015-04-12 15:53 - 00000000 ____D () C:\Windows.old
2015-04-12 15:30 - 2015-04-12 15:30 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-12 15:30 - 2015-04-12 15:30 - 00000000 ____D () C:\ProgramData\ATI
2015-04-12 15:27 - 2015-04-12 17:39 - 00000000 ____D () C:\SUPERDelete
2015-04-12 15:26 - 2015-04-13 20:48 - 00001704 _____ () C:\WINDOWS\Tasks\RHLISEA.job
2015-04-12 15:26 - 2015-04-13 20:48 - 00001350 _____ () C:\WINDOWS\Tasks\EC.job
2015-04-12 15:26 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-12 15:26 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\c9c95e38-2290-42de-ba46-5eb832c1738c
2015-04-12 15:26 - 2015-04-12 15:39 - 00000000 ____D () C:\Users\George\AppData\Roaming\WTools
2015-04-12 15:26 - 2015-04-12 15:26 - 00004710 _____ () C:\WINDOWS\System32\Tasks\RHLISEA
2015-04-12 15:26 - 2015-04-12 15:26 - 00004356 _____ () C:\WINDOWS\System32\Tasks\EC
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\Users\George\AppData\Local\globalUpdate
2015-04-12 15:25 - 2015-04-12 15:25 - 00003460 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-04-12 15:25 - 2015-04-12 15:25 - 00003196 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-04-12 15:25 - 2015-04-12 15:25 - 00000078 _____ () C:\Users\George\AppData\Roaming\Bubble Suite.installation.log
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-12 15:24 - 2013-08-02 21:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-12 15:24 - 2013-08-02 21:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-12 15:24 - 2013-08-02 21:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-12 15:24 - 2013-08-02 21:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-12 15:24 - 2013-08-02 21:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-12 15:24 - 2013-08-02 21:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-12 15:22 - 2015-04-12 16:28 - 00000000 ____D () C:\Program Files (x86)\SquareTrace
2015-04-12 15:22 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\KMSPico 10.0.6
2015-04-12 15:22 - 2015-04-12 15:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-12 15:15 - 2015-04-12 15:15 - 00000000 ____D () C:\Users\George\AppData\Roaming\library_dir
2015-04-12 15:14 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-04-12 15:14 - 2015-04-12 15:32 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-12 15:14 - 2015-04-12 15:14 - 00059756 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201504121514063670.log
2015-04-12 15:14 - 2015-04-12 15:14 - 00053564 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201504121514476522.log
2015-04-12 15:14 - 2015-04-12 15:14 - 00000000 ____D () C:\Users\George\AppData\Roaming\ATI
2015-04-12 15:14 - 2015-04-12 15:14 - 00000000 ____D () C:\Users\George\AppData\Local\ATI
2015-04-12 15:14 - 2015-04-12 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-12 15:14 - 2015-04-12 15:14 - 00000000 ____D () C:\ProgramData\AMD
2015-04-12 15:14 - 2015-04-12 15:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-12 15:07 - 2015-04-12 15:07 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-04-12 15:06 - 2015-04-12 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-04-12 15:04 - 2015-04-12 15:11 - 00000000 ____D () C:\AMD
2015-04-12 15:04 - 2015-04-12 15:04 - 00060601 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201504121504273877.log
2015-04-12 15:04 - 2015-04-12 15:04 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-12 15:03 - 2015-04-12 15:14 - 00000000 ____D () C:\Program Files\AMD
2015-04-12 15:03 - 2015-04-12 15:03 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-04-12 15:01 - 2015-04-13 20:48 - 00000000 ___RD () C:\Users\George\SkyDrive
2015-04-12 15:00 - 2015-04-12 15:00 - 00001446 _____ () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-12 14:59 - 2015-04-12 14:59 - 00000020 ___SH () C:\Users\George\ntuser.ini
2015-04-12 14:57 - 2015-04-13 20:53 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-12 14:57 - 2015-04-13 20:51 - 01696387 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 14:57 - 2013-08-21 22:17 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-04-12 14:56 - 2015-04-12 14:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-12 14:55 - 2015-04-13 19:41 - 00000000 ____D () C:\Users\George
2015-04-12 14:55 - 2015-04-12 14:57 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2015-04-12 14:55 - 2015-04-12 14:57 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2015-04-12 14:55 - 2015-04-12 14:55 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-12 14:55 - 2015-04-12 14:55 - 00000000 ___RD () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 14:55 - 2015-04-12 14:55 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-12 14:55 - 2015-04-12 14:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-12 14:55 - 2015-04-12 14:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-12 14:54 - 2015-04-12 14:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh63a_01011.Wdf
2015-04-12 14:54 - 2015-04-12 14:54 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-04-12 14:54 - 2015-04-12 14:54 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2015-04-12 14:53 - 2015-04-13 20:47 - 00039388 _____ () C:\WINDOWS\PFRO.log
2015-04-12 14:10 - 2015-04-12 14:48 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-04-12 14:10 - 2015-04-12 14:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-499234.txt
2015-04-12 14:02 - 2015-04-12 14:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-8765.txt
2015-04-12 14:02 - 2015-04-12 14:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-10593.txt
2015-04-12 14:01 - 2015-04-12 14:01 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1078250.txt
2015-04-12 13:59 - 2015-04-12 14:57 - 00008140 _____ () C:\WINDOWS\comsetup.log
2015-04-12 13:51 - 2015-04-12 13:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-507375.txt
2015-04-12 13:46 - 2015-04-12 13:46 - 00000000 ____D () C:\Users\George\Desktop\Media
2015-04-12 13:46 - 2015-04-12 13:46 - 00000000 ____D () C:\Users\George\Desktop\Applications
2015-04-12 13:45 - 2015-04-12 17:40 - 00000000 ____D () C:\Users\George\Desktop\Tools
2015-04-12 13:45 - 2015-04-12 16:35 - 00000000 ____D () C:\Users\George\AppData\Local\Steam
2015-04-12 13:45 - 2015-04-12 13:46 - 00000000 ____D () C:\Users\George\Desktop\Google
2015-04-12 13:44 - 2015-04-12 13:44 - 00000000 ____D () C:\Users\George\Desktop\Security
2015-04-12 13:44 - 2015-04-12 13:44 - 00000000 ____D () C:\Users\George\AppData\Roaming\Apple Computer
2015-04-12 13:43 - 2015-04-12 13:43 - 00000117 _____ () C:\WINDOWS\system32\netcfg-15312.txt
2015-04-12 13:43 - 2015-04-12 13:43 - 00000117 _____ () C:\WINDOWS\system32\netcfg-13796.txt
2015-04-12 13:38 - 2015-04-13 20:45 - 00000000 ____D () C:\Users\George\AppData\Local\ClassicShell
2015-04-12 13:38 - 2015-04-12 13:30 - 00002158 _____ () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-04-12 13:34 - 2015-04-12 17:40 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-12 13:34 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-12 13:34 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 13:34 - 2015-04-12 13:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
2015-04-12 13:34 - 2015-04-12 13:34 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-12 13:34 - 2015-04-12 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 13:34 - 2015-04-12 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 13:34 - 2015-03-17 06:54 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-12 13:34 - 2015-03-17 06:54 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-12 13:34 - 2015-03-17 06:54 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-12 13:33 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-04-12 13:33 - 2015-04-12 13:33 - 00115592 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2015-04-12 13:33 - 2015-04-12 13:33 - 00002156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-04-12 13:33 - 2015-04-12 13:33 - 00000000 ____D () C:\Users\George\AppData\Roaming\pdfforge
2015-04-12 13:33 - 2015-04-12 13:33 - 00000000 ____D () C:\Program Files\PDFCreator
2015-04-12 13:32 - 2015-04-12 21:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-04-12 13:32 - 2015-04-12 14:55 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-12 13:32 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-04-12 13:32 - 2015-04-12 13:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Dropbox
2015-04-12 13:32 - 2015-04-12 13:32 - 00000000 ____D () C:\Users\George\AppData\Local\Apple
2015-04-12 13:32 - 2015-04-12 13:32 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-12 13:32 - 2015-04-12 13:32 - 00000000 ____D () C:\ProgramData\Apple
2015-04-12 13:31 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-12 13:31 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-12 13:31 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Users\George\AppData\Roaming\Foxit Software
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Program Files\VideoLAN
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-04-12 13:30 - 2015-04-12 21:45 - 00000000 ____D () C:\Program Files (x86)\Winamp
2015-04-12 13:30 - 2015-04-12 15:06 - 00000000 ____D () C:\Program Files\Classic Shell
2015-04-12 13:30 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Users\George\AppData\Roaming\Winamp
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Users\George\AppData\Roaming\Notepad++
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-12 13:29 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-12 13:29 - 2015-04-12 13:30 - 00000000 ____D () C:\Program Files\TeraCopy
2015-04-12 13:29 - 2015-04-12 13:29 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-12 13:29 - 2015-04-12 13:29 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Users\George\AppData\Local\Adobe
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\ProgramData\Sun
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files\Java
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-12 13:28 - 2015-04-13 20:48 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 13:28 - 2015-04-12 23:33 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 13:28 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-12 13:28 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-12 13:28 - 2015-04-12 13:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-12 13:28 - 2015-04-12 13:31 - 00000000 ____D () C:\Users\George\AppData\Local\Google
2015-04-12 13:28 - 2015-04-12 13:28 - 00003910 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-12 13:28 - 2015-04-12 13:28 - 00003674 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-12 13:28 - 2015-04-12 13:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-12 13:28 - 2015-04-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-12 13:27 - 2015-04-12 13:27 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-12 13:27 - 2015-04-12 13:27 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-12 13:27 - 2015-04-12 13:27 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-12 13:27 - 2015-04-12 13:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 13:27 - 2015-04-12 13:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 13:24 - 2015-04-12 13:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1133093.txt
2015-04-12 13:24 - 2015-04-12 13:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1130078.txt
2015-04-12 13:24 - 2015-04-12 13:24 - 00000000 ____D () C:\Users\George\AppData\Roaming\Macromedia
2015-04-12 13:23 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\Drivers\PcaSp60.sys
2015-04-12 13:20 - 2015-04-13 20:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-12 13:20 - 2015-04-12 13:20 - 00001204 _____ () C:\WINDOWS\system32\netcfg-920750.txt
2015-04-12 13:20 - 2015-04-12 13:20 - 00001139 _____ () C:\WINDOWS\system32\netcfg-921718.txt
2015-04-12 13:20 - 2015-04-12 13:20 - 00000265 _____ () C:\WINDOWS\system32\netcfg-921500.txt
2015-04-12 13:20 - 2012-11-17 00:28 - 02071624 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\BCMWLHIGH63a.SYS
2015-04-12 13:20 - 2012-11-16 23:31 - 04395008 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvsrv64.dll
2015-04-12 13:20 - 2012-11-16 23:31 - 03659264 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvui64.dll
2015-04-12 13:20 - 2012-08-18 01:57 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-04-12 13:15 - 2015-04-13 20:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4289788441-1957571201-3015096575-1001
2015-04-12 13:09 - 2015-04-12 15:00 - 00000000 ____D () C:\Users\George\AppData\Local\Packages
2015-04-12 13:09 - 2015-04-12 14:55 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-12 13:09 - 2015-04-12 14:01 - 00409321 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-04-12 13:09 - 2015-04-12 13:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Adobe
2015-04-12 13:09 - 2015-04-12 13:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-04-12 13:09 - 2015-04-12 13:09 - 00000000 ____D () C:\WINDOWS\CSC
2015-04-12 13:09 - 2015-04-12 13:09 - 00000000 ____D () C:\Users\George\AppData\Local\VirtualStore
2015-04-12 13:05 - 2015-04-12 14:54 - 00000000 __SHD () C:\Recovery
2015-04-12 13:05 - 2015-04-12 13:05 - 00001134 _____ () C:\WINDOWS\system32\netcfg-16125.txt
2015-04-12 13:05 - 2015-04-12 13:05 - 00000185 _____ () C:\WINDOWS\system32\netcfg-14890.txt
2015-04-12 13:05 - 2015-04-12 13:05 - 00000161 _____ () C:\WINDOWS\system32\netcfg-14843.txt
2015-04-12 13:05 - 2015-04-12 13:05 - 00000160 _____ () C:\WINDOWS\system32\netcfg-14734.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000164 _____ () C:\WINDOWS\system32\netcfg-14406.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000160 _____ () C:\WINDOWS\system32\netcfg-14000.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000160 _____ () C:\WINDOWS\system32\netcfg-13750.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000159 _____ () C:\WINDOWS\system32\netcfg-14515.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000157 _____ () C:\WINDOWS\system32\netcfg-14625.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000157 _____ () C:\WINDOWS\system32\netcfg-13812.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000150 _____ () C:\WINDOWS\system32\netcfg-13875.txt
2015-04-09 23:08 - 2015-04-09 23:08 - 00288448 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2015-04-09 23:08 - 2015-04-09 23:08 - 00247488 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2015-03-26 12:14 - 2015-03-26 12:14 - 00005542 _____ () C:\Users\George\AppData\Roaming\RHLISEA
2015-03-26 12:14 - 2015-03-26 12:14 - 00004185 _____ () C:\Users\George\AppData\Roaming\EC
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:53 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-13 20:50 - 2013-08-22 07:46 - 00286806 _____ () C:\WINDOWS\setupact.log
2015-04-13 20:47 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 20:47 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-13 20:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-12 23:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-12 17:39 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-12 15:53 - 2013-08-22 08:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-12 15:48 - 2013-08-22 06:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-04-12 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-12 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-04-12 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-04-12 14:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-12 14:56 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-12 14:56 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-12 14:56 - 2013-08-22 07:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-12 14:55 - 2013-08-22 12:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-12 14:55 - 2013-08-22 12:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-12 14:55 - 2013-08-22 12:09 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-12 14:55 - 2013-08-22 08:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-12 14:55 - 2013-08-22 08:37 - 00003949 _____ () C:\WINDOWS\DtcInstall.log
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-12 14:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-12 14:55 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-12 14:55 - 2013-08-22 06:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-12 14:55 - 2012-07-25 22:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-12 14:54 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-12 14:53 - 2013-08-22 06:36 - 00000000 __RHD () C:\Users\Default
 
==================== Files in the root of some directories =======
 
2015-04-12 15:25 - 2015-04-12 15:25 - 0000078 _____ () C:\Users\George\AppData\Roaming\Bubble Suite.installation.log
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\George\AppData\Roaming\EC
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\George\AppData\Roaming\RHLISEA
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-12 14:53
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by George at 2015-04-13 20:58:23
Running from C:\Users\George\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS USB-AC53 WLAN Card Utilities/Driver (HKLM-x32\...\{242E1F53-6A2F-4173-89CE-8CD5D6A02EEC}) (Version: 2.0.1.7 - ASUS)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Dropbox (HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\{7E7F0CB7-8892-38EB-BF40-0A6A38004630}) (Version: 66.56.118 - Google, Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
SoftwareCaster (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e873f60}) (Version:  - SoftwareCaster) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\WinDirStat) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4289788441-1957571201-3015096575-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-04-2015 15:02:52 Removed Classic Shell
13-04-2015 20:46:00 Installed ASUS USB-AC53 WLAN Card Utilities/Driver
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10A2909A-94FC-4553-8280-8FD7757C5079} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {5A986264-F608-4031-8540-688B80E70D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {5D631C9C-EBE6-4714-B4B1-15EDE585BCDC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {8779DD39-E14C-4D17-A59B-2B86EE35D58A} - System32\Tasks\EC => C:\Users\George\AppData\Roaming\EC.exe <==== ATTENTION
Task: {B4258AA7-448A-4DFF-863C-E05AF37CF033} - System32\Tasks\USBAC53WLANMGR => C:\Program Files (x86)\ASUS\USB-AC53 WLAN Card Utilities\WlanMgr.exe [2013-01-11] (ASUS)
Task: {C3F263FA-4DBB-4733-BEF0-D20B163DDA8B} - System32\Tasks\RHLISEA => C:\Users\George\AppData\Roaming\RHLISEA.exe <==== ATTENTION
Task: {E0B2BA1D-5343-4191-92AE-6B3F825F1A54} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EC.job => C:\Users\George\AppData\Roaming\EC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RHLISEA.job => C:\Users\George\AppData\Roaming\RHLISEA.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-12 13:29 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-04-12 16:55 - 2012-11-14 00:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-04-12 16:55 - 2012-11-14 00:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-04-12 13:28 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-12 13:28 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-12 13:28 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-12 13:28 - 2015-03-30 14:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\George\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4289788441-1957571201-3015096575-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4289788441-1957571201-3015096575-500 - Administrator - Disabled)
George (S-1-5-21-4289788441-1957571201-3015096575-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-4289788441-1957571201-3015096575-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2015 08:47:13 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 08:47:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (04/13/2015 08:00:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 08:00:01 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (04/13/2015 07:51:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/13/2015 07:44:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 07:43:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (04/12/2015 05:40:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/12/2015 05:11:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/12/2015 05:11:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/13/2015 08:56:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2015 08:49:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%2
 
Error: (04/13/2015 08:47:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2015 08:46:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%2
 
Error: (04/13/2015 08:22:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (04/13/2015 07:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%2
 
Error: (04/13/2015 07:40:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:40:04 PM on ‎4/‎12/‎2015 was unexpected.
 
Error: (04/12/2015 05:47:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/12/2015 05:42:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%2
 
Error: (04/12/2015 05:39:43 PM) (Source: DCOM) (EventID: 10010) (User: EREDITH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
 
Microsoft Office Sessions:
=========================
Error: (04/13/2015 08:47:13 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0x80072EE7{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 08:47:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:47:13:420 - https://validation-v...WGA/slwga.asmx)
00020001(0x00000000, 20:47:13:420)
00030001(0x00000000, 20:47:13:420 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 20:47:13:420 - 0)
00040001(0x00000000, 20:47:13:420 - https://validation-v2.sls.microsoft.com)
00040002(0x00000000, 20:47:13:420 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:47:13:420 - 0, 1)
00040006(0x00000001, 20:47:13:420 - 0, https://validation-v...s.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:47:13:420 - 0)
00020008(0x80072EE7, 20:47:13:420 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>1d35971f-f040-4c53-9084-9b99327a8b36</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16384;ServiceVersion=6.3.9600.16384;AvailablePID2s=10005-40010-00024-AA527\2,00261-50000-00000-AA263\3;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:47:13:420 - <NULL>)
00010003(0x80072EE7, 20:47:13:420)
 
Error: (04/13/2015 08:00:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0x80072EE7{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 08:00:01 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:00:01:934 - https://validation-v...WGA/slwga.asmx)
00020001(0x00000000, 20:00:01:934)
00030001(0x00000000, 20:00:01:934 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 20:00:01:934 - 0)
00040001(0x00000000, 20:00:01:934 - https://validation-v2.sls.microsoft.com)
00040002(0x00000000, 20:00:01:934 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:00:01:934 - 0, 1)
00040006(0x00000001, 20:00:01:934 - 0, https://validation-v...s.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:00:01:934 - 0)
00020008(0x80072EE7, 20:00:01:934 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>be5ae95e-de91-42c2-8db4-ad2b3d6f86a0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16384;ServiceVersion=6.3.9600.16384;AvailablePID2s=10005-40010-00024-AA527\2,00261-50000-00000-AA263\3;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:00:01:934 - <NULL>)
00010003(0x80072EE7, 20:00:01:934)
 
Error: (04/13/2015 07:51:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"d:\program files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_output.exe
 
Error: (04/13/2015 07:44:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0x80072EE7{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (04/13/2015 07:43:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 19:43:59:863 - https://validation-v...WGA/slwga.asmx)
00020001(0x00000000, 19:43:59:863)
00030001(0x00000000, 19:43:59:863 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 19:43:59:863 - 0)
00040001(0x00000000, 19:43:59:863 - https://validation-v2.sls.microsoft.com)
00040002(0x00000000, 19:43:59:863 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 19:43:59:863 - 0, 1)
00040006(0x00000001, 19:43:59:863 - 0, https://validation-v...s.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 19:43:59:863 - 0)
00020008(0x80072EE7, 19:43:59:863 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>4c27b7ed-0634-47f1-a169-c6de80de73cf</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16384;ServiceVersion=6.3.9600.16384;AvailablePID2s=10005-40010-00024-AA527\2,00261-50000-00000-AA263\3;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 19:43:59:879 - <NULL>)
00010003(0x80072EE7, 19:43:59:879)
 
Error: (04/12/2015 05:40:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/12/2015 05:11:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/12/2015 05:11:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-13 20:47:54.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:47:54.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:47:53.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:47:53.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:47:53.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:44:14.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:44:14.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:44:14.645
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:44:14.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 20:44:14.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8152.04 MB
Available physical RAM: 5457.45 MB
Total Pagefile: 10072.04 MB
Available Pagefile: 7198.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.9 GB) (Free:30.52 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:891.21 GB) NTFS
Drive e: () (Fixed) (Total:111.45 GB) (Free:111.34 GB) NTFS
Drive f: (ASUS) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00023CBA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7269366D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 55.9 GB) (Disk ID: 70130033)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'm reviewing your logs now.


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, please do the following.

 

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

 

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

 

 

Step#2 - CKScanner
1. Download CKScanner by askey127 from here & save it to your Desktop.
2. Right-click on CKScanner.exe then click Run as Administrator to open. Allow if prompted.
3. Click Search For Files
4. When the cursor hourglass disappears, click Save List To File
5. A message box will verify the file saved
6. Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.


  • 0

#4
th1nker

th1nker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thanks Brian, 

 

Please see below. 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\kmspico 10.0.6\install.zip
c:\program files (x86)\kmspico 10.0.6\installkms.bat
c:\program files (x86)\kmspico 10.0.6\kmspico10.0.9__8173_il158268.exe
c:\windows\prefetch\kmsautoeasy en.exe-bd89baad.pf
c:\windows\prefetch\kmspico 10.0.8.exe-8a0abf82.pf
scanner sequence 3.EM.11.UMNALZ
 ----- EOF ----- 

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi and welcome to G2G. If you refer to our Terms of Use (TOS) that you agreed to when creating an account here it states the following.

 

We will NOT help anyone we suspect of having obtained their software or services illegally.

 

 

I need to abide by these rules as well. It appears you may have a cracked version of Microsoft Windows. Do you know this to be the case?


  • 0

#6
th1nker

th1nker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I bought this computer brand new from Canada Computers (with windows) a few years ago. Only thing I can think of is that I had a problem with it a few months ago and hired somebody on Kijiji to take a look at it. Do you think that they may have taken my authentic version somehow and replaced it?? 


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Anything is possible. Let's get you cleaned up and then we can verify windows authenticity. You may be fine. I just needed to see if you were aware of this. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.9KB   147 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner Log

3. Security Check Log

 

 

 

 

 


  • 0

#8
th1nker

th1nker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

1) 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by George at 2015-04-16 20:09:08 Run:1
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available profiles: George)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Task: {5D631C9C-EBE6-4714-B4B1-15EDE585BCDC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {8779DD39-E14C-4D17-A59B-2B86EE35D58A} - System32\Tasks\EC => C:\Users\George\AppData\Roaming\EC.exe <==== ATTENTION
Task: {C3F263FA-4DBB-4733-BEF0-D20B163DDA8B} - System32\Tasks\RHLISEA => C:\Users\George\AppData\Roaming\RHLISEA.exe <==== ATTENTION
Task: {E0B2BA1D-5343-4191-92AE-6B3F825F1A54} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EC.job => C:\Users\George\AppData\Roaming\EC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RHLISEA.job => C:\Users\George\AppData\Roaming\RHLISEA.exe <==== ATTENTION
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScarletKnife Install Beta 10.0.5.lnk
ShortcutTarget: ScarletKnife Install Beta 10.0.5.lnk -> C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066}\ScarletKnife Install Beta 10.0.5.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24390&r=2015/04/12&hid=6916836094339092537&lg=EN&cc=CA&unqvl=86"
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
C:\Program Files (x86)\globalUpdate
2015-04-12 17:20 - 2015-04-12 17:23 - 00000000 ____D () C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066}
2015-04-12 17:19 - 2015-04-12 17:33 - 00000000 ____D () C:\ProgramData\{1738ca3d-5e34-df62-1738-8ca3d5e328f5}
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\SSalePluuss
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\Share on Tumblr
2015-04-12 17:18 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-12 17:18 - 2015-04-12 17:26 - 00000000 ____D () C:\Program Files (x86)\SegmentAmplifier
2015-04-12 17:18 - 2015-04-12 17:18 - 00000000 ____D () C:\ProgramData\gpimanbojhelbdhedhdnebfdffbeckgj
2015-04-12 17:18 - 2015-04-12 17:18 - 00000000 ____D () C:\ProgramData\16265104164591406528
2015-04-12 17:17 - 2015-04-12 17:33 - 00000000 ____D () C:\ProgramData\{6d6cbec2-9659-dfae-6d6c-cbec2965fb0a}
2015-04-12 15:30 - 2015-04-12 15:30 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-12 15:30 - 2015-04-12 15:30 - 00000000 ____D () C:\ProgramData\ATI
2015-04-12 15:27 - 2015-04-12 17:39 - 00000000 ____D () C:\SUPERDelete
2015-04-12 15:26 - 2015-04-13 20:48 - 00001704 _____ () C:\WINDOWS\Tasks\RHLISEA.job
2015-04-12 15:26 - 2015-04-13 20:48 - 00001350 _____ () C:\WINDOWS\Tasks\EC.job
2015-04-12 15:26 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-12 15:26 - 2015-04-12 17:33 - 00000000 ____D () C:\Program Files (x86)\c9c95e38-2290-42de-ba46-5eb832c1738c
2015-04-12 15:26 - 2015-04-12 15:39 - 00000000 ____D () C:\Users\George\AppData\Roaming\WTools
2015-04-12 15:26 - 2015-04-12 15:26 - 00004710 _____ () C:\WINDOWS\System32\Tasks\RHLISEA
2015-04-12 15:26 - 2015-04-12 15:26 - 00004356 _____ () C:\WINDOWS\System32\Tasks\EC
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\Users\George\AppData\Local\globalUpdate
2015-04-12 15:25 - 2015-04-12 15:25 - 00003460 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-04-12 15:25 - 2015-04-12 15:25 - 00003196 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-04-12 15:25 - 2015-04-12 15:25 - 00000078 _____ () C:\Users\George\AppData\Roaming\Bubble Suite.installation.log
c:\program files (x86)\kmspico 10.0.6
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D631C9C-EBE6-4714-B4B1-15EDE585BCDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D631C9C-EBE6-4714-B4B1-15EDE585BCDC}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8779DD39-E14C-4D17-A59B-2B86EE35D58A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8779DD39-E14C-4D17-A59B-2B86EE35D58A}" => Key deleted successfully.
C:\Windows\System32\Tasks\EC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3F263FA-4DBB-4733-BEF0-D20B163DDA8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F263FA-4DBB-4733-BEF0-D20B163DDA8B}" => Key deleted successfully.
C:\Windows\System32\Tasks\RHLISEA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RHLISEA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0B2BA1D-5343-4191-92AE-6B3F825F1A54}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0B2BA1D-5343-4191-92AE-6B3F825F1A54}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
C:\WINDOWS\Tasks\EC.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\RHLISEA.job => Moved successfully.
C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScarletKnife Install Beta 10.0.5.lnk => Moved successfully.
C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066}\ScarletKnife Install Beta 10.0.5.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\ProgramData\{23f92019-b8e9-eda7-23f9-92019b8e8066} => Moved successfully.
C:\ProgramData\{1738ca3d-5e34-df62-1738-8ca3d5e328f5} => Moved successfully.
C:\Program Files (x86)\SSalePluuss => Moved successfully.
C:\Program Files (x86)\Share on Tumblr => Moved successfully.
C:\Program Files (x86)\bestadblocker => Moved successfully.
C:\Program Files (x86)\SegmentAmplifier => Moved successfully.
C:\ProgramData\gpimanbojhelbdhedhdnebfdffbeckgj => Moved successfully.
C:\ProgramData\16265104164591406528 => Moved successfully.
C:\ProgramData\{6d6cbec2-9659-dfae-6d6c-cbec2965fb0a} => Moved successfully.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\ProgramData\ATI => Moved successfully.
C:\SUPERDelete => Moved successfully.
"C:\WINDOWS\Tasks\RHLISEA.job" => File/Directory not found.
"C:\WINDOWS\Tasks\EC.job" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
C:\Program Files (x86)\c9c95e38-2290-42de-ba46-5eb832c1738c => Moved successfully.
C:\Users\George\AppData\Roaming\WTools => Moved successfully.
"C:\WINDOWS\System32\Tasks\RHLISEA" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\EC" => File/Directory not found.
C:\Users\George\AppData\Local\globalUpdate => Moved successfully.
"C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\ProPCCleaner_Start" => File/Directory not found.
C:\Users\George\AppData\Roaming\Bubble Suite.installation.log => Moved successfully.
c:\program files (x86)\kmspico 10.0.6 => Moved successfully.
 
=========  wevtutil cl application =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl system =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl security =========
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 156.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:09:20 ====

 

2) 

 

# AdwCleaner v4.201 - Logfile created 16/04/2015 at 20:25:02
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : George - EREDITH
# Running from : C:\Users\George\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\George\AppData\Roaming\pdfforge
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\0e0bf8d9-ac82-4aa5-9ac2-444813370c92
Key Deleted : HKLM\SOFTWARE\188bfe6b-19c2-677c-8174-8a49b356efb1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e873f60}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{999A70CB-7657-4A48-A92A-BE29FF9D5443}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11555167001799148&ctid=CT3291326&UM=2
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://www.usenet-crawler.com/search?val={searchTerms}&index=3
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24390&r=2015/04/12&hid=6916836094339092537&lg=EN&cc=CA&unqvl=86
 
*************************
 
AdwCleaner[R0].txt - [4467 bytes] - [16/04/2015 20:23:00]
AdwCleaner[R1].txt - [5428 bytes] - [16/04/2015 20:24:34]
AdwCleaner[S0].txt - [5210 bytes] - [16/04/2015 20:25:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5269  bytes] ##########
 
3) 
 

 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 40  
  Adobe Flash Player 11.1.102.55 Flash Player out of Date!
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

 


  • 0

#9
th1nker

th1nker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thanks for the help! Sorry for the delay. I posted the logs above =)


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following.

 

Step#1 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#2 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

Step#4 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. Junkware Log

2. Malwarebytes log
3. Fresh FRST and Addition logs

 


  • 0

#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: ssalepluuss, ads, superantispyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP